Edit tour

Windows Analysis Report
http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700

Overview

General Information

Sample URL:	http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700
Analysis ID:	763918
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Contains functionality to infect the boot sector

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

Drops files with a non-matching file extension (content does not match file extension)

AV process strings found (often used to terminate AV products)

Extensive use of GetProcAddress (often used to hide API calls)

Drops PE files

Found evasive API chain checking for process token information

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains capabilities to detect virtual machines

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries disk information (often used to detect virtual machines)

Contains functionality to query network adapater information

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 4388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1792,i,10598242960263132774,10547462125382206053,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

7zG.exe (PID: 5340 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\" -an -ai#7zMap23795:90:7zEvent23411 MD5: 04FB3AE7F05C8BC333125972BA907398)

MiniNews.exe (PID: 3924 cmdline: "C:\Users\user\Downloads\Utils\MiniNews.exe" MD5: 5F855B18F8B30ACAF2E9764E99FEA3A3)

MiniNews.exe (PID: 5696 cmdline: "C:\Users\user\Downloads\Utils\MiniNews.exe" MD5: 5F855B18F8B30ACAF2E9764E99FEA3A3)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E

Source: unknown

DNS traffic detected: queries for: api.pdfxd.com

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E3DEDB0 InternetQueryOptionW,InternetSetOptionW,CreateFileW,GetLastError,HttpQueryInfoA,HttpQueryInfoA,HttpQueryInfoA,_memset,HttpQueryInfoA,HttpQueryInfoA,HttpQueryInfoA,GetTickCount,WaitForSingleObject,InternetReadFileExA,WriteFile,GetLastError,GetLastError,CloseHandle,InternetCloseHandle,GetLastError,SetEvent,GetTickCount,WaitForSingleObject,GetTickCount,InternetCloseHandle,InternetSetStatusCallbackA,InternetCloseHandle,CloseHandle,CloseHandle,

14_2_6E3DEDB0

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJKhywEIi6vMAQj7u8wBCPq8zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJKhywEIi6vMAQj7u8wBCPq8zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fcdn-file-ssl-pc.ludashi.com%2Fpc%2Fpdf%2Fmini_20190902.7z&oit=3&cp=58&gs_rn=42&psi=WcOZ_6yD2WdHCjET&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJKhywEIi6vMAQj7u8wBCPq8zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiSocsBCIurzAEI+7vMAQj6vMwBCJjRzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
Source: global traffic	HTTP traffic detected: GET /pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700 HTTP/1.1Host: api.pdfxd.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700 HTTP/1.1Host: api.pdfxd.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: api.pdfxd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pc/pdf/mini_20190902.7z HTTP/1.1Host: cdn-file-ssl-pc.ludashi.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage&action=manually&ex_ary[ex3]=noset&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage&action=run&ex_ary[ex3]=noset&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=1.5019.1030.826&type=minipage&action=screen_resolution_change&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /n/mini?pid=&appver=2.0.0.1010&modver=1.5019.1030.826&from=xundu&iever=ie11&os=win10&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&manual=1&showpro=&awake=0&screentype=0&screesize=1280_1024&atr=1&source=&instdate=&atdate=&m_ver=3.0.0.1085 HTTP/1.1Accept: /User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)Host: media.ludashi.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage_skin&action=request&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage&action=manually&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /s?type=1&of=4&newf=2&showids=Kf4chm&mid=0ee28fbdc66209b6fd4684a055d0db85&uid=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&ref=%77%77%77%2e%6c%75%64%61%73%68%69%2e%63%6f%6d&ua=%4c%75%44%61%53%68%69%2f%33%2e%30%2e%30%2e%31%30%38%35%20%28%57%69%6e%64%6f%77%73%29 HTTP/1.1Accept: /User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)Host: show.g.mediav.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage_skin&action=parse_360skin_cfg_succ&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage_skin&action=parse_360skin_cfg_succ&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F1E27	14_2_6E3F1E27
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3E4E80	14_2_6E3E4E80
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3E5EF4	14_2_6E3E5EF4
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F8FC0	14_2_6E3F8FC0
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F9420	14_2_6E3F9420
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F8C90	14_2_6E3F8C90
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F2A63	14_2_6E3F2A63
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3D1A60	14_2_6E3D1A60
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F3A51	14_2_6E3F3A51
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3D9A80	14_2_6E3D9A80
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F236B	14_2_6E3F236B
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3D1BB0	14_2_6E3D1BB0
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3D1050	14_2_6E3D1050
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3DB890	14_2_6E3DB890
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3D3880	14_2_6E3D3880
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F18E3	14_2_6E3F18E3
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F58D0	14_2_6E3F58D0
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3D1148	14_2_6E3D1148
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3F6182	14_2_6E3F6182
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E4EEF30	14_2_6E4EEF30
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E506E70	14_2_6E506E70
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E528FF0	14_2_6E528FF0
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E4F0DC0	14_2_6E4F0DC0
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E522880	14_2_6E522880
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E518671	14_2_6E518671
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E50E420	14_2_6E50E420
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E508500	14_2_6E508500
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E5183B6	14_2_6E5183B6
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E508040	14_2_6E508040
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E5180EF	14_2_6E5180EF
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E51C128	14_2_6E51C128
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E517E45	14_2_6E517E45
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E51BEF9	14_2_6E51BEF9

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: String function: 6E5148A6 appears 37 times
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: String function: 6E4ECAF0 appears 55 times
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: String function: 6E3D7C70 appears 50 times
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: String function: 6E3E55C4 appears 37 times
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: String function: 6E4E9B10 appears 31 times

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E512290: CreateFileW,DeviceIoControl,CloseHandle,InterlockedCompareExchange,CloseHandle,

14_2_6E512290

Source: MiniNews.exe.13.dr

Static PE information: Resource name: RES_ZIP type: Zip archive data, at least v2.0 to extract, compression method=store

Source: C:\Program Files\7-Zip\7zG.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1792,i,10598242960263132774,10547462125382206053,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\" -an -ai#7zMap23795:90:7zEvent23411
Source: unknown	Process created: C:\Users\user\Downloads\Utils\MiniNews.exe "C:\Users\user\Downloads\Utils\MiniNews.exe"
Source: unknown	Process created: C:\Users\user\Downloads\Utils\MiniNews.exe "C:\Users\user\Downloads\Utils\MiniNews.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1792,i,10598242960263132774,10547462125382206053,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\7-Zip\7zG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E502A00 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,GetShellWindow,GetWindowThreadProcessId,OpenProcess,OpenProcessToken,GetTokenInformation,DuplicateTokenEx,CloseHandle,CloseHandle,

14_2_6E502A00

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\971c3db5-228d-4e34-ad97-a62124199b4b.tmp

Jump to behavior

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

File created: C:\Users\user\AppData\Local\Temp\{F3FCDC60-415D-413c-8D13-838A625F6F57}.tmp

Jump to behavior

Source: classification engine

Classification label: mal48.evad.win@37/151@13/14

Source: 7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr, LDSBasic.dll.13.dr, Basic.tpi.13.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, LDSBasic.dll.13.dr, Basic.tpi.13.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, LDSBasic.dll.13.dr, Basic.tpi.13.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, LDSBasic.dll.13.dr, Basic.tpi.13.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr	Binary or memory string: SELECT * FROM cookies;
Source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, LDSBasic.dll.13.dr, Basic.tpi.13.dr	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, LDSBasic.dll.13.dr, Basic.tpi.13.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, LDSBasic.dll.13.dr, Basic.tpi.13.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E4FC8B0 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,GetCurrentProcessId,Process32NextW,CloseHandle,FindWindowW,IsWindow,EnterCriticalSection,LeaveCriticalSection,

14_2_6E4FC8B0

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 5696
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 3924
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Mutant created: \Sessions\1\BaseNamedObjects\Q360ComputerzMiniNewsMutextNameMasterPdf

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E3D4D40 LoadResource,LockResource,SizeofResource,

14_2_6E3D4D40

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source:	Binary string: C:\vmagent_new\bin\joblist\356471\out\Release\LdsIeView.pdb source: 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\vmagent_new\bin\joblist\356471\out\Release\LdsWebView.pdb; source: 7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, LdsWebView.dll.13.dr
Source:	Binary string: C:\vmagent_new\bin\joblist\278377\out\Release\PopMgr.pdb$p source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, PopMgr.tpi.13.dr
Source:	Binary string: C:\vmagent_new\bin\joblist\347776\out\Release\MiniNews.pdb source: 7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr
Source:	Binary string: C:\vmagent_new\bin\joblist\278377\out\Release\PopMgrStub.pdb source: 7zG.exe, 0000000D.00000003.1816431295.0000028C79215000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2377952920.000000006E687000.00000002.00000001.01000000.0000000E.sdmp, PopMgrStub.dll.13.dr
Source:	Binary string: D:\build\lib_common\basic\Release\Basic.pdb source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, Basic.tpi.13.dr
Source:	Binary string: C:\vmagent_new\bin\joblist\356471\out\Release\LdsWebView.pdb source: 7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, LdsWebView.dll.13.dr
Source:	Binary string: d:\build\360cloud_build\360NetUL_base1031\bin\360NetUL.pdb source: 7zG.exe, 0000000D.00000003.1816431295.0000028C79215000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2189831952.0000000002EE3000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2246706121.0000000003D01000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmp, 360NetUL.dll.13.dr
Source:	Binary string: c:\code\android\donut\development\host\windows\usb\winusb\objfre_wxp_x86\i386\AdbWinUsbApi.pdb source: 7zG.exe, 0000000D.00000003.1816431295.0000028C79215000.00000004.00000800.00020000.00000000.sdmp, MasterPDF.exe.13.dr
Source:	Binary string: C:\vmagent_new\bin\joblist\278377\out\Release\PopMgrStub.pdb source: 7zG.exe, 0000000D.00000003.1816431295.0000028C79215000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2377952920.000000006E687000.00000002.00000001.01000000.0000000E.sdmp, PopMgrStub.dll.13.dr
Source:	Binary string: C:\vmagent_new\bin\joblist\278377\out\Release\PopMgr.pdb source: 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, PopMgr.tpi.13.dr
Source:	Binary string: C:\vmagent_new\bin\joblist\342920\out\Release\Basic.pdb source: 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, LDSBasic.dll.13.dr
Source:	Binary string: E:\build\360BaseNew\360Base\Release\360Base.pdb source: 7zG.exe, 0000000D.00000003.1816096554.0000028C791DF000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2381037827.000000006E781000.00000002.00000001.01000000.0000000C.sdmp, 360Base.dll.13.dr
Source:	Binary string: C:\vmagent_new\bin\joblist\376264\out\Release\DisPatchMini.pdb source: 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmp, DisPatchMini.dll.13.dr

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3E5609 push ecx; ret	14_2_6E3E561C
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 15_2_0377CDFC push esp; iretd	15_2_0377CEBD
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 15_2_0377CDD3 pushfd ; iretd	15_2_0377CDF1
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 15_2_0377CCDC pushfd ; iretd	15_2_0377CDF1
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 15_2_0377CCDC push esp; iretd	15_2_0377CEBD

Source: LdsWebView.dll.13.dr	Static PE information: section name: .shared
Source: LdsWebView.dll.13.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E3EFF15 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,

14_2_6E3EFF15

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: CreateFileW,DeviceIoControl,CloseHandle,InterlockedCompareExchange,CloseHandle, \\.\PhysicalDrive%d	14_2_6E512290
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	14_2_6E513D60
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d	14_2_6E513660

Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\plugin\Basic.tpi			Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\plugin\PopMgr.tpi			Jump to dropped file

Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\Utils\MiniNews.exe	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\plugin\PopMgrStub.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\Utils\ie\LdsIeView.exe	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\Utils\LDSBasic.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\360Base.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\360NetUL.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\plugin\Basic.tpi	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\plugin\PopMgr.tpi	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\Utils\LdsWebView.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\Utils\DisPatchMini.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\MasterPDF.exe	Jump to dropped file

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E4ED8F0 FindResourceExW,FindResourceW,GetPrivateProfileStringW,

14_2_6E4ED8F0

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: CreateFileW,DeviceIoControl,CloseHandle,InterlockedCompareExchange,CloseHandle, \\.\PhysicalDrive%d	14_2_6E512290
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	14_2_6E513D60
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d	14_2_6E513660

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E506E70 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

14_2_6E506E70

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes			Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: DisPatchMini.dll.13.dr	Binary or memory string: POPMGRSTUB.DLLPLUGIN\POPMGRSTUB.DLLTRAYSUBCENTER_GROUP1EVERYTHING.EXEEVERYTHINGDEBARB_DEVSPY.EXESPY++.EXESPYXXPROCESSPACKETSPYXX_AMD64.EXEPROCEXP.EXEPROCEXPLPROCEXP64.EXEFIDDLER.EXEWINDOWSFORMS10.WINDOW.8.APP.0.141B42A_R12_AD1SMSNIFF.EXEMINISNIFFER.EXEWIRESHARK.EXEWINDBG.EXEOLLYDBG.EXEIDAG.EXEIDAQ.EXEIDAQ64.EXE>T1R4X
Source: MiniNews.exe, MiniNews.exe, 0000000F.00000002.2267187317.0000000000A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: IDAG.EXE
Source: MiniNews.exe, 0000000E.00000002.2352715994.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WINDBG.EXE\ROAM
Source: MiniNews.exe, MiniNews.exe, 0000000F.00000002.2267187317.0000000000A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXE
Source: MiniNews.exe, 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: ONPOPMGRSTUB.DLLPLUGIN\POPMGRSTUB.DLLTRAYSUBCENTER_GROUP1EVERYTHING.EXEEVERYTHINGDEBARB_DEVSPY.EXESPY++.EXESPYXXPROCESSPACKETSPYXX_AMD64.EXEPROCEXP.EXEPROCEXPLPROCEXP64.EXEFIDDLER.EXEWINDOWSFORMS10.WINDOW.8.APP.0.141B42A_R12_AD1SMSNIFF.EXEMINISNIFFER.EXEWIRESHARK.EXEWINDBG.EXEOLLYDBG.EXEIDAG.EXEIDAQ.EXEIDAQ64.EXE>T1R4X
Source: MiniNews.exe, 0000000F.00000002.2267187317.0000000000A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WINDBG.EXEU
Source: MiniNews.exe, 0000000E.00000002.2341776175.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: IDAG.EXEATA\LOC
Source: MiniNews.exe, 0000000E.00000002.2341776175.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXEE=C:
Source: MiniNews.exe, MiniNews.exe, 0000000E.00000002.2341776175.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WINDBG.EXE
Source: MiniNews.exe.13.dr	Binary or memory string: H*0EVERYTHING.EXEEVERYTHINGDEBARB_DEVSPY.EXESPY++.EXESPYXXPROCESSPACKETSPYXX_AMD64.EXEPROCEXP.EXEPROCEXPLPROCEXP64.EXEFIDDLER.EXEWINDOWSFORMS10.WINDOW.8.APP.0.141B42A_R12_AD1SMSNIFF.EXEMINISNIFFER.EXEWIRESHARK.EXEWINDBG.EXEOLLYDBG.EXEIDAG.EXEIDAQ.EXEIDAQ64.EXE>T1R4X
Source: MiniNews.exe, 0000000E.00000002.2341776175.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MINISNIFFER.EXE3
Source: MiniNews.exe, MiniNews.exe, 0000000E.00000002.2352715994.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: MINISNIFFER.EXE
Source: MiniNews.exe, 0000000E.00000002.2352715994.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXEOWI
Source: MiniNews.exe, 0000000F.00000002.2267187317.0000000000A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE6
Source: MiniNews.exe, 0000000E.00000002.2352715994.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXENUML
Source: MiniNews.exe, 0000000F.00000002.2267187317.0000000000A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MINISNIFFER.EXE9
Source: MiniNews.exe, MiniNews.exe, 0000000F.00000002.2267187317.0000000000A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: IDAQ.EXE
Source: MiniNews.exe, 0000000E.00000002.2352715994.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: IDAG.EXE_STRING
Source: MiniNews.exe, MiniNews.exe, 0000000E.00000002.2341776175.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE
Source: MiniNews.exe, 0000000E.00000002.2352715994.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: IDAQ.EXEMON FIL
Source: MiniNews.exe, 0000000E.00000002.2341776175.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: IDAQ.EXEPROGRAM

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E4FC8B0 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,GetCurrentProcessId,Process32NextW,CloseHandle,FindWindowW,IsWindow,EnterCriticalSection,LeaveCriticalSection,

14_2_6E4FC8B0

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

graph_14-40218

Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Downloads\Utils\ie\LdsIeView.exe	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Downloads\Utils\LDSBasic.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Downloads\plugin\Basic.tpi	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Downloads\plugin\PopMgr.tpi	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Downloads\Utils\LdsWebView.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	Dropped PE file which has not been started: C:\Users\user\Downloads\MasterPDF.exe	Jump to dropped file

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_14-39881

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0001 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0010 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0011 name: DriverDesc	Jump to behavior

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: InternetGetConnectedState,GetAdaptersInfo,GetAdaptersInfo,InterlockedDecrement,		14_2_6E515F00
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: GetProcessHeap,HeapAlloc,HeapAlloc,GetAdaptersInfo,GetProcessHeap,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,MultiByteToWideChar,MultiByteToWideChar,StrStrIA,StrStrIA,GetProcessHeap,HeapFree,		14_2_6E5108D0

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E534898 FindFirstFileExA,

14_2_6E534898

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

API call chain: ExitProcess graph end node

graph_14-41336

Source: MiniNews.exe, 0000000E.00000003.2103990481.0000000002E6E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW\|
Source: MiniNews.exe, 0000000E.00000003.2105090956.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2348768192.0000000000E18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: MiniNews.exe, 0000000E.00000003.2162150193.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2347833139.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2104453896.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, MiniNews.exe, 0000000F.00000002.2268995710.0000000000B39000.00000004.00000020.00020000.00000000.sdmp, MiniNews.exe, 0000000F.00000003.2250843606.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW&
Source: MiniNews.exe, 0000000F.00000003.2249655653.0000000000AD3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E3E3CBF _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

14_2_6E3E3CBF

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E4FC8B0 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,GetCurrentProcessId,Process32NextW,CloseHandle,FindWindowW,IsWindow,EnterCriticalSection,LeaveCriticalSection,

14_2_6E4FC8B0

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

14_2_6E3EFF15

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E3FABD6 GetProcessHeap,

14_2_6E3FABD6

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3E3CBF _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6E3E3CBF
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3ED56D __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_6E3ED56D
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E3E2840 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6E3E2840
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: 14_2_6E51A05F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_6E51A05F

Source: Basic.tpi.13.dr

Binary or memory string: WorkerWSHELLDLL_DefViewSysListView32Program ManagerProgmanGet desktop wnd =

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_close.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_mini.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_setting.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_tab.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_tab2.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_tab_mark.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_tab_mark2.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_load_start.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_add.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_remove.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_menu_bar.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_show_forever.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_show_day.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_show_week.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_menu_checked.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_menu_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_load_refresh.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_load_failed.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_load_crash.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_shortcut_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_shortcut_later.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_shortcut_now.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_nopop_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_report_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_msgbox_close.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_close_white_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_close_ad.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_caption.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_icon.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_tab_icon.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_menu_shortcut.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_menu_splitline.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_mask.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\browser_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_guide_mask.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_guide_mask_mid.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_guide_mask_wide.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_try.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_try.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_try_wide.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_submitting.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_success.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_networkbad.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_edit.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_progress_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_progress_frg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_check.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_retry_submit.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_toast_bkg.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\title_mask.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Queries volume information: C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\900_53_title.png VolumeInformation	Jump to behavior

Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: GetLocaleInfoA,	14_2_6E3F0580
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	14_2_6E536F27
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: GetLocaleInfoW,	14_2_6E530AC6
Source: C:\Users\user\Downloads\Utils\MiniNews.exe	Code function: EnumSystemLocalesW,	14_2_6E53062B

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E514230 cpuid

14_2_6E514230

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E3EEE0F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

14_2_6E3EEE0F

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E53030F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

14_2_6E53030F

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E50F100 GetVersionExW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetCurrentProcess,GetModuleHandleW,GetProcAddress,GetSystemWindowsDirectoryW,PathCombineW,LoadLibraryExW,FindResourceW,SizeofResource,LoadResource,LockResource,FreeResource,FreeLibrary,VerQueryValueW,

14_2_6E50F100

Source: MiniNews.exe, MiniNews.exe, 0000000E.00000002.2341776175.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Wireshark.exe
Source: MiniNews.exe, MiniNews.exe, 0000000F.00000002.2267187317.0000000000A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: procexp.exe
Source: MiniNews.exe, MiniNews.exe, 0000000F.00000002.2267187317.0000000000A57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ollydbg.exe

Source: C:\Users\user\Downloads\Utils\MiniNews.exe

Code function: 14_2_6E4E20C0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,

14_2_6E4E20C0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Native API	1 Bootkit	1 Access Token Manipulation	13 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	2 Process Injection	2 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Access Token Manipulation	Security Account Manager	161 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	2 Process Injection	NTDS	2 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	3 Process Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	2 Obfuscated Files or Information	Cached Domain Credentials	1 Remote System Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Bootkit	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 File and Directory Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	43 System Information Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700	0%	Avira URL Cloud	safe
http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700	1%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\Downloads\360Base.dll	0%	Virustotal	Browse
C:\Users\user\Downloads\360Base.dll	2%	ReversingLabs
C:\Users\user\Downloads\360NetUL.dll	3%	ReversingLabs
C:\Users\user\Downloads\MasterPDF.exe	0%	ReversingLabs
C:\Users\user\Downloads\Utils\DisPatchMini.dll	0%	ReversingLabs
C:\Users\user\Downloads\Utils\LDSBasic.dll	0%	ReversingLabs
C:\Users\user\Downloads\Utils\LdsWebView.dll	3%	ReversingLabs
C:\Users\user\Downloads\Utils\MiniNews.exe	10%	ReversingLabs
C:\Users\user\Downloads\Utils\ie\LdsIeView.exe	2%	ReversingLabs
C:\Users\user\Downloads\plugin\Basic.tpi	0%	ReversingLabs
C:\Users\user\Downloads\plugin\PopMgr.tpi	3%	ReversingLabs
C:\Users\user\Downloads\plugin\PopMgrStub.dll	4%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3.crl0	0%	URL Reputation	safe
http://ocsp.suscerte.gob.ve0	0%	URL Reputation	safe
http://crl.dhimyotis.com/certignarootca.crl0	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0	0%	URL Reputation	safe
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0	0%	URL Reputation	safe
http://crl.ssc.lt/root-c/cacrl.crl0	0%	URL Reputation	safe
http://ca.disig.sk/ca/crl/ca_disig.crl0	0%	URL Reputation	safe
http://www.suscerte.gob.ve/dpc0	0%	URL Reputation	safe
http://www.disig.sk/ca/crl/ca_disig.crl0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?	0%	URL Reputation	safe
http://crl.ssc.lt/root-b/cacrl.crl0	0%	URL Reputation	safe
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G	0%	URL Reputation	safe
https://wwww.certigna.fr/autorites/0m	0%	URL Reputation	safe
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0	0%	URL Reputation	safe
http://www.globaltrust.info0	0%	URL Reputation	safe
http://ac.economia.gob.mx/last.crl0G	0%	URL Reputation	safe
http://ac.economia.gob.mx/last.crl0G	0%	URL Reputation	safe
http://crl.oces.trust2408.com/oces.crl0	0%	URL Reputation	safe
http://crl.oces.trust2408.com/oces.crl0	0%	URL Reputation	safe
http://certs.oaticerts.com/repository/OATICA2.crl	0%	URL Reputation	safe
http://certs.oati.net/repository/OATICA2.crt0	0%	URL Reputation	safe
http://certs.oati.net/repository/OATICA2.crt0	0%	URL Reputation	safe
http://www.accv.es00	0%	URL Reputation	safe
http://web.ncdc.gov.sa/crl/nrcaparta1.crl	0%	URL Reputation	safe
http://www.acabogacia.org0	0%	URL Reputation	safe
http://crl.securetrust.com/SGCA.crl0	0%	URL Reputation	safe
http://www.agesic.gub.uy/acrn/acrn.crl0)	0%	URL Reputation	safe
http://www.rcsc.lt/repository0	0%	URL Reputation	safe
http://www.correo.com.uy/correocert/cps.pdf0	0%	URL Reputation	safe
http://certs.oaticerts.com/repository/OATICA2.crt08	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersignroot.html0	0%	URL Reputation	safe
http://www.oaticerts.com/repository.	0%	URL Reputation	safe
http://www.ancert.com/cps0	0%	URL Reputation	safe
http://ocsp.accv.es0	0%	URL Reputation	safe
http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0	0%	URL Reputation	safe
http://www.echoworx.com/ca/root2/cps.pdf0	0%	URL Reputation	safe
http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03	0%	URL Reputation	safe
http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0	0%	URL Reputation	safe
http://crl.defence.gov.au/pki0	0%	URL Reputation	safe
http://crl.defence.gov.au/pki0	0%	URL Reputation	safe
http://www.agesic.gub.uy/acrn/cps_acrn.pdf0	0%	URL Reputation	safe
http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0	0%	URL Reputation	safe
https://www.catcert.net/verarrel05	0%	URL Reputation	safe
http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0	0%	URL Reputation	safe
http://s3m7.nzwgs.com/galileo/5c9919dedc9dd7031187f2b3e7eaa4c4.png	0%	Avira URL Cloud	safe
http://s3m7.nzwgs.com/galileo/5c9919dedc9dd7031187f2b3e7eaa4c4.png:	0%	Avira URL Cloud	safe
http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
api.pdfxd.com	123.56.161.176	true	false	unknown
max-dr.mdvdns.qihucdn.cn	180.163.247.134	true	false	unknown
accounts.google.com	142.250.186.45	true	false	high
plus.l.google.com	216.58.212.174	true	false	high
s.ludashi.com	47.117.76.201	true	false	high
www.google.com	142.250.186.100	true	false	high
clients.l.google.com	142.250.186.110	true	false	high
www1.ludashi.com	139.129.76.177	true	false	high
s3m7.nzwgs.com.webcdn.360qhcdn.com	101.198.192.7	true	false	unknown
cdn-file-ssl-pc.ludashi.com.m.alikunlun.com	58.216.14.238	true	false	unknown
media.ludashi.com	117.78.49.231	true	false	high
show.g.mediav.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
s3m7.nzwgs.com	unknown	unknown	false	unknown
cdn-file-ssl-pc.ludashi.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://media.ludashi.com/n/mini?pid=&appver=2.0.0.1010&modver=1.5019.1030.826&from=xundu&iever=ie11&os=win10&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&manual=1&showpro=&awake=0&screentype=0&screesize=1280_1024&atr=1&source=&instdate=&atdate=&m_ver=3.0.0.1085	false		high
http://s.ludashi.com/url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage_skin&action=request&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1	false		high
http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700	false	1%, Virustotal, Browse	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
http://show.g.mediav.com/s?type=1&of=4&newf=2&showids=Kf4chm&mid=0ee28fbdc66209b6fd4684a055d0db85&uid=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&ref=%77%77%77%2e%6c%75%64%61%73%68%69%2e%63%6f%6d&ua=%4c%75%44%61%53%68%69%2f%33%2e%30%2e%30%2e%31%30%38%35%20%28%57%69%6e%64%6f%77%73%29	false		high
http://s.ludashi.com/url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=1.5019.1030.826&type=minipage&action=screen_resolution_change&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0	MiniNews.exe, 0000000E.00000003.2213934739.0000000004B3A000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2208172720.0000000004B38000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.certplus.com/CRL/class3.crl0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2215494721.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.suscerte.gob.ve0	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://show.g.mediav.com/s?type=1&of=4&newf=2&showids=Kf4chm&mid=	MiniNews.exe, 0000000E.00000002.2349043223.0000000000E23000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.dhimyotis.com/certignarootca.crl0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2215494721.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.chambersign.org1	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2210791788.0000000004A6B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://repository.swisssign.com/0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2215494721.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://crl.ssc.lt/root-c/cacrl.crl0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ca.disig.sk/ca/crl/ca_disig.crl0	MiniNews.exe, 0000000E.00000003.2208915686.0000000004A4A000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2210529606.0000000004A4A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.suscerte.gob.ve/dpc0	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.disig.sk/ca/crl/ca_disig.crl0	MiniNews.exe, 0000000E.00000003.2208915686.0000000004A4A000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2210529606.0000000004A4A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://pki.registradores.org/normativa/index.htm0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ssxd.mediav.com/s?type=1&r=20&tid=NzM0Zjg5YmY0NzhiZGY5ZTk0OTBhYzQ5NmMyYmQ3NzQ&finfo=DAABCAABA	MiniNews.exe, 0000000E.00000002.2369315666.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://policy.camerfirma.com0	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.anf.es/es/address-direccion.html	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.anf.es/address/)1(0&	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2215494721.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2211077991.00000000049FA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.ssc.lt/root-b/cacrl.crl0	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://cdn-file.ludashi.com/cms/project_21/cfg_center/mod_list.js	MiniNews.exe	false		high
http://www.certicamara.com/dpc/0Z	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2215494721.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.pki.wellsfargo.com/wsprca.crl0	MiniNews.exe, 0000000E.00000003.2217716532.0000000002F05000.00000004.00000800.00020000.00000000.sdmp	false		high
http://media.ludashi.com/n/mini?pid=&appver=2.0.0.1010&modver=1.5019.1030.826&from=xundu&iever=ie11&	MiniNews.exe, 0000000E.00000002.2368138541.0000000004A11000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2354866032.0000000002F11000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www1.ludashi.com/api/minipage.phpH	MiniNews.exe, 0000000E.00000002.2354207875.0000000002EEC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://wwww.certigna.fr/autorites/0m	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.anf.es/AC/ANFServerCA.crl0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2215494721.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www1.ludashi.com/api/minipage.phppi/	MiniNews.exe, 0000000E.00000002.2355004811.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.globaltrust.info0	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://s.ludashi.com/	MiniNews.exe, 0000000E.00000002.2346992167.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.symauth.com/cps0(	7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1807979892.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1834394734.0000028C79B17000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1792815359.0000028C77EC0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, DisPatchMini.dll.13.dr, MiniNews.exe.13.dr, LDSBasic.dll.13.dr, PopMgr.tpi.13.dr, PopMgrStub.dll.13.dr, LdsWebView.dll.13.dr, Basic.tpi.13.dr	false		high
http://ac.economia.gob.mx/last.crl0G	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.symauth.com/rpa00	7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1807979892.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1834394734.0000028C79B17000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1792815359.0000028C77EC0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, DisPatchMini.dll.13.dr, MiniNews.exe.13.dr, LDSBasic.dll.13.dr, PopMgr.tpi.13.dr, PopMgrStub.dll.13.dr, LdsWebView.dll.13.dr, Basic.tpi.13.dr	false		high
http://s.ludashi.com/url4?pid=	MiniNews.exe.13.dr	false		high
http://crl.oces.trust2408.com/oces.crl0	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
https://eca.hinet.net/repository0	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://certs.oaticerts.com/repository/OATICA2.crl	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://certs.oati.net/repository/OATICA2.crt0	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.accv.es00	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://s.ludashi.com/s	MiniNews.exe, 0000000E.00000002.2346992167.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.360.cn	MiniNews.exe, 0000000E.00000002.2359364044.0000000003872000.00000004.00000800.00020000.00000000.sdmp, DisPatchMini.dll.13.dr, MasterPDF.exe.13.dr, MiniNews.exe.13.dr, 360NetUL.dll.13.dr, LDSBasic.dll.13.dr, PopMgr.tpi.13.dr, PopMgrStub.dll.13.dr, 360Base.dll.13.dr, LdsWebView.dll.13.dr, Basic.tpi.13.dr	false		high
http://max-l.mediav.com/rtb?type=3&v=CGQSEDE2YzRhYzRjYWRjOWQxYzIYq7uJASD4pkYoAUACSKEZYhcxOTIzODM0NTA	MiniNews.exe, 0000000E.00000002.2370099807.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2369315666.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www1.ludashi.com/api/minipage.phpll	MiniNews.exe, 0000000E.00000002.2354207875.0000000002EEC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://s.ludashi.com/url2?pid=	MiniNews.exe.13.dr	false		high
http://web.ncdc.gov.sa/crl/nrcaparta1.crl	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.datev.de/zertifikat-policy-int0	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://cdn-file.ludashi.com/cms/project_40/cfg_center/mod_list.js	MiniNews.exe	false		high
http://www.acabogacia.org0	MiniNews.exe, 0000000E.00000003.2214192272.0000000004A11000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.firmaprofesional.com/cps0	MiniNews.exe, 0000000E.00000002.2368002059.00000000049F0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2211226738.00000000049F4000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2217376978.00000000049F7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.securetrust.com/SGCA.crl0	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.agesic.gub.uy/acrn/acrn.crl0)	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://dl.ludashi.com/ludashi/ludashisetup.exeChengdu	7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr	false		high
http://www.openssl.org/support/faq.html	7zG.exe, 0000000D.00000003.1816096554.0000028C791DF000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2381037827.000000006E781000.00000002.00000001.01000000.0000000C.sdmp, 360Base.dll.13.dr	false		high
http://www.rcsc.lt/repository0	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://s3m7.nzwgs.com/galileo/5c9919dedc9dd7031187f2b3e7eaa4c4.png	MiniNews.exe, 0000000E.00000002.2368732115.0000000004A7C000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2346992167.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000002.2349225911.0000000000E27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://web.certicamara.com/marco-legal0Z	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	7zG.exe, 0000000D.00000003.1789779811.0000028C77BB0000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 0000000D.00000003.1818653292.0000028C793AF000.00000004.00000800.00020000.00000000.sdmp, DisPatchMini.dll.13.dr, Basic.tpi.13.dr	false		high
http://www1.ludashi.com/api/minipage.phpt	MiniNews.exe, 0000000E.00000002.2354207875.0000000002EEC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.quovadisglobal.com/cps0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.correo.com.uy/correocert/cps.pdf0	MiniNews.exe, 0000000E.00000003.2213934739.0000000004B3A000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2208172720.0000000004B38000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://s.ludashi.com/url3?pid=	MiniNews.exe.13.dr, Basic.tpi.13.dr	false		high
http://certs.oaticerts.com/repository/OATICA2.crt08	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://s3m7.nzwgs.com/galileo/5c9919dedc9dd7031187f2b3e7eaa4c4.png:	MiniNews.exe, 0000000E.00000002.2346992167.0000000000DCD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cps.chambersign.org/cps/chambersignroot.html0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2210791788.0000000004A6B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://show.g.mediav.com/s?type=1&of=4&newf=2&showids=	7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr	false		high
http://www.anf.es/AC/RC/ocsp0c	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2215494721.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.oaticerts.com/repository.	MiniNews.exe, 0000000E.00000003.2208244089.0000000004A2A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ancert.com/cps0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://l3.public.ludashi.com/pc/feedback/cheat	7zG.exe, 0000000D.00000003.1829396154.0000028C797B0000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000000.2055978965.0000000000260000.00000002.00000001.01000000.0000000A.sdmp, MiniNews.exe.13.dr	false		high
http://ocsp.accv.es0	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0	MiniNews.exe, 0000000E.00000003.2211077991.00000000049FA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.echoworx.com/ca/root2/cps.pdf0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2215494721.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://rca.e-szigno.hu/ocsp0-	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www1.ludashi.com/api/minipage.phpxe(	MiniNews.exe, 0000000E.00000002.2354573894.0000000002EFD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://eca.hinet.net/repository/CRL2/CA.crl0	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.datev.de/zertifikat-policy-std0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2211077991.00000000049FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://cdn-file.ludashi.com/cms/project_16/cfg_center/mod_list.js	MiniNews.exe	false		high
http://intf-pc.ludashi.com/cfg/coupon_detail.php	MiniNews.exe	false		high
http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www1.ludashi.com/api/minipage.phpxe	MiniNews.exe, 0000000E.00000002.2354207875.0000000002EEC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.defence.gov.au/pki0	MiniNews.exe, 0000000E.00000003.2211077991.00000000049FA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.agesic.gub.uy/acrn/cps_acrn.pdf0	MiniNews.exe, 0000000E.00000003.2209858472.0000000004A13000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.catcert.net/verarrel05	MiniNews.exe, 0000000E.00000003.2209067902.0000000004A57000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0	MiniNews.exe, 0000000E.00000003.2210830774.0000000004A04000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://intf-pc.ludashi.com/cfg/xiaolu_detail.php	MiniNews.exe	false		high
http://www.pki.gva.es/cps0%	MiniNews.exe, 0000000E.00000003.2211077991.00000000049FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.cert.fnmt.es/dpcs/0	MiniNews.exe, 0000000E.00000003.2217716532.0000000002F05000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2211501552.00000000049F2000.00000004.00000800.00020000.00000000.sdmp, MiniNews.exe, 0000000E.00000003.2217196525.00000000049F3000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.45	accounts.google.com	United States	15169	GOOGLEUS	false
139.129.76.177	www1.ludashi.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
47.117.70.170	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
117.78.49.231	media.ludashi.com	China	55990	HWCSNETHuaweiCloudServicedatacenterCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
47.117.76.201	s.ludashi.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
180.163.247.134	max-dr.mdvdns.qihucdn.cn	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
142.250.186.110	clients.l.google.com	United States	15169	GOOGLEUS	false
216.58.212.174	plus.l.google.com	United States	15169	GOOGLEUS	false
123.56.161.176	api.pdfxd.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
58.216.14.238	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com	China	23650	CHINANET-JS-AS-APASNumberforCHINANETjiangsuprovinceba	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	763918
Start date and time:	2022-12-09 05:33:44 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.evad.win@37/151@13/14
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 4.6% (good quality ratio 4.5%) Quality average: 76.9% Quality standard deviation: 23.8%
HCA Information:	Successful, ratio: 99% Number of executed functions: 74 Number of non-executed functions: 160

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, rundll32.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe, WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 34.104.35.123, 8.241.121.254, 8.248.139.254, 8.248.137.254, 8.253.204.121, 8.248.143.254, 142.250.185.67, 142.250.186.67, 93.184.221.240
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, edgedl.me.gvt1.com, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, www.gstatic.com
Execution Graph export aborted for target MiniNews.exe, PID 5696 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:35:53	API Interceptor	1x Sleep call for process: MiniNews.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 62932 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	62932
Entropy (8bit):	7.9958071285043335
Encrypted:	true
SSDEEP:	1536:pvl2gmukMiArbge/oKIxf+Q9yNJLaRCfIElhUuDz:pvl2gmZhpehIxfJsJLawfIElhUu3
MD5:	FC4666CBCA561E864E7FDF883A9E6661
SHA1:	2F8D6094C7A34BF12EA0BBF0D51EE9C5BB7939A5
SHA-256:	10F3DEB6C452D749A7451B5D065F4C0449737E5EE8A44F4D15844B503141E65B
SHA-512:	C71F54B571E01F247F072BE4BBEBDF5D8410B67EB79A61E7E0D9853FE857AB9BD12F53E6AF3394B935560178107291FC4BE351B27DEB388EBA90BA949633D57D
Malicious:	false
Reputation:	low
Preview:	MSCF............,...................I.................oU.s .authroot.stl......5..CK..8U[...q.yL;sf!d.D..."2."C...2....RRRHnT...\...!2.)QQ2..nN.\7.....lgYk;.^.....}..h4.....Kc.cG.q.tY..Drg<..G.D....c.qnx..G.......r.8.....w...;.Q6..o.xf:f..:NL[.`..]I.@ ,W..J..Qf.z9.<.../.D.p:0R...#..I,.%.+."...B.n)...[Y=.,0...R.#..G5..2..]........$p..3.M.O...._L.......g.....?=.J..!...G~.#.J:.Wj.........9(:..g.8,.o.b...3..C..t.7L=..+~%pc...%..b(.q.......F.'...@~P .6CA.(d.Z~..6....=.).9......A........p...Gy....7U.L....S...^.R.T.p...R..:.hr./..8...a&p.l(....g.3a)...[.M..v.......g,.U..l.F..._kJv.4.rG.{.K.6.X.rz.8.r..&..G.j..p".z...L...EUX.......;...Y.................j}..FrT.,J3.d?T.T}Q..hn.?.4F...~K...........'...c...X,.v..yk..0._.j\|.(.q4k1....^b..6...z..\9'}.%....S.[..D.k....J.../D$.#..O.o~%S.9u....\|61.........~....Q+.w.e....7}..:.....^.p.mKm._9v......'.3T..bY3..9a..p.'1..Lx.O.g..J5w+.r..K.R.P.....E0bf*r...c..;...`.j...i.;y.C..#\|L.e.(.....w.X'...z../.-...c.......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1870739936168397
Encrypted:	false
SSDEEP:	6:kKP2NMqz7ksN+SkQlPlEGYRMY9z+4KlDA3RUe+OGNglcy:XxkPlE99SNxAhUefblcy
MD5:	2785597FEE8E01EB4A0E8DCCF9B3CF8E
SHA1:	3CFFD42C960793FF32AE2F6D44ABD8337BF46752
SHA-256:	83A824EF15A6B548BDC93F77E1AF9C1AE9A24686E69BCCA4A6B69E96CA71A625
SHA-512:	683D2017AE9F062278B13E795C0FBF8461C4CC0022E3C5CEF051BFAEB429CE5E9FEB342B1AB8627F7BDDE83BE7D659024BF22ED5DBF22916D4C2601FF3309CF6
Malicious:	false
Reputation:	low
Preview:	p...... ...............(....................................................... .........g.%.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.a.1.6.7.1.3.2.5.4.d.9.1.:.0."...

C:\Users\user\AppData\Local\Temp\{F3FCDC60-415D-413c-8D13-838A625F6F57}.tmp

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1082429
Entropy (8bit):	7.991618463932167
Encrypted:	true
SSDEEP:	24576:M1K30qaLaa2KSINSisw1GzCLdLWWtpzKYk4mCOEEl4f7Lo/lgUp2iT9Uyu:M1eZTBKHN/95LFPzKi8GzLIlgRixUx
MD5:	64AEBD4A24E5D092A8D892C1F6E62F93
SHA1:	E0DCC5F13B7D0054C9CED212B3A85228D33E1CC7
SHA-256:	2C2281BC04617AD3A26283C7F65A7EFD2B7C095A03F3508E9ED176DEDB92EF7E
SHA-512:	437A88FFC4DBCA146A095828077B54B9B0E06EAC953F9B77EF777466D204EA6F56429080BD8531FD18DFE697B01D2149B8C96225A18E8E0F6BF786A3F68FC63F
Malicious:	false
Reputation:	low
Preview:	PK........k.vM................MininewsRes/PK........j.vM................MininewsRes/360Desktop/PK...........M.a..4...4..&...MininewsRes/360Desktop/awake_title.png%Vw0..v....^O...sz?].h.G....{...(Q..$Q...)...!..............F..+@DDD...aJD.._..%./.JM........5.X.CU..(..(....On..I.}!Kv...N..7.3..8pF.....o...tg..q......m..,q...$.]..\...jq..o..H.. .....T~...#I..%g..]./.....I.....R.Fa...l.G".K.....XcD.IW ..m.F......._.L.._D.....kfL....6.T..K..X..O.1SL"K....?o.&...)...).<.,q....~.F..X../...\|.....eog[.f+1E.1...&Ks.i.e=.m.aJ..2.-..Iud..g..3...&u.&%2$.&.T.&.3'..t\.cP,1h..=x:.1.8.X..Y.E.G..1.G.....b.U.LT..Rc...E...<fN,.ODIWx1.r..?...$. ..ScM..(.O%.<E.w..~.`.....Q..%b...4Iq.....u..n..8.}..\X.._....X.&..}.?.v..WB.].kH.#X.!9v.#.t.x.:vH ..&&V.T.'E.a.....>..N!k.n.K2^...\|E....)N.:..y..u.t......e.<.>h..]".W..G..ja.D."....n........d..J..kVC...y..K.o.H..ym..+..M.4sh.H...`.>..N...:.......!}.......;.;o....).b..O..e%..MZ/.G...u...k.....Y.W...g... ...5 ...f..g.<.y.5p*

C:\Users\user\AppData\Roaming\lds\lds.set

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	27
Entropy (8bit):	3.7504647066537005
Encrypted:	false
SSDEEP:	3:Mqy1KESdWy:U8ESd3
MD5:	97A60B2E85F791D0C770B9B8ECE26488
SHA1:	90754585AC4FE9B323C0C7E8DC5477CBE0A95D32
SHA-256:	C88960845C35F2504BAE84C206E151CF1C55C689E22AC0057AA43D1EE9D3EE56
SHA-512:	E972DDE1A7CA27EC14595FA6F8ACBE94BB9D01B43C85D34D14A8353CAECB1909A6F7E5717B4B27CBB2312DF22571336B5B405E02AC482DB691FFB17E7C2C3C93
Malicious:	false
Reputation:	low
Preview:	[statistic]..stat_rand=83..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\awake_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 522 x 126, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	13472
Entropy (8bit):	7.932624842311127
Encrypted:	false
SSDEEP:	384:/nU+LdS4o9Ks3jXeBciU93PTbyYqu5Ler3:/U+LdSxj3j+csqLW3
MD5:	7F56B595287EDB5E2CB88602EA8D4171
SHA1:	F7550D6A8C20914BFF20F5131001EBFA7AFA01A7
SHA-256:	E2EC4208F3F29BAEBABE83076E23F1E7765AC1BD83A713659F53245A44B418AE
SHA-512:	E0CF7D4F4EF61F627F1F1D1F23ACFC571F10A7BCD2ECEC90B739996EBCBF08DD13D2207C918F67BA86FB22759DF1E50FF688BBAFBA95897DDEF334EFE72EACE5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......~.....r3.....PLTE...x>.......aG.....2....bH....kJ.hH.;.....!.kJ.!..:..6.. .....5....fH...........3.dK.&..7....jJ.~=.....9.............2......0.+ .'..u,.......8..,!........<...../..........(..Y%..../".,!.ZB.l..A..S".O.....N..Z%.....(.:.N<.e).aJ.h+....w:.N$.P:....p+.7'.V#.<........4..G$..7....H3.M-.3".`..]..].................p..S>....B..P7.J!.......O1.b3..........F..B..;..?+.A..\..z..w.....B4.j...o.m.....6(....R=....}1.i,.5.....( .L..?-..%.....:.e@................$.&_......./%.'..l......v.u...............&.....:.)".)......../.......A.(..En....?Q..U.uT.=X.Bx....:..(!.]s....$..\h.>?..1....E.....!..ri.V..r1.gE..../m....Nr.]l.ZB.<.....S^.&...........(...........D..k....#.......1...4..U..F....Y....W......J..g.Q...&.....8.k~....5..\..f.....-...".b..].oz.?..<..C.J..P.}o..w......tRNS....................... ....&.../-#%& $.,(..I5...(>520-.9..6..E.sl.K.[H<...9TS?.P@s.~.A_..njah...tQG~Uu^[M..wUF.ys^Y.......we.i.k..m.dg.j.3.\|Z.....$...?...........O.........

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\awake_title_wide.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 580 x 132, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	15443
Entropy (8bit):	7.92568070335089
Encrypted:	false
SSDEEP:	384:crZE12Sg7DOHbldTmssQHeT3qzT5awbj7qzieh5LIcMsKph:/naDSJtsQ+T30TMw+z5LIcMV7
MD5:	E06FB238DD0A04EFB5CD7BD584D2AB15
SHA1:	F372C953E645F2CB2B5BBCB2134055AD9F515653
SHA-256:	F03A428DB9462A47136813C3A8BE220F1B7A38E5692035A8D64AEFF88D4632CB
SHA-512:	82E72F9819DC6A0B020565CDE82F67E5488CCB68BD3736463EB5251D7BD534F5307A7DCC1CD5FE7766E0EE42CAC12BF8F0E77C02417988E36325BA5A5CFEFF7E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...D.........FI......PLTE...s>........(.\F.....A.uC.....%....hJ.%..2....\H.....<..).....8....hJ....fL.....?.......hJ....fL.=..!..-.....=.....+.dK...........'...... .,..7..1.....'..H.....'../$..%.....>.2#....+..{4....:.e'.2$....C/.h%.J.....X4.Y%.4.....};.......C..S"..7.( .9).......T$.T8....^F.G.....g..`2.K6.w.....J......3.>........N&.a(....s#.w... .......`..P1.R..[..q.....7..B'.r..H".c).a.....W>.5..T/.{'.?-.t5..1....w..L;.s.....XF.,&....p.....QC....`!....Z..WJ....P2....S;.H3....`;.......E5.kC.............% .o..YC.......z.....[..9K.)$.2d.+#.z^.Sa.3.."..+".C.......Dm.......go....'!...#d.vW....pI..7..6..>.f:.$..U~.p+..2.H..P....cq.".W2.G`....I.GJ.3.."....................J.1..i..,..E.....X.g..n\|.......(...(..m....$...!..8.!..E...4.U..5..A..\..$.Z......0.`..S.P..<.-..J..`...@.....tRNS..........................!.!..0(#.&(+. 1/7%/.)..6..@..:I3.=.Ej.S.Wo.~M%..S;bE.gp.J=xM{>.n..[YP.ga.]\.]XFxtFu.d..k.\|d.tl.z.x.yQ.....W.......vHk6.m........).e....;.J....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_add.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 78 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1178
Entropy (8bit):	6.593468355683075
Encrypted:	false
SSDEEP:	24:61hfvWwh82lYSgHVET3xyJ3VBHUGG6bTzKMN:YAvnnu8J330Gl7B
MD5:	46BA32F8761D0EC49DD31E5D8B9115F4
SHA1:	BDC2B757B436E506EA9EBE9BFDA39C4E97D8CF0D
SHA-256:	E2E96EDED1D149220B4EB4C02BB85CBEC0BAADDD7D5B01C63B74A5BD9CEF22C2
SHA-512:	692384569B4FFDCA621B53AA43EFC50D24F6AFEA40EDFAFD7078A5ECAF71EAA22BBFE988CA509161B6647038D25FEF70F9D85F48A0B13216304E3C1DAC5B16A5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...N.........nw......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:521EF25F67CF11E8B0C18095B8D104B2" xmpMM:InstanceID="xmp.iid:521EF25E67CF11E8B0C18095B8D104B2" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:98A6F6AC571611E8B34585AC2C5473D3" stRef:documentID="xmp.did:98A6F6AD571611E8B34585AC2C5473D3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?><......IDATx..Y;..0.u.U...%.G`..9l.....K.....W..........7.....Yu].......4..YZ..."#.>.2G^,}...!S..yE.c1`6.L...9M.S

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 1020 x 820, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11465
Entropy (8bit):	6.780836351141159
Encrypted:	false
SSDEEP:	192:s7FKFDPXyhtB8w4DfymbjeSFEvYLzf16oN5:sohChtB8wqyqjtiCfRN5
MD5:	D27595B34C3FF17BC8B6F3316103B47A
SHA1:	4BF6BB721B5314F6944D5E79388F839A62CFE861
SHA-256:	283379344AF8064AC198F66246631A73B175F742CF38FFF2DB11BA19571B7089
SHA-512:	C228D01657CAD564232D66165B24F36BB73AA01D4B8B1838EE4DDAC756570C8DE91DBBF7DD5CE57E19223B587C7F0F748B15DE86E23A7099F642D85D247275B6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......4.......)"....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:872d2818-f31f-8947-93f2-b44288ccfdd7" xmpMM:DocumentID="xmp.did:9B66EC8994B611E8A1499319CAA6E6AF" xmpMM:InstanceID="xmp.iid:9B66EC8894B611E8A1499319CAA6E6AF" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A947DB8A5F0011E89D1FC699991E6553" stRef:documentID="xmp.did:A947DB8B5F0011E89D1FC699991E6553"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......(.IDATx...kv.Hb.Q...v......I..%.I...y

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2528
Entropy (8bit):	7.60892051936356
Encrypted:	false
SSDEEP:	48:7ANn2NV4J3XOB2q2Zu+gG3EWT1TGc0yV7mO8ZRwjMQMAEIuX7v:c2HSCN2ZueUCh0YmOSYMPI67v
MD5:	379AD85B8936060798448C715B207286
SHA1:	EAEEF9EE21CD93C74CF1E78CE563D84401B8EC6C
SHA-256:	B6282209B39A9C9452E0F7F1323B3EF9701B7441D395FFAAE06F57F248E0F36C
SHA-512:	7C980719ABD2BFC099D126C18FB4128C045029D800B7AD3FB37017A243B6CCDE816BDACFEC86F96665D7C28780512670AC8A7AC0C0CC851139DF89318CE4801B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............;0......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:AF60D04054F911E88C91A03EA10271F1" xmpMM:DocumentID="xmp.did:AF60D04154F911E88C91A03EA10271F1"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AF60D03E54F911E88C91A03EA10271F1" stRef:documentID="xmp.did:AF60D03F54F911E88C91A03EA10271F1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>;&Zx...PIDATx.WYl.U.=.uuwy....Bb.&.a........?..o$$"6.H.=..?$@...>@.a.H.H.H......c4"..<..N.vo...z.Q....^._U.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_menu_bar.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 591 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1238
Entropy (8bit):	6.283106274218514
Encrypted:	false
SSDEEP:	24:1r1h4SHWwh82lYSKwHaNKeVWT3XyJ3VHHoHa98GSYYYYjA:3KS2vnLyMAeJ3lHKfy
MD5:	AEC07CD9B08B9565D3AA0F61FAD16528
SHA1:	E89F1E7604B348D2941E7671ED27A3F3373C6440
SHA-256:	ED5503FAA9712109951B4216B9D1F05D1137D74875F678A4281EC3BC05E1DFFC
SHA-512:	9AC4C3D03AA306C594962E162CF28B9AC3F34ABF6A7D71987084C03574337014F3578CD18B3A676323C88C8A96EF85127BC24DD2B351A05C2D66298AFB3C7859
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...O...(............tEXtSoftware.Adobe ImageReadyq.e<...iiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420" xmpMM:DocumentID="xmp.did:B6910F2F597A11E89925F9CFF1B71FC0" xmpMM:InstanceID="xmp.iid:B6910F2E597A11E89925F9CFF1B71FC0" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9a34a591-c83b-a442-830e-c87b757c67e7" stRef:documentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>`.Oc....IDATx......@.E.L..d.n.......H..$."..m...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_nopop_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	16434
Entropy (8bit):	7.892783050831669
Encrypted:	false
SSDEEP:	384:wL1JjAE/h3RTGBS1qgYMKIHSi3Dfg5W7GLuhl+p:EdAmvGI4MjBUchsp
MD5:	6B87888A04676761413B16C45E2D24F0
SHA1:	4091A0E43AFE305013D639F7F0846CE07550B68D
SHA-256:	1909CAD00F378090F0A22982EFD90BFE85B678E3A1599883AE9F497D59487A15
SHA-512:	BEFF63525E65322707107203216CB3DC571CACE07A1438C70C21D449299DB6F0CF2955742E0861C0BB1BCBC22FD7AA3281C4F87B60625D3FF4969312F505DDC7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:4F798D46573F11E892D1E406E3C86220" xmpMM:DocumentID="xmp.did:4F798D47573F11E892D1E406E3C86220"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4F798D44573F11E892D1E406E3C86220" stRef:documentID="xmp.did:4F798D45573F11E892D1E406E3C86220"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..4...<.IDATx..}..$Wy._.'...I.P.]I+... .................g...l#.;. K..A.-....+Y....].$$m..0y'w.w.[uknW.......=....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_report_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 536 x 373, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9303
Entropy (8bit):	7.763566128427289
Encrypted:	false
SSDEEP:	192:W5RBJM6NWXcTzd+fqROoMqg3QUL+ExstPhGzzpqwdTjhlNtGj3r3r3L3L/j3j3rq:CpMVcTzd+OOoMWUbYt6nhlN
MD5:	D3C244B4B5553CC7777E355A08BBA6EF
SHA1:	0B737FD79CCEDE846536E0AF455D32D6A078B1EB
SHA-256:	C6FA1766A6C00341FB72B31769688DC11749CE94AB84C007932953DB0F796947
SHA-512:	0AA441934B6C065B5E9330CD904B702D92529542B68D24E7155DEF5C43BB15B0CAF7C0B79C128F15473032A1A643961E5574B8BED304391E9AF0DBD62CD8C29B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......u.............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:97394D25BB2211E8BE34C21D4883AFE1" xmpMM:InstanceID="xmp.iid:97394D24BB2211E8BE34C21D4883AFE1" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EFA3CAEBA43E11E88B6EB9D7AC23B532" stRef:documentID="xmp.did:EFA3CAECA43E11E88B6EB9D7AC23B532"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.{Z... .IDATx...m.<.].....sr.z.H..PbhIA^H..JI.."..H#p...4./.4F%.5._4.WjHh05..$..&.44.L..J..Z..6=..P......f...f...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_shortcut_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	20114
Entropy (8bit):	7.960389160382693
Encrypted:	false
SSDEEP:	384:1dyMM+eKU0kf20geluMlrnmNz02e7epPOwbnDyy1VR5HDWlG8+0pH05CSqQ:vyX+eK2RPlDm+2e7epbW2VR5jWO0p+CQ
MD5:	DC0744E6A92CC498AE0D1B69E08DDE5E
SHA1:	BA8B9EA96B378AC343E7FF9E1BE177B670E47C95
SHA-256:	F22DFDC5F378D0C90DC5DF15097E3CF1D91A1F432CF1E8D3300F8F39279B44CB
SHA-512:	0D853850AB3F1DE3A798099089C6672FD139824257B694853DB32D08CB65944BDB28991491AE5D946170C773EA1DD8DD3468D5543E46FF6F9F35999BA61745E6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:B6610A9F573A11E885C89699072539FC" xmpMM:DocumentID="xmp.did:B6610AA0573A11E885C89699072539FC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B6610A9D573A11E885C89699072539FC" stRef:documentID="xmp.did:B6610A9E573A11E885C89699072539FC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..]...K.IDATx...\|........{.E.RT..n.-.m.N..).N..^g7.l.w..6....M..x7..g.....-..nQT!).Ta.....9/0..`...%...'0Ep0..f.s.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_shortcut_later.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 405 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15280
Entropy (8bit):	1.8472786663792886
Encrypted:	false
SSDEEP:	48:D/6rMlYk29WJsEvurFTliMucPBLQFC6xN+Y97sc58B7Vu+Vk70hO:DSaYkEWmzWZxNX7sc5uVTVk7OO
MD5:	D6AC8165BFA52B17C38F2BC42F5C932D
SHA1:	C5A68C43417150D3CF7AFD7746454B3CC4A62A82
SHA-256:	6AC3107C6E574936A2798EE67FD702BEFC231A5AFCE1D15A695BF86B05816865
SHA-512:	E5F065577ACFAB26E69A5065C6EB94ADE80519E2F4E4E9F3D7D9385AE93EF82450B4C6D31A26E59C05381C61C22D0BB8B2C2BAF086F5113989387315466F4B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......#.....\.......pHYs...............9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>xmp.did:2BC34A87574D11E8B421AF123BD4E4C1</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:075f24ca-16a2-e64a-815d-2e7fdbfdea

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_shortcut_now.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 447 x 49, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2073
Entropy (8bit):	7.396302843627111
Encrypted:	false
SSDEEP:	48:cWKS2vng1MueJ3PS8yFE7x/4aJOkkyZYmrkL/LheZp50YBBuY:c1SeMQFyFE7x/4aJvZYmrk7FeKYOY
MD5:	EBC802E9DADE41F1A39987C23E402320
SHA1:	D758C246ECEA1C043EDA93C39064F39040D16E5F
SHA-256:	AB60E214939E7A5C9CCA53F677FA166F910C09C5EAD2BA46BD08E55DA7F0ABB5
SHA-512:	57E9F27D88DE34B95A51F431CFF072D1A771EA1D6B6E2FE1DE6E3A58A96959FEAC4D7A377E24D514E3DDEA391196BBED6D1FA4D19BF9732C3B45A93CCEA9CB20
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......1.....J.n....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:F6E38365574C11E8890094E48D0BA463" xmpMM:InstanceID="xmp.iid:F6E38364574C11E8890094E48D0BA463" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CFC69B1D574B11E8A537BE024B8C5456" stRef:documentID="xmp.did:CFC69B1E574B11E8A537BE024B8C5456"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>ms......IDATx...Mn.G...........fa."+...\.3$RN..\|.../...G....d.Ha.E@D$.....J..........J......0.....A?\|.Hu..Hsk.>..M.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_tab.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 396 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1225
Entropy (8bit):	6.526925141023063
Encrypted:	false
SSDEEP:	24:o91hfvWwjx82lY2T3JVgaDyJ3VbMuGqZ/nt0SsLA4NjQYJ:ojANn2NIJ3TpvtMLvD
MD5:	76827415DCA1F02DF01878E4FB28707A
SHA1:	FE66A43740AB03CB81A7B80F764D39725F66FC61
SHA-256:	1F4DA92032E7642631048B8CC08790031D241B41C55EDF449D8283010FE3F38A
SHA-512:	E61F7FD118BC0176848141BF4927A5A06D0DF5B4E54BAF98F245A3FB0AB0850D63C47850B5FE8F4DF5EB6DA1999320AAB1D19C0B828B7DF9C1A40874501FBB76
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:2913CEFE572011E88DC1C27188559B3C" xmpMM:DocumentID="xmp.did:2913CEFF572011E88DC1C27188559B3C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2913CEFC572011E88DC1C27188559B3C" stRef:documentID="xmp.did:2913CEFD572011E88DC1C27188559B3C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.j5....9IDATx...1..q...]T..N(7$..t..]VKI.2...H..($$.B..O~...2..d2...7..a.u...L.q.4......>y.{.Vgb%YPU/\|'.u.^..$.d7

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_tab2.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 396 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1225
Entropy (8bit):	6.526925141023063
Encrypted:	false
SSDEEP:	24:o91hfvWwjx82lY2T3JVgaDyJ3VbMuGqZ/nt0SsLA4NjQYJ:ojANn2NIJ3TpvtMLvD
MD5:	76827415DCA1F02DF01878E4FB28707A
SHA1:	FE66A43740AB03CB81A7B80F764D39725F66FC61
SHA-256:	1F4DA92032E7642631048B8CC08790031D241B41C55EDF449D8283010FE3F38A
SHA-512:	E61F7FD118BC0176848141BF4927A5A06D0DF5B4E54BAF98F245A3FB0AB0850D63C47850B5FE8F4DF5EB6DA1999320AAB1D19C0B828B7DF9C1A40874501FBB76
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:2913CEFE572011E88DC1C27188559B3C" xmpMM:DocumentID="xmp.did:2913CEFF572011E88DC1C27188559B3C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2913CEFC572011E88DC1C27188559B3C" stRef:documentID="xmp.did:2913CEFD572011E88DC1C27188559B3C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.j5....9IDATx...1..q...]T..N(7$..t..]VKI.2...H..($$.B..O~...2..d2...7..a.u...L.q.4......>y.{.Vgb%YPU/\|'.u.^..$.d7

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_tab_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1044
Entropy (8bit):	6.222099519175631
Encrypted:	false
SSDEEP:	24:U1hfvWwjx82lY2T3JVgKpoyJ3VrKUGYFNajj3Ly:aANn2NdJ3Lmj3+
MD5:	D9C9AF159823AEB8C29CE6F22A04211E
SHA1:	FE778F52E0F723BCE7A6B1946509CF70A24F43C2
SHA-256:	82A4904848206794BFFF3A891BD39EFC9519B5D20E8D2B5B6001764476BA3A29
SHA-512:	BE97681844E59A31D2464743AEA2C269AED92FED539680B3C45ADDE10F38784484285C1B590E488AC9E85C001D9E15AAD2185D1DF19C00DA23E99DA20E82B197
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:B4C3A979688A11E8BFE1D3038434E9C8" xmpMM:DocumentID="xmp.did:B4C3A97A688A11E8BFE1D3038434E9C8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B4C3A977688A11E8BFE1D3038434E9C8" stRef:documentID="xmp.did:B4C3A978688A11E8BFE1D3038434E9C8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...T....IDATx.b\.........9....@......;H.......S...N......Q....Y...jI.m..D.`!.6$......`*...a.a.+L`jA.......)a0(...0.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\product.ico

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	MS Windows icon resource - 8 icons, -128x-128, 32 bits/pixel, 96x96, 32 bits/pixel
Category:	dropped
Size (bytes):	161862
Entropy (8bit):	5.017907765995525
Encrypted:	false
SSDEEP:	768:JnJg36j7Z2iYCn0LoCG4V+1pORDtYtbDyOpB95/YAF5OdcJBBes7/CLiJe:ng3iZ9YMORiD/YAFAY7Pe
MD5:	E7B376B1C7D9422D165BB2337808BB43
SHA1:	DDF8809028502714C7E22E8E1C8E9FBE926BA11A
SHA-256:	411281A36E65D70AEE9252D71B47C3414AA6F9E63797AA8B56FC014C59EAE326
SHA-512:	787DD6FFD320197E1E59FBFD34BF9083AF79FBCE302180D962C909F714C04C7F986EB122E922453A31AFFDF71B22EC62969B72026F9D70FFBA5FE7139138CBCF
Malicious:	false
Reputation:	low
Preview:	............ .(.......``.... .........HH.... ..T..V...@@.... .(B......00.... ..%...4.. .... ......Y........ .....Vj........ .h....s..(............. .............................................................= /Jz@]..X...h...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...m...l...l...l...l...l...l...l...l...l...l...l...l...q...{..u..Ss.Q*>b............................................................]0Gp.b...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\900_53_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 900 x 53, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	6359
Entropy (8bit):	7.894679290319772
Encrypted:	false
SSDEEP:	192:57F2ZDWK2QaJh8KCYI024UijvfstunvAE:54Zf2QabjLI0241stuvAE
MD5:	F22E23E1BC821B65648E17487017A40A
SHA1:	62DEF1588D7911228740D0B4A689E6C91910AA3D
SHA-256:	9B24CC5BF9B787AB0BA3E94241185EB23F3ABF5B20423C552601B961D3B3AF9E
SHA-512:	5BAF815BE49D976619EBD3B57880100D95C993311EE6ACAEE54CA69BE8105DDB85481AD692942D4CA0E6485964B5EACDE16725C7E3A894822BE51206D38616C9
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......5......R.!....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:F3ECDEF36EE411E9AE1C8B1F0AC2ADB7" xmpMM:DocumentID="xmp.did:F3ECDEF46EE411E9AE1C8B1F0AC2ADB7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F3ECDEF16EE411E9AE1C8B1F0AC2ADB7" stRef:documentID="xmp.did:F3ECDEF26EE411E9AE1C8B1F0AC2ADB7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.`.'...LIDATx.....8..M.0t.i.w.#.P..4...R...?....2.$..)....?...........(;\|....m.?.....M.W.....^%r\|......?.......O

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\awake_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 522 x 126, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	13955
Entropy (8bit):	7.928205191438655
Encrypted:	false
SSDEEP:	384:l3fLQ/2ORvtiOM/M8yhlFBnvHk7Cx4MzZPx257LBe:qL1iOM/M84lFxNxzzZPxo78
MD5:	7F8D2A704A3D6E63437D53E92F8E049A
SHA1:	F8509942E3E88E79B63C1CFBCE17577549AA5757
SHA-256:	C4B9EE6AB7C8365BB5B5718E8E2CFD7371362A7859DE91E0F0ED82589AF780B9
SHA-512:	A687E93FC119945512B9651F9935D79C2B2AA4B3C6D76EBA221DE8A8F39F988913C190546987A60A5DAA713E2F8CEB2042AFCA9C5AF1AE48A4E04A53C6E8B870
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......~.....r3.....PLTE....4.......rC....qE.....#.cH.%.lI........6.eH.;.......gL.fJ.3.....7...................?.fI.'.....;..............:.....,.fJ.=.fF.......).....9..3..,........0".=.....\|4../.Y&.G..T!.F1.,..P..X$.o,.[C.2#.a%.0$....l..u.....&.....M$..6.7'.T>.l+....f).J3.U9.4(................=..J!.D..H"...._........B-.].....P8.;(....u1.x.....@/.x1.U$....q..^........F3.R5.i/.?..i..:+.D2.-%.b.....C..I.....f@.S4..........)".S...'....5..$...............s.T...l....)!.$...........w.................SA....%!.k......%.AH.(\|.4`.% .........@..!.Hi.Mv.3.....e@..0.2..1..B.lk.......*.......vE..5....C..V.~..i@.#...........-Y..1....Xy.Rv.w[.[a.WD.8S.q/.`i..............(.D..I........E..,....%...../..j..!..X.2..V..U..#..f..5..1.p{.j.[..P..m....`..]..8....e..I.....+..;..O.6..?..@..]......tRNS.................... ........ .(%%'%.-+!../072+.9...4-..B?7..mh...vA.X.<.\D.4.n.KH@._W.jLKRR.x..JuV.r._..^RyG~bb[..sT..j.i...u...\|w.9e..H\|.jj....).\|.....N....9.._...c.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\awake_title_wide.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 580 x 132, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	15737
Entropy (8bit):	7.9251748005259115
Encrypted:	false
SSDEEP:	384:ojq5eLLT79CMEpnwzyHoLYAQizQQMKDkPOMwQIKBSwS3M821rOdPD:o1XX9kUyILYAdN4VwQI7wH821K5D
MD5:	6DD8B2FB247D98CC8E5AB4249019D086
SHA1:	BB6DE907A50349CB01EB89523C98A22BC625DB20
SHA-256:	1C127625178C32441F67828FA81DF120820C315E0F273861AB2E84E7D2E7C63E
SHA-512:	081410F977420A0291C1A4C8FF130F81DE3B7296D2578A41FEE7CB9079714AB92D23256E102F979F5C4C1F746B86A6C989F7315444A66BF1EB87EB8C27ECF969
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...D.........FI......PLTE......s>.......dF.....6.iG.oH.1.......lI.".....4.......fK.......2.jI.?........-.......cH. ..'..7....fK........=....cJ.2...,.9...=.&........)..F/....N8....@... .H..)..]%.U;..;....~3.3$........6..+..$.6&.Y?.<..5....^B....j..[A.3#....9.....R!....V'.^(.O7....C..N..K5....K7.=..y0.y..'..f.....4%.f..n%.x..............O3....^).k-.f..>+.{.....H........r..[.....@..P&....P..M..a..4'.A1..........a?.........g1....a.....v........Z.....)!."...2....("..../&.(!.......#..pE.......(s....n.....) ....3&.U.....{..:L....(!.\|]....x..$g.).."..Kd....D..Sv.gn.pS.IX.......$.. ..@u..6.E...Z..>..4....l0.U_..O.V}.h9.....E.V2.=..{[.v@."../..Ev...."`........../...............G. ..5....%...7.......B.....Z..f..k~.G..W..2.T...&.....Z.`..."..<..D..S..K..j..h.pz.O......m.)..]..e....}o........tRNS....................... ..!.$&%.#$-,8,*4..1..2.rC.3..}.yU98E.L.o1:.G.a?=jU..O.phA...z.._.w^.iF...xi]UNh._mP\|FV.^[..h..N......r.y.~_...C.w.v..R..../.........@.P...c.......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_add.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 78 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1477
Entropy (8bit):	7.070052988738848
Encrypted:	false
SSDEEP:	24:61hfvWwjx82lY2T3JVZeHYzJeH6yJ3VyWeHhjeH/Ga7zoCsIFARirQSB2Tfc1:YANn2N6SohJ30ZIfB7z+CrQo1
MD5:	416230389511F8AF770EAE97CF8E8BE8
SHA1:	F46D831789FCD86E2FA33AF43B9BDD9FB5DE24EF
SHA-256:	7BA1EB369B19290C4EB3221FE3AC7CD7975D419B0EDF0A6310A3651E99C626FE
SHA-512:	235EB5DB23EDFFCD3C1D6AA68DF1B02914CD2445925CAEA982435906A3A6B49BF6FADA28286556C7949D4FF2B51544C05875C74863FDA9DC8170974E3763213F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...N.........nw......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:A506AD0167D311E89FB5C5EE387B6DE1" xmpMM:DocumentID="xmp.did:A506AD0267D311E89FB5C5EE387B6DE1"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A506ACFF67D311E89FB5C5EE387B6DE1" stRef:documentID="xmp.did:A506AD0067D311E89FB5C5EE387B6DE1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>E:t....5IDATx..YKK.@.N.V.b...6...7i.........,X<yP.>...i...&.Y...d.;{...%d;..7..n.......@............0.8.......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 1020 x 820, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10702
Entropy (8bit):	6.689625073885751
Encrypted:	false
SSDEEP:	96:bo7FbuhVf8ixON4+rbZLoyDc7kQs7oeNjW/ozpau/bufW9cyhcnkkRVrnQPIYNup:s7FKG1Zc7k5UV/oLbkRVrQPBNe7We0A
MD5:	80EF93691310DB7FD7291E6EE65FBA4B
SHA1:	52D3C5AA5CCDCD92040DDD0B4AD77F0AC190CCCA
SHA-256:	B9C518F746407E34566E1BAE4EEB3689AEF7BD82F36D245D3232B0F153EABAB8
SHA-512:	4384AF5F0A5A62A0C3603847E7E5FE670481878D5C99949848CF37F2340F3FD11EA1A07CE187C9D2CB317DCF233D34AFB6D1D129653A80ADEAD610E1448713C6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......4.......)"....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:872d2818-f31f-8947-93f2-b44288ccfdd7" xmpMM:DocumentID="xmp.did:A4C88DEF94B711E8A013D3DEBFCC91BE" xmpMM:InstanceID="xmp.iid:A4C88DEE94B711E8A013D3DEBFCC91BE" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A947DB8A5F0011E89D1FC699991E6553" stRef:documentID="xmp.did:A947DB8B5F0011E89D1FC699991E6553"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>q..x..%.IDATx...[v.Gb.a..u.M.e.YGf..>.5'.J.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2655
Entropy (8bit):	7.644057701743082
Encrypted:	false
SSDEEP:	48:7ANn2Naw1lBJ3hR/0tF/U2oDDIW4vZytnnv4YDTV1ljjdcBhs6XB361owU:c2MgRmF/v0P4vZytnAYvVHnSbs6gRU
MD5:	5A2AC9FFD7DAD9297BF78DDD67C87AE1
SHA1:	F2989D7B7025650EA7856F9B650C33206FD33C89
SHA-256:	B1BC77CE9E1EF770AFCFFE565FD46EF38C25A12EA038D64BAB06BF3CF9256C30
SHA-512:	C5AF56056918250DD7C15A017E5F5ABEE7EF54ABB11E6EEEC17A9C1B36039F80D301351F62A36BFCFEF795BC6EAE564CB62371B1176005959CDCEDC7B5D91F18
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............;0......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:F8043BE954F911E899B6D270DD25E7C7" xmpMM:DocumentID="xmp.did:F8043BEA54F911E899B6D270DD25E7C7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F8043BE754F911E899B6D270DD25E7C7" stRef:documentID="xmp.did:F8043BE854F911E899B6D270DD25E7C7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.t.7....IDATx...pTW........!.J..iJ.0)...)L[.).UtZ.....3R..8.XGF;c[..2.V.1...P;..T.....T.@....$K.I...w=o.....hg.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_menu_bar.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 591 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1246
Entropy (8bit):	6.281820666844696
Encrypted:	false
SSDEEP:	24:1r1h4SHWwh82lYSKwHaNFJKVvcaJVT3XyJ3VHHoHa98GcVQjxQuvlz6lz6lz6lzz:3KS2vnLyeJKqaJVeJ3lHKfL6jxQuvggC
MD5:	AA01844F2167A9384AB679FFB493445D
SHA1:	204AB1EA4FE977E01C0E550BBBB81FACA7D7DC68
SHA-256:	A699AA7D2DC9F8FEB7C414D6ADBF4A0954C4D895AC2E1E5189311714C259AE5A
SHA-512:	AB07DDC3EFF1CB9C86B088A172F864658B3B80CDFFF9ADA9BB92C361D2DCE08BB7524D09980D083BCF8677E79AC5A1A8FEE2828090B09D226E64CBA9149F2905
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...O...(............tEXtSoftware.Adobe ImageReadyq.e<...iiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420" xmpMM:DocumentID="xmp.did:747AFA37597A11E88ECD8B27919821DE" xmpMM:InstanceID="xmp.iid:747AFA36597A11E88ECD8B27919821DE" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9a34a591-c83b-a442-830e-c87b757c67e7" stRef:documentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>-.z.....IDATx......@...I.......V....^.@X70..,^%.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_nopop_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	16899
Entropy (8bit):	7.947059325179362
Encrypted:	false
SSDEEP:	384:0kgme0fAAUmx+INHKnVHoh+KWU91bWXvjdWFTcvooUoocooR2:0b70oc+4CHox39YXvxWFTCooUoocooo
MD5:	408232D736B550AC82BCC19660592EBD
SHA1:	0A3AC0285530DA3F639F3BC7EE670E3D4C6AE99D
SHA-256:	CEE7706F2376F3753BA11BF77431A1E6B8AE514FF75D275A895DD8F53CC77C1A
SHA-512:	832E7F8E68F2CBA81EC64FC321209BA753BB039DFF2C9D6B8D022D0A45512654E03F751E77AC287A9C01D30EDB1F6193C2BB7C41B3DCC7018FA971591D265453
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:C91301C1573D11E8A696D0CDEA56B595" xmpMM:DocumentID="xmp.did:C91301C2573D11E8A696D0CDEA56B595"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C91301BF573D11E8A696D0CDEA56B595" stRef:documentID="xmp.did:C91301C0573D11E8A696D0CDEA56B595"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.4....>xIDATx..}...gy.W...\..4.I.l..!...26.;K..x....z..Nv1...'.sm.KH...]x.X.\...v.a.D..9.O..{....j....{.....>.z.{.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_report_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 536 x 373, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9367
Entropy (8bit):	7.79283522606102
Encrypted:	false
SSDEEP:	192:b0jPa0SCk9ntJ5g208FKZxbqXgMKj0ji3hfHqeEzj3r3r3L3L/j3j3r3r3L/C:b0+0jk5tcOK1MQ0juhfHX
MD5:	D5955F130240AF172A0360033779D23B
SHA1:	296BFD79A25656E9605DC01F5956AD7A7FD9EBF5
SHA-256:	14231306C0ED8B430DEAD59A9A61CD9C74052A50EF2F0770A1950424EFC3A85F
SHA-512:	48916AF15393D6CF720B58B072CF66B8866953072DF017435BB80D228173D51093367B594099577216E965241CD41268A2A87B859D535F585C872CF8CD2A55E5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......u.............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:D771B7D5BB2211E8A61692847EC77798" xmpMM:InstanceID="xmp.iid:D771B7D4BB2211E8A61692847EC77798" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:29049B71A43B11E8AECA91B37674347C" stRef:documentID="xmp.did:29049B72A43B11E8AECA91B37674347C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..v..!.IDATx...O.&i]..{zwfvW.qQ..$..5.c0..AC<.1.....b8..W....A...h.....fO..D6z@#11^$p0.........t.<.<...Uo..z...'.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_shortcut_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	20236
Entropy (8bit):	7.966111207787772
Encrypted:	false
SSDEEP:	384:Qz01ZOCBd7qtBavy+05F3i/cqpHTSvaY/pCUdK7/J8gfLfoocoouo69BxM:QTMfA3baWCkwqgLoocoouo69BxM
MD5:	241AB9BF1C513C6050DE42F72F9BF157
SHA1:	719984F9002EBE48DE1B42BB6D5F962B8EB45D6F
SHA-256:	DBB0692A6062AA735914A9AB2EA02F41758256E78D9879B0A28F45CE255E4283
SHA-512:	DB697F128282CCCEC8B35DDBC5D874EA80AC710E6A03F61703E77EBF42181C2A40F17A76C716602322AA31F9EE999F9AB5877C12755A2896A7A6288D0035399D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:2267842C573B11E8B910EE21E4C3A2C3" xmpMM:DocumentID="xmp.did:2267842D573B11E8B910EE21E4C3A2C3"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2267842A573B11E8B910EE21E4C3A2C3" stRef:documentID="xmp.did:2267842B573B11E8B910EE21E4C3A2C3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..#..K.IDATx..].x...=[.{.,.{.....jCB.$..-$.@H... ... @.J0..f $t.6.....b..V..w..V.....J.........9.w.)zZ"..&0....'p

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_shortcut_later.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 405 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15280
Entropy (8bit):	1.8472786663792886
Encrypted:	false
SSDEEP:	48:D/6rMlYk29WJsEvurFTliMucPBLQFC6xN+Y97sc58B7Vu+Vk70hO:DSaYkEWmzWZxNX7sc5uVTVk7OO
MD5:	D6AC8165BFA52B17C38F2BC42F5C932D
SHA1:	C5A68C43417150D3CF7AFD7746454B3CC4A62A82
SHA-256:	6AC3107C6E574936A2798EE67FD702BEFC231A5AFCE1D15A695BF86B05816865
SHA-512:	E5F065577ACFAB26E69A5065C6EB94ADE80519E2F4E4E9F3D7D9385AE93EF82450B4C6D31A26E59C05381C61C22D0BB8B2C2BAF086F5113989387315466F4B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......#.....\.......pHYs...............9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>xmp.did:2BC34A87574D11E8B421AF123BD4E4C1</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:075f24ca-16a2-e64a-815d-2e7fdbfdea

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_shortcut_now.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 447 x 49, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	7.3391443774143825
Encrypted:	false
SSDEEP:	48:cWKS2vnlmNdJeJ3I6Fe1D3KI3f8BGsb3ETwh2eopPR:c1SeCt1mI0B9b3ET42BX
MD5:	8A2492A3A07DAA0AD406E0EACFE8EE43
SHA1:	9EB8B54A5472A4FAF1CE22DD7E9FA571DA574976
SHA-256:	4F6F700D767989612FD706CBE1850893C5212911806D799803DFF269254D1F3D
SHA-512:	1F4A3E7162EA4E8EDAF54A62BDFC9EA3DF4A0D1815FF5E0CFE0622212D4C47A6CD89E870999ED15AC78B3E23F185238D145733A14087DBE06079C0244B8BB34B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......1.....J.n....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:BF2856FD574C11E8A106A0420FAB917C" xmpMM:InstanceID="xmp.iid:BF2856FC574C11E8A106A0420FAB917C" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7ADEBE59574B11E8B35FA76108CB419C" stRef:documentID="xmp.did:7ADEBE5A574B11E8B35FA76108CB419C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.R.....&IDATx..._n.F..q..8i$..8A_.....h....+..U....o=B%..@P.].....&..IV.2.~>.O....W.ab(_..U,(......4..x....8..=nZ.B

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_tab.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 492 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2359
Entropy (8bit):	7.559803274802918
Encrypted:	false
SSDEEP:	48:IPAvnREtNO8J3Zdy+th52Wq2QwES2rDrfHzSlO3n3ABOgWJuWKV9HV:IYR2Oiy+thEWqsE3rfzS4QBOHInnV
MD5:	5B0B987F6033DBC4877751F3419F2E67
SHA1:	2B044695933A6E3DD4BC54A4448E373F81E06B37
SHA-256:	6F89C5D0784495990E1C62FA720D4ADCEB0960388FA75A4FB8F087BE397728AC
SHA-512:	8655F38CC8243296119B72488FFBA082C667012B36F024AD2497938DB48C160F851A778F4CAB7D3BD18771AA1A765D6C6EC7F97D62F1F5808EB5A2D6D9863D80
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!......+......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:267324A0656911E8B40BD2826B4ABF57" xmpMM:InstanceID="xmp.iid:2673249F656911E8B40BD2826B4ABF57" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA8C1503550B11E888C28804482F1475" stRef:documentID="xmp.did:EA8C1504550B11E888C28804482F1475"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......IDATx...k]U..'..I.sl..D.\H..j....+...$...(TQ_....(*x!E...S..D.A..(...R,X0im5....g8#h...gg_........3k.f.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_tab2.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 492 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2374
Entropy (8bit):	7.531259475123285
Encrypted:	false
SSDEEP:	48:IPAvnO98J3ZdEUWmhDlbTe7lKBxqA9oN1iTIRDxwTA5psg7J7tgfn:IYUiEIla6xp4RDEY7JZgfn
MD5:	8FC9976CD8674165E07569AB7B20E21A
SHA1:	E560FB330B83FBE6E863C711615559B07B141B96
SHA-256:	C965A429D018478E035E1A9F4ACDA54DDB2BB2A3FD3E147EBF039FF3068B708C
SHA-512:	C84EE8A4255C7BA37E12731641E08D16B2D24BF3DFB1A45EF20E37ED02B7483C079D5DBB64EEA46044F8CC4891D6BC2D11AE9907C5C7363914F0EF8936A61334
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!......+......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C5E7C973656911E88BCBE9529A31793A" xmpMM:InstanceID="xmp.iid:C5E7C972656911E88BCBE9529A31793A" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA8C1503550B11E888C28804482F1475" stRef:documentID="xmp.did:EA8C1504550B11E888C28804482F1475"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.P+Q....IDATx...k.E...Ik.hl.4..XkQ).X.#...O.KQ.B...E.....^HQ*(.T...D.>.K[PDE....&..fm...L^.!'..e.7..\|.z .,;...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\news_tab_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1044
Entropy (8bit):	6.221147198902344
Encrypted:	false
SSDEEP:	24:U1hfvWwjx82lY2T3JVsgbaV6rbaqyJ3V8UbaVWmVbavGfbZA9K:aANn2NqgbaOb0J3Nba9bqKZA9K
MD5:	A44E61CEBD6B3C03E8C58CDD56937FFB
SHA1:	04CFC436591F864EE12CB7CD863CCE25448E2E44
SHA-256:	DDFFACD1453631B3103FC281A8F177E671DE7FC14C3FAE7A000469F1F64BDC4C
SHA-512:	268983C9032705BBFD89A2771DB4197F210D968B514B186B2838869FACC039C07F3D1011BFA2EEC449B750E11A893549FDF9C5A1A7F6AE8856A9285212AC775C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:AF1BD942688A11E8BA81A3B4A6863486" xmpMM:DocumentID="xmp.did:AF1BD943688A11E8BA81A3B4A6863486"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AF1BD940688A11E8BA81A3B4A6863486" stRef:documentID="xmp.did:AF1BD941688A11E8BA81A3B4A6863486"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>zzn'....IDATx.bT.nS.........? ....@..$....Dj....b'd....(...c..8..J}.-QN....b....b.J\0...0.0..&0. .....b..0......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360wp\product.ico

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	MS Windows icon resource - 8 icons, -128x-128, 32 bits/pixel, 96x96, 32 bits/pixel
Category:	dropped
Size (bytes):	161862
Entropy (8bit):	4.864401656032449
Encrypted:	false
SSDEEP:	1536:Jh610115111f11vy111Z111H111z111B1117111311A111Sj11511I1U16Nwfe1C:PuLd
MD5:	D3A5750E209954167A0C925C1BE6C571
SHA1:	15B01BFA84FE0BF07283E7188B38648CEDAEC20C
SHA-256:	2512AB9344D133EE41AFA4662062B1458E0BD219444628B7CFF9C01D221FD442
SHA-512:	B67A68489C582267673C89FF0DAAB1C824CAA0B5790824B6EC3DB23FD5F90740B6BFE4E036A96DE6D04B89B2EDAD2EEB5203331A367B583A10F163D686ABA176
Malicious:	false
Reputation:	low
Preview:	............ .(.......``.... .........HH.... ..T..V...@@.... .(B......00.... ..%...4.. .... ......Y........ .....Vj........ .h....s..(............. .................................$G..:~..>...>...>...?...?...?...@...A...H(..I(..I(..I(..J(..J(..K(..K(..K(..L(..L(..L(..M(..M(..N(..N(..N(..O(..O(..O(..P(..P(..P(..Q(..Q)..R)..R)..R)..S)..S)..S)..T)..T)..T)..U)..U)..U)..V)..V)..V)..W)..W)..W)..X)..X)..X)..Y)..Y)..Y)..Y)..Z)..Z)..Z)..[)..[)..[)..\)..\)..\)..\)..])..])..])..^)..^)..^)..^).._).._).._.._..`..`..`..`..a..a..a..a..b..b..b..b..c..c..c..c..c..d..d..d..d..d..e..e..e..e..e..e..f..f..f..f..f..f..f..f..f..f..f..f..b'..K.....MM............5r..=...=...=...>...>...>...?...?...@...@...H(..H(..I(..I(..I(..J(..J(..K(..K(..K(..L(..L(..L(..M(..M(..M(..N(..N(..O(..O(..O(..P(..P(..P(..Q(..Q)..Q)..R)..R)..R)..S)..S)..T)..T)..T)..U)..U)..U)..V)..V)..V)..W)..W)..W)..X)..X)..X)..X)..Y)..Y)..Y)..Z)..Z)..Z)..[)..[)..[)..\)..\)..\)..\)..])..])..])..])..^)..^)

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\900_53_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 900 x 53, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	25588
Entropy (8bit):	7.981069561467394
Encrypted:	false
SSDEEP:	384:5FpulM2rYWr7QPsMp19ql7AGWa4PT4Q3gcjh69vlar8sgWg1QSKI8sPsQk2yjvt:5SXY50iompQ6qYr8sgcSk6sQk2yjvt
MD5:	60208D3D2CAD137A844B3CAE9CCF424D
SHA1:	E9A9D1C1A9B552809EC6F215A6078CEEE6CADD9D
SHA-256:	A4ED1035154B62CEFA62CF1BF201A3B0BEA6B3A5936208B24C17E656EEB6FFA3
SHA-512:	7EE17F0A7981DF43D287BC495AA665963CD9E89EE69551059563FEC8BB08017FD5BF6D14D4D04296D336CFEA6E50F65C28236125B13764D95904D9AAD54852B7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......5......R.!....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:295639906EE411E9AFCFA29B3D84B3EA" xmpMM:DocumentID="xmp.did:295639916EE411E9AFCFA29B3D84B3EA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2956398E6EE411E9AFCFA29B3D84B3EA" stRef:documentID="xmp.did:2956398F6EE411E9AFCFA29B3D84B3EA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>o.....`iIDATx..}..9.%A.d..{f.....y.}.'.i;....$..d0n...v..)......p........g.sX......Rt.....>.......s77M....,.Y...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\awake_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 522 x 126, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	13952
Entropy (8bit):	7.9288597626384405
Encrypted:	false
SSDEEP:	384:mwIQRpzaPk2WGn5EWispQ1QtuAAYo0qc+Ym0dh:Eg5GTppEoklqh
MD5:	2C5E672D744F2BCFD7F929B2BC2C0413
SHA1:	C6E4A87363DBD39A60587F48F6F9EBB59F985FC7
SHA-256:	40E5D3B5F7C6D3F17390F2B7F58D9174DFE97D60F5F77AC356AE2AF1D51653D5
SHA-512:	BB114B21454F8353AC2AD153F28B0B00CA111DA870B53546C8F4101853BB014AEA301C1801260F1DFDB2AC48C1D553EF22FC9ED56780D84F2728BE61DDBC5CF5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......~.....r3.....PLTE...\|<.......qC.y@.......hH........).dG.0.gI.$....fL.6...........;.jJ.>.....:..).......fJ."..(..9....hB.....4.......jK.=..+..L.........=.cI.4../#.......5%.- .;-.y8.?-.......+..:.........+.Y?.1!....K#.O#.Q..Z..:,.aG..$.J..^%.I5.9..C3....5%.A".B..B0.z5.......'..p..u..Q:..........U#..7..........[..o.................}..e..T3.T$.B1....l%.C..g)....l....._!....P/.o-.I6. s....j..)".'..b-.Z..q..W..~1......_9....Y-.P-.+.....t)............\ .....#.......&!....m..o2.'!.k.....#d.............@..!.9[....(....' .`q.Ps./.vE.>P.!.....Dn.....4..........% ..C.....!....>..p[..H.Ra.A>..1.i=.wd.WE..<..,....X.q/.%B.#s....ai.Q.......<f.uW.5.................2..V....&..g..[.....l........"..'..G......i..#..o{....6..D....U...3.Z.....+...7.F..d..^..C..:.O..Q..K.I..?..=....}....tRNS..........................".$ "%...(-**&,...1,14..85...;.=A...72G.J.zn..==..e.T...\|GgZ.R]SMHD.miE{..tK^T.us.cooG.}]..XX.i\..g..[..}aQ.gmu..t.}...v..).w:..........K.........

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\awake_title_wide.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 580 x 132, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	15876
Entropy (8bit):	7.925325705585376
Encrypted:	false
SSDEEP:	384:iXzNY3FhEGmsfwSlTEXdODv+oQddDujxDppT6GlSZ:LwGFfXlTIOmxuFD31SZ
MD5:	E30FE1312136FECD40F74D5325D5F98F
SHA1:	49E99962FBD7F696B86A46250C1AF9B6FBA2C0DE
SHA-256:	78B1263B06734912A9C2B58E6C28CF4398E55911EFE6E4D8AAE81A48AB28DA4A
SHA-512:	B48A1FC83895C109B26547EC8205979155BD6CD1F31210624DAF725FBAF95622BC76DB5D1B23B069C8B6982312AEA857DF2582442965EB092706C471E63EB4C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...D.........FI......PLTE......p?....pB.......\|?....kF... .....9.bG.7.jJ.......nH.....!..3.....4.nE..........gJ.:..........dI.&....iK..../............=.(...,.gL.W .@.....,..+".O........C/.9%.@..S#.I.....2$..<....2..3%.@3.a%.dI....b.....1!.:).......=-.U2.....8.&..S%.I7....5%.k..a%.c$.......k......2..+.Q8.x..t0.......w#.x..{..<..O4.....".?.....H1.w..K&.C1..6.S..Y2.Q..&.....r..r..u..?1....\'....].. ....o5.......@........XB....k6....]F.6...,.........% ...................e?.Z3.X6.#........"s.p..)!....\.....6^.Nb.!..&....N3....#..E0.....>....\|].......i5.?..fo..[....)..%..@t....nP.,.....:C....M..HI..4.F..Q...O.Zr.5..D."..0.IT.........W3.$x.ab. .....~Y.%..................I.......5..#...,.F......j.i......Z..V.1...(.'..V..].....D..#.P..o{.9.d...2.A.........f../..6.,...n..P..]..=..}m.....tRNS......................... ..#.&.! %%1+).&*9..+2i./..AK....}..74....;Z.:..P=..Aq...f..xU.U.J`3XXQHL.vE.aq:.qhywr?....rjb..{_Xs.`G.d.ljO..^D.H.yT.......r0)....o....<.>.L......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_add.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 78 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1351
Entropy (8bit):	6.900178642064066
Encrypted:	false
SSDEEP:	24:61hfvWwjx82lY2T3JVgKHyJ3VPTKT+GXWLpThnERqgedNIqD:YANn2NuJ3hDlLJhELIh
MD5:	D345B318ECFA76E0077929437E0C9333
SHA1:	6661B2F66ECB6FA2710EF04973C52FB28E6E8648
SHA-256:	DC9A9D7C288B04EC90B0994B2B81566BCA49802A410C1E775A996A5F1FA1C628
SHA-512:	DAEE9FEA3094BBD3A8241A3A5C0E44977134986A273CF66A9164FF3C750F900E8005E39C3D35AA9B4EC8098C6EAC0F215038DE80CA339A4A1130B5B58CDA0B91
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...N.........nw......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:B39B9F0667B711E88EBDC94705CB80C5" xmpMM:DocumentID="xmp.did:B39B9F0767B711E88EBDC94705CB80C5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B39B9F0467B711E88EBDC94705CB80C5" stRef:documentID="xmp.did:B39B9F0567B711E88EBDC94705CB80C5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>q..-....IDATx...n.0......J.........t.a......:e...*".I.k$#......X.........R.Q.q#.]J....=i[.............ZG.M...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 1020 x 820, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11172
Entropy (8bit):	6.675472796426828
Encrypted:	false
SSDEEP:	192:s7FKNJEbsRlVaNpbQsUK4aOoyumYdxBhaaj:soNJKQlVhsUK4mdd5aaj
MD5:	F88FF5A4A586EEC4EE4D8D1BF50DC32A
SHA1:	9B2B4A17CC95752A84DEFA8403AC6F2D18E3181E
SHA-256:	0B9C8A1EC54EC6D59D1637A09D69CFC4C1141F2A4C7202806AB640EAD85D3551
SHA-512:	5287B55CE5EF0BC33C580B810149C252DE23EB5A27214BF715BEBE99F9465B37327E79BD8008702FD78235F9DAAA81AE0A3189554C7ADFCF23BC629C516DB94B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......4.......)"....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:872d2818-f31f-8947-93f2-b44288ccfdd7" xmpMM:DocumentID="xmp.did:F9C4A4F594B611E8BCB8958A9F3F6C44" xmpMM:InstanceID="xmp.iid:F9C4A4F494B611E8BCB8958A9F3F6C44" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A947DB8A5F0011E89D1FC699991E6553" stRef:documentID="xmp.did:A947DB8B5F0011E89D1FC699991E6553"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>*.q...'.IDATx...]v.:..a\|.lWg6g%..Nn.(3... ..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2588
Entropy (8bit):	7.62308927668491
Encrypted:	false
SSDEEP:	48:7uvnXmtUMJSJ36EjNjNQhgrypAuZTui6ApUz9r1c7+736U1voN:K/urEjNj6hgCAuZTuPgG9BpzHSN
MD5:	527E8E3F3193A5E74A80622A42D928B4
SHA1:	FBE21ADB9C644FCE445DEC08CCD6424717C841FD
SHA-256:	BD9A88B651BFA30973180F18D12B01C9471D28B8C75B351AA1FCE5B8AC2A49A4
SHA-512:	AEFE9EF715097CF29EA644282D887678DEA81F0FCCB848D6EF27700B85B7A2EEC88689C3671EA586D7ABC7AB99C7DECEB4688268B8B71CC248ACED6612534CED
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............;0......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:2604FDB8B70511E8BAE7A8584116FBD5" xmpMM:InstanceID="xmp.iid:2604FDB7B70511E8BAE7A8584116FBD5" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:12D68543B70511E8AB56D27E1FC9BA0E" stRef:documentID="xmp.did:12D68544B70511E8AB56D27E1FC9BA0E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.Wkl.U.=..l.....(oE.....E0...y&..L.....+.!..F..........F.D@$.......P..X......n..3..h....m...w.....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_menu_bar.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 591 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	6.273954207575076
Encrypted:	false
SSDEEP:	24:1r1h4SHWwh82lYSKwHaNRV+bT3XyJ3VHHoHa98GZVf7MRlz6lz6lz6lz6lzb7:3KS2vnLyMIeJ3lHKfm7MRggggZ7
MD5:	0C5A0E91DD1F7A2CFBFC1343C661832C
SHA1:	FB3E337A7AC096652032D094B56148F32E1BA05C
SHA-256:	CCE9133E9E50415E098F368E7AF24742AA68728BEDAA26444B7946C5B05CB31B
SHA-512:	AC85E7454AED63EBDE2A53B99ABD98FF2FE4C005225C91B2C414A2F4F68CB8D6599A749B14E787D067ACAE7074CA5E1F0C6C86C092D9F826F4781DBC65A46DFC
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...O...(............tEXtSoftware.Adobe ImageReadyq.e<...iiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420" xmpMM:DocumentID="xmp.did:4D17B2B2597A11E8B7CCE70A85AA479B" xmpMM:InstanceID="xmp.iid:4D17B2B1597A11E8B7CCE70A85AA479B" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9a34a591-c83b-a442-830e-c87b757c67e7" stRef:documentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx......@....D..x...V..xH......U..L

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_nopop_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37555
Entropy (8bit):	7.9689218488046
Encrypted:	false
SSDEEP:	768:j6ygc7pWBmPC5MHEn8Spg+Rycoi7ke/SJZZPGy0JG1kv4hrqx/86ns:jqepmKkn8SLRyjTZPGy0JG1kverys
MD5:	45796E3899153047776E03D82FFA40F5
SHA1:	89E9497EEFD29F27A8B646732EC37E0D0364A5EC
SHA-256:	1C5913B4DF1EA7B9805D4B28A137ACC39CE968875C9648EEB7AAD05ED7AED9E9
SHA-512:	101DA94BDC69D55748CA16AC029D0C9329E6A4E31A168BA55EFE0DAE870317676DC0BD9D5F07F50CD9B9C9C409517FAF03CA90B9176710BA4E91675D88AAFF3A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:1DE4B7BC573F11E884D6832E20DC2714" xmpMM:DocumentID="xmp.did:1DE4B7BD573F11E884D6832E20DC2714"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1DE4B7BA573F11E884D6832E20DC2714" stRef:documentID="xmp.did:1DE4B7BB573F11E884D6832E20DC2714"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.w.....(IDATx..}.......3..=..W.h.M.XbBlh...D.lX...*..{.(..'....5.blX@AC.$6D.vc.....vw..o.9wvfvf.>0...\|..v....;.s..4R.c7h

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_report_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 536 x 373, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35982
Entropy (8bit):	7.9690419046191865
Encrypted:	false
SSDEEP:	768:lskvfuTrSXn7/vlpD+2cVK6VAoJMTnj5s0g7GnxptJjkE:lsuq+XZplQBVArTJ/nRJQE
MD5:	3BCE68F390343D9ADD448C46FB6C0F55
SHA1:	A2C02E1AF645C8EB839299C1357611B3DF9A119E
SHA-256:	99BDA6FB2A681500D5EADC5ED95E9D87B2F99C19D1DBD3AF79297B4FB8EC2787
SHA-512:	7A39A111D65D0CB063960B46FE5CC4D836562AD07875CC56FB133C6BBBD6D1FD5E917DD9EE05B920962B967CFD84A9B3E85D7165E6BDBB14508BB059370AC311
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......u.............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:AECCA6A2BB2211E89B58921E69EFAD9B" xmpMM:InstanceID="xmp.iid:AECCA6A1BB2211E89B58921E69EFAD9B" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C75667EDA43A11E8BFD2CB85E1BE7B92" stRef:documentID="xmp.did:C75667EEA43A11E8BFD2CB85E1BE7B92"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>_.Nx....IDATx..].5Mv.T...y?..l.?.".R.l.............\X...bg....W..d.......\XF....%./B... ........(R.?`..3gw.bW.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_shortcut_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	42775
Entropy (8bit):	7.986824778401192
Encrypted:	false
SSDEEP:	768:Co1wUHGvYdCgm1uG25ktYLgQRzYPqCmwju2rdIlmYGF7r45gnhvl5:CwHGvYdCXuGQLDwi2LfHhv/
MD5:	94BB3E978FA7AF384E98E3C92E88C8E0
SHA1:	A2BA41CBF25949166371C86F60BC02CE2303650F
SHA-256:	6B8116612C92E74F5DE707A1305E95502ED8FAD13897E151E71FCA1EE678C7D2
SHA-512:	66B5D99C4980F268818DB4A68EB3408EEC5E7953B75BA7512B630A7C11794499850CCA0D643B5ED7778875C4636FF62A8989DC10B30A36AB8F028055C0050726
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:7452425C573B11E88D31CF1083E9F4D7" xmpMM:DocumentID="xmp.did:7452425D573B11E88D31CF1083E9F4D7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7452425A573B11E88D31CF1083E9F4D7" stRef:documentID="xmp.did:7452425B573B11E88D31CF1083E9F4D7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..."....IDATx..].....~g.9.^z....T.....E.+.h..hb.hDE.I4.hP.Xb....6...R.....~...3.3..{vO.....\..=3.3.....H.5Q..A.UqU

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_shortcut_later.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 405 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15280
Entropy (8bit):	1.8472786663792886
Encrypted:	false
SSDEEP:	48:D/6rMlYk29WJsEvurFTliMucPBLQFC6xN+Y97sc58B7Vu+Vk70hO:DSaYkEWmzWZxNX7sc5uVTVk7OO
MD5:	D6AC8165BFA52B17C38F2BC42F5C932D
SHA1:	C5A68C43417150D3CF7AFD7746454B3CC4A62A82
SHA-256:	6AC3107C6E574936A2798EE67FD702BEFC231A5AFCE1D15A695BF86B05816865
SHA-512:	E5F065577ACFAB26E69A5065C6EB94ADE80519E2F4E4E9F3D7D9385AE93EF82450B4C6D31A26E59C05381C61C22D0BB8B2C2BAF086F5113989387315466F4B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......#.....\.......pHYs...............9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>xmp.did:2BC34A87574D11E8B421AF123BD4E4C1</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:075f24ca-16a2-e64a-815d-2e7fdbfdea

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_shortcut_now.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 447 x 49, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2009
Entropy (8bit):	7.358622115102634
Encrypted:	false
SSDEEP:	48:cWKS2vnbnREeJ34uNfryeStBQxzZlvQd/LP+3hyTu5h2KJ:c1SebRE/uNfgBQxzLODoyTu3j
MD5:	376B58F2C4CB56557BD7EAD41CE9B820
SHA1:	EE904C00E738D34DE34DDE63A5ADEBE7C67B379A
SHA-256:	38D4BBC66E96A7026175332A58574974F1ACD4554E89EA4ADBE1F0BDD58899FF
SHA-512:	1946D819FEF9EC917995DD45045DF491C74E51038AE0284D2CCDFA1040331BC5119CDBBD75BBD3F852F665129639EC9326F65549E8938A60DD672F3A888763A2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......1.....J.n....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:0CFD2F7D574D11E8A0BEE172C93ED5B9" xmpMM:InstanceID="xmp.iid:0CFD2F7C574D11E8A0BEE172C93ED5B9" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3ADAA134574B11E88C6CCEA3391B467A" stRef:documentID="xmp.did:3ADAA135574B11E88C6CCEA3391B467A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.V.....NIDATx...In.@...mF.......+N..@..\!.@,......Mn..t<..(....i.Q..O*...../..1..O_..Z.y~.?GS.)....LHz.=,3 ..I..@S(.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_tab.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 435 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1826
Entropy (8bit):	7.251717917317824
Encrypted:	false
SSDEEP:	24:dvG1hfvWwjx82lY2T3JVTsYryJ3V4eGHHS4M43AucqJHKXrr4M7vRnLeRnM+81EP:dkANn2NZuJ3jzvBiq7bvRLX+kEsDNk
MD5:	945B371FAEA0330351BE7848E4EB7C7F
SHA1:	3A6C9DCC6440E4C8D7D3FF76706B1488DB4FD463
SHA-256:	57830D314DEA89F96A7833B9FCA7CC3BB8B99B30AAC7E59EA6793AB6A12967C2
SHA-512:	E0617CCED6005A843CFC702BC9E8DC2EF7B6EF28893962AA06664131777801AE00CA88E02E0E20614EFC6A9A5D70116375C9287CD2B2A9B07A306B4836BAA03C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!.....S4E{....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:EA8C1503550B11E888C28804482F1475" xmpMM:DocumentID="xmp.did:EA8C1504550B11E888C28804482F1475"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA8C1501550B11E888C28804482F1475" stRef:documentID="xmp.did:EA8C1502550B11E888C28804482F1475"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>@u.Z....IDATx...n.P....4i.&...Z....1@%.JAB4............ .tAL.(..S..}..K...#..U......^;.......m[;.z.).a...{[_[x.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_tab2.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 435 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1848
Entropy (8bit):	7.290870401747524
Encrypted:	false
SSDEEP:	48:dkAvnHx68J3ZdEhAH65QD0vWSfod67SW9Hl:dvoigqE1f46Z9Hl
MD5:	FD17BBB545512803A4F1554D03FF8223
SHA1:	87493818C5920C8A49C94B25D069009248D0BAC5
SHA-256:	23849B662C18EFCB5BACA59277E5D78007A6E68BEDB709ED262345185F2EB249
SHA-512:	3580FBD89B8D0844A6F3ED49586C3BA598E5509F0B5368CBBA6720E67C454D647F31A1E28FB9B2DA43333FC9F98C1CC5E4E4DC5C1E6CE5165E226CE2ABA48DDD
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!.....S4E{....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C4864B6C6A4B11E8A6D6D2722D844983" xmpMM:InstanceID="xmp.iid:C4864B6B6A4B11E8A6D6D2722D844983" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA8C1503550B11E888C28804482F1475" stRef:documentID="xmp.did:EA8C1504550B11E888C28804482F1475"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..~....IDATx....N.Q...[J-B..j.,\..'..D."...._.n\|$.../.Z.7.@L...z.L.p..3....~..k.8..7g..Lc8...Y..R.Z.)8... u8..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\news_tab_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1044
Entropy (8bit):	6.232765386228854
Encrypted:	false
SSDEEP:	24:U1hfvWwjx82lY2T3JV2u/oPZiyJ3VgT2RGXFZm9m9:aANn2NPaJJ3ZUFZm9I
MD5:	50CE83411DCBB55124CC09311EBAB8CD
SHA1:	324F116513CB482C60099D1AA376F614D009DF4D
SHA-256:	F0E0913F24D6A0741834AB3C9637CE33554ABCDFBDB6B0F4350298B74F2E78D6
SHA-512:	917674E637C173AB077EC9E786AC54DA8DA7BB09DCDBC8EB0D6BBFCEF5748D4D5CC5C17FE4D53402F532BD85A59461325F0F5D6B3983DFC2387E72C3410E9D9D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:A86B2CDD688A11E8B94384F8DF4AB439" xmpMM:DocumentID="xmp.did:A86B2CDE688A11E8B94384F8DF4AB439"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A86B2CDB688A11E8B94384F8DF4AB439" stRef:documentID="xmp.did:A86B2CDC688A11E8B94384F8DF4AB439"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>x..n....IDATx.b...T.........? ....@..$....Dj....b'd....(...cl.....o2QN....b....b.J\0...0.0..&0. .....b..0......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\LDSGameMaster\product.ico

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	MS Windows icon resource - 8 icons, -128x-128, 32 bits/pixel, 96x96, 32 bits/pixel
Category:	dropped
Size (bytes):	161862
Entropy (8bit):	6.370193830631036
Encrypted:	false
SSDEEP:	1536:8bldddjzyW0aUkKG1ejRuyohwAfja3TWm4ie7:8bldddjzy3acz+h/fja3im4P7
MD5:	59EB883B0219599BCBF4963F6A57DF1C
SHA1:	BA0FCBC94777B62D57FF0E77AC4B9F69B0520719
SHA-256:	3274524691309B7A3EF677B23A5451093B6BD9B9481149EF7F6DAA9E078F0E3D
SHA-512:	A890DEB499CBEE844E206AFFF0AD298A858956BE08939B2B91C4BC5CD1397C05996C7F1D71DF2D11E2904DE038276BB6CF18EA1B643720CF5179CA01B5638F3D
Malicious:	false
Reputation:	low
Preview:	............ .(.......``.... .........HH.... ..T..V...@@.... .(B......00.... ..%...4.. .... ......Y........ .....Vj........ .h....s..(............. .................................................................5!.N]:..yK...U..[..^..._..._...`...`...`...`...`...`...`...a...a...a...b...b...b...b..b..b..c..c..c..c..d..d..d..d..d..d..d..f..f..f..f..f..f..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..g..f..f..f..f..f..f..d..d..d..d..d..d..d..c..c..c..c..b...b...b...b...b...b...a...a...a...`...`...`...`...`...`..._..._...[..U..wJ..Y8../..E........................................................................_:...b..i...o...\|*...1...6..6..6..6..6..6..6..6..7..7..7..7..7..7..7..7..7..7..7..7..7..8..8..8..8..8..8..8..8..8..8..9..9..9..9..9..9..9..9..9..9..9..9..9..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\browser_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 752 x 493, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2704
Entropy (8bit):	5.07113656956194
Encrypted:	false
SSDEEP:	48:Zzo7FDNn2DlCBJ3/h/DxdxdxdxdxdxdxdxNxdxdxdxdxdxdxd9kx:to7F52ZC3h/D3333333333333339Y
MD5:	77D5921FFB91EB438FBD5BA5903C35C8
SHA1:	8A7EF1769BC011DC6B29ADAB003FA525BF77A344
SHA-256:	3C7A15BF6A4A2DD7604DC3F7C0464CA9BF2BFA36B3FBAE2781BA2D9EAB1E54EC
SHA-512:	9EC15509AAAA9BAC9FA8D435F4E49A954C5868BF42B67A8952CCEC6AE77DD911D1BB1FEAA3F20A53406239C632383F77714CBD6AB01477023E33D2CF744FA35D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............d......tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:3C7ABBBF753011E8BFE8AA39BA00E322" xmpMM:DocumentID="xmp.did:3C7ABBC0753011E8BFE8AA39BA00E322"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3C7ABBBD753011E8BFE8AA39BA00E322" stRef:documentID="xmp.did:3C7ABBBE753011E8BFE8AA39BA00E322"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>V..l....IDATx........0...e..$..LI....,...04................................C..`h..C..`h................04.....04........

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_add.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 66 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1159
Entropy (8bit):	6.543913209766286
Encrypted:	false
SSDEEP:	24:a1hfvWwjx82lY2T3JVBSUJyJ3VPdGp4xlACUtlIFTi4x:4ANn2N3bIJ3feiACUtl2Tia
MD5:	A2CC2691FAB1BDCF3C7A80ED114A7B38
SHA1:	F3793FAAE4EA8F6471B13E6B68F57478E5B554D5
SHA-256:	05DB3414943BF4FAD9C753593263A5F45F6075B335AD4C9A587CBDD4DD0CE4D0
SHA-512:	5CD1F430EC60CE3BE6EE10379A298B9D2433E54E0DF3EEB67C3CF10248FDE82773710F3B281CA46A6092698FF5358FA33B4EA01795A9CC923BC060BD7B6F5E7A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...B.........tKJ.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:98A6F6AC571611E8B34585AC2C5473D3" xmpMM:DocumentID="xmp.did:98A6F6AD571611E8B34585AC2C5473D3"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:98A6F6AA571611E8B34585AC2C5473D3" stRef:documentID="xmp.did:98A6F6AB571611E8B34585AC2C5473D3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..1..@.E...N;.(...r...9$.o@a......jhv.lf..O~.!?...@&..~CD{..d.k..}d.B...b..[v"..a?#.q..0....0.q......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_guide_mask.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 754 x 539, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	28590
Entropy (8bit):	7.9750633736872025
Encrypted:	false
SSDEEP:	384:KQmmyS0zFtcMw2J7e4xloMCrAR10qeGrcvwEWLbJcUHJxWvStsYuVr7/LjaKeFp6:KQ1yreYlXzuGkAXJxjtz47SJWpUdcfL
MD5:	53700CB2A4E1158BAA21429879E63C7B
SHA1:	B8F549EF053C1E61CE17485F8689947B09A775D2
SHA-256:	F4AD8846EACA39152D11373FDB2B889F1509C99B25221F4BA7A8E29A2B22C63F
SHA-512:	2F2E5C4815670E66C8F5EB3A880CBBA9D2006168D37FBD5282A1D790920947DDB80C4F3F01E64957A15E54957145EAFE883E1A218AC6677502A6BCCB6CED7A06
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................4....PLTE........(...........#..3.....&.To..6[R...F!.LRI...<..9......OF.#.R...(.^* b..,-#j+!f...;2.=4.D;....?5./%nOG~C:lqo.7-.B9~SK.'.Z<3aLDyG>qPH.=3s..@4c.Rlrnw5+\|F=.A7.8/.[S.1'^...LC.@6f......^V.>5w%.V.$Y(.NXO.I@.3)x9/lE<.:0.UL.RI.IAuVN.B9.OF.6,hMD.:1oqo}.MgYQ.@7z6-X1'tLC...7KB.+"T...90]..$f^.aX..Gb..@&.IKFS...`\hh`.I@...1.2roz2(S0&qc[.JA.d[...CV 9.Id^V...+H>..E`..$jb.e^.#.?`X..Kf\S...0....Sj/%N.2LN.6..._\q0):ha.bZ.....2.JIF["./.6P$.&_#=3.S...E.3ld....Pk!G+.4C.@NG....z/Jp+D.C^3.?VM.A.K,#K......2+BKGd8.2.9SRL.NG..GpGBuID..........ng.kd..Cqqp.Y+Vl1^M#P...?9hP!F.R{nf...QI..BZC<.5,oM.Z{..+$9 ./<7].N}WP.BLO]R...w<..=p.8aWA*...F.../f+NVej.@...R(eI<K.O.U4o.P.OUh?,.oV%mR.GF.nD.pn..{+.e-i$v^dvfnq....`z.i.._..m(gRKx_;rY@.............34.Xr.I..i.....U..p.._..o..@....I....tRNS......................................................................................................................................................................................

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_guide_mask_mid.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 754 x 595, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	28235
Entropy (8bit):	7.97666579078214
Encrypted:	false
SSDEEP:	768:KiDRb8IXdHiHZxu5tsM1aOebKhrJWv6AjbdxD6pM3I5awP:H/XdCHju5tZwOJh+6AjbLDsEY
MD5:	7CA563499E7A8EB636FAF7F1E4FB0924
SHA1:	AE6BB47193FCB5E5ECD231B76FA4AB5467688ABC
SHA-256:	D46FBA7100F5DC0403EBA37943879E07D49FD460F52BD8F3225D5356220F691E
SHA-512:	37AA27E7F544E5B038650B67800233317CBAAE0044ACB604DB8A97833D5C4C80B1AFE70C4A5F56568FB857C60B560E242AED0D6AEA890498853296F3AF1A465B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......S.....]..5....PLTE...........).....#../..4........!.....7........:..4..B..%..>..F'.L$.G..4..0!.A../../..9/%M... .L1's".;[R...<+!T..#,"h......$l3)x/%[rnw,"I2(R;2. dqo.<2r90.'.\/&p".O-#W?6w?6.4+V).`..(...6-YLC.2(`A8...<..I'.C..-B9}..14+\|#.S..8OF.8/lE<.%.@KB.RI.H?...AC:.ME.1...#F=....<3b).Q.9S%.W5,g).F:1_...6,.qn\|I@..Lf8..>4.9..UL.H@s=3.E=o?5e.NhA8iC:lKBxKFR.<V9/\.Sn.>Xqn..7Q...WN.&.Y'.%XO.Ga...Jd...ZR.PG.QH..5ONE\|qoy..+(.23.L.A[..+Z!;0):b%?..D....Pk.E_QI..2I.5]U.1.;.Rl...=.?...H.G....2K..=j(B1,Ca^j4.VR.9..._\oIG]...0VL..._[eT$M.~.VM.b-Z......;4f...>6{KHd>.L_^u...N.\C9.IEW...NG........7\{...(L..,me..u)w7j.%bs2YBLO.z+_[h[hl....Fp:(#_/t...Jo..6[E&'.5.<bKD..Q~...1$8.h..Ah.J{.Au...OUh.<...N:/5;RoM.wG....D..-.mS%nf..H..J......}b'\|v...........Xr.34.I..n..b..U.....@..g......tRNS.........................................................................................................................................................................................

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_guide_mask_wide.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 900 x 644, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	30994
Entropy (8bit):	7.974036377155228
Encrypted:	false
SSDEEP:	768:OIl7g9+EGyfDCE1TE71jn0zzt0M9wkkbOn1eJxmmBBEZ8hUsW2F:FG+EvmP7BSzHnkynsJfEZ8hUa
MD5:	A03E0E207A1E63621D6C0E81A6F9186A
SHA1:	487D517791B93C9A0FB09659284651665B9F241E
SHA-256:	B42078DC73E251EF00ED416918F43A2ED01CB12F9ECFB5F9605F0001CA7E10F3
SHA-512:	68355DDDAFEE4D06EC17F209DDFE2B439EF3689010F35DA168D89BD5A99DAC694949B0248E947345DADF3B4C55180B409AE3E3A85E865163A0477114AB42A8E7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............h.......PLTE...........0.....+.."..'..!..4..+..#..)..7..:..'..'..,..&..=..0...../.....5.."..:..5..#.....0.....4..F!.M.....@#.<..>.....B$.U!.9..D,"I........1/&N...2(_-#i..:#.Q'.\!.B...1's'.C4+d$.G&.X..IPKp).a....%ng'A'.L.....>+!e...).F%.@..!...2(S.....Hm)C9/l=4t-#W5+\|0&Z5,W...PJk3)x..6+!T@7y...;2pOIdrnv* P...r+F...B9~OG]QKu9/.:..E<.D;.;2.A7.a%?...G>.7-.>5.7-h..%w-H90]JA...).<V).4.......z.[R.SI...,.5O.>X3.-.8R...PG....-.(Z!;.@ZI@.MD.#.'A.0.:Ta\hQLz.Kf...?:Y~z..1K@7bMGS_[s`[.1):.Nh.B\....E_1.;.HbJ.EA.G...A;hU#F>6N..,=.;..5T$Q.........G.5.....-.....nj.c+QN.]...kR$oj..%>{..pk.6.Eoi{I.SI@...'pk....$.9ICQ...BLOx3Y......9^.?f4##vr{...B/!..,MA.5-j..NqW%?.S.Fk..-m2.j/dVej......g.B9...+ZC#.:n...[s...c..8.pk..P\|iC...fnq.2..C..@.e'.Q..Fz...N.x*.......Xr.34.K..r..b.....T..^.........tRNS...................................................................................................................................................................................

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_try.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 844 x 82, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	6611
Entropy (8bit):	7.886638071622533
Encrypted:	false
SSDEEP:	96:RsAuv0yFrHQHe4NMnHm50IXMf3ezLNymiHiuOXZXpoN9BY+JpdbNGFXbXOgk7:3ydQ+DHmDXMPezLjQFOXZXp0r2XbbQ
MD5:	231928B270DCA8D38D3E2E8B2380268F
SHA1:	96F8CAD5C20802E2A31DFA5473E772722B11D743
SHA-256:	EAAE69367F1F095B7748E35E514A779A759CAB913660F17BFD1549E897BBD68B
SHA-512:	D1BA4120B736ED1E7BBCDF27D33CCD8DB885C36E87567A72CB187E280B89C9BB376E326487846329221979C8049243407570E64C5D2CBE90903BFBC90C3C96F8
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...L...R.....Pw......PLTE...&".&".'".&".&".&".&".&".&".&"...}&".&".&".&".'".&".&".W/.X0.Z2.&".\4.U-.]5._7._6...hE+.J7...6&.5".WG...a_.9-.^L...R..tR@.H/.zy.......1.._6\|.A{..M...{.q..m1....aF/......a....._..v..K......8....X...........................E<f............................._..adO.I0......r[....yv'..>...fM/......Q..,.`Q.7...%......[. .iM....4........\|&.. ...l..i..Rl).q)...............u..n..cU..Q....f..L...tG.l....q..l..d;....._..{E.nK...^.$..9../..#..)..2...ue*.%.\|..."..B.......K...;.. ............X.A..?......\|..Nq..v..gN.7..%.X-.`,.4..#..6.F..............F/.........{..i..H.'.1......x..T..d.......}.....P.....V..V..T..[,...KA....i....J.....If.....?........L8\|..........S.....o.`Yz...y......M.....e.QIo.S......Eqk.F...}..G.XA..L..y.Q5....V1.o9.dG.D$........>.&.!....BtRNS.....(;N.ct}.."DZ05...n.....W.VX.....k.......v+...w..................CIDATx...1........i..{..................$.il.a......e/....8....F....bx..}..>...>F...b...6..4..."..o.6

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_awake_try_wide.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 788 x 72, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	7142
Entropy (8bit):	7.87655062935313
Encrypted:	false
SSDEEP:	192:RYhGyp3M69WnI/1so2MPQQwJ/Yx0u3y6K8oK1Y21:mGyB9Wn61spMPQQwJYxx3y6KNo
MD5:	4C00CD480EC63B1B93974FF2210112C4
SHA1:	390F6029ABD74D4927C3CA5689F932DAB7AF2ADE
SHA-256:	170AE218CBEC9E635A13D6FC94AAF2E3D5005DFC12329983DACB8E9F9D242F83
SHA-512:	B0756330804263B05BF4B368190F3A936E6AC8D15FBBDE1E28761DBBD738BB75C4A5005DCA8F10FBAA96150D4F98E08C871584E49DD47ED982A62286EA81D0D2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......H.....X.C.....PLTE.....q.(...c..i..l&.p!.j+.q<"s0.{.:.$.w.=..7...$.v4 n.,.6..'.{..E$tD .O&w(.x[)uB!.=..,.zV&.K#.+!.M!.\#.\%.R#.`(.d{1!}e,sp.vX$.l,~R".f'...sb%.i)./ }. .;$s._.4 ..f.....(..&.z4.!sE's.w..$..'..%..).......T'pe-.S)rC!.q'.f(.C/.!.V1.W)...pO:.x3.j7...pK;...r[L.m/sU:...dt4....Q/....~}.nc.xt..~...x. s..ftp.?/.to.F0...c.....i..q......~}....I0......N/............o)........g.....s.....l...F=f.....eR/.....x...E1.iM....&...n.....}..v..qs(.X-.dO...a..i`Q......T..j..............{e+....#.."......^.......7..$.\-.....9.......a,.!..!..!........ .....%........<.w(..$..$....mK.~&..?.......'..4.....>.......,..2....{'........A.}C...rI....yE..........y'.uG.................N:~......;.]Vx..I..g....G..........V.Q5.......l..:......\@.pj.\|v.......hE...........otRNS......'.7\H......I.\ .q..1.qq?..+......T......m..Nph.h.pppo.{o....np.m...........=.L.%...=....n.........2...,IDATx..KO.Q.....^.....7.........`0t...)m..z.E.r......x..G..E./D

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_caption.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 752 x 44, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1132
Entropy (8bit):	5.892126415464937
Encrypted:	false
SSDEEP:	24:t1hfvWwjx82lY2T3JVDHYQZyJ3VDqqQr8GywkhKvcuUrl3FTllGcuUrl3gn:TANn2NRHl4J3R2r8Ovcum3Fp4cum3Q
MD5:	21E5AA12BDC74EA08FC0910BDC37319E
SHA1:	668BFD46284DB95CE63C31BC4B1E6CE14A2E2BB8
SHA-256:	6B9A5B715E7D946877E75110D8B60C8124C62C5B9FA4A1E3575ED1ACB237B8BD
SHA-512:	461B00681E13923D3EC18CE0F02BA3DB5170131B3B1A6DD1598589F84BD8161D51532BE3487551017137CE83DD108AF63ABAEB464102AF764C161BB66E20FBB6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......,............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:702A28E15D8C11E883E9D9A3C2737C84" xmpMM:DocumentID="xmp.did:702A28E25D8C11E883E9D9A3C2737C84"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:702A28DF5D8C11E883E9D9A3C2737C84" stRef:documentID="xmp.did:702A28E05D8C11E883E9D9A3C2737C84"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..?.....IDATx...A.....0...C.!i%.NR....#....x............<..`............0...`.........x..0.........<...x...........

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_close.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 93 x 27, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1183
Entropy (8bit):	6.618626187513041
Encrypted:	false
SSDEEP:	24:Aw1hfvWwjx82lY2T3JVMMyJ3VHvGKdSIVEGQ8PRHQNp:AOANn2N+J3N9VHQ8BQf
MD5:	E851E3C55F84F8643980AFEAAF05798F
SHA1:	D06A5234893B76E0174DCD005EF6B629844B341A
SHA-256:	942D7532058B531AEFB9E0E3BC50C3E0AB836404BACA217244E17E135AF91033
SHA-512:	42BDE78FFD2A438F14FE6F4015AF333D84B17581DCEE9C6B1147E93881240DB56A7AAD4516B9F3F6672BE3384C7B324FD0AD18D2E174AB2B8AF52F97D79100D2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...]..........p......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:89AF804F6D4611E89103E0990C88309B" xmpMM:DocumentID="xmp.did:89AF80506D4611E89103E0990C88309B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:89AF804D6D4611E89103E0990C88309B" stRef:documentID="xmp.did:89AF804E6D4611E89103E0990C88309B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..v....IDATx..._..@....^.Kg....Kx..;..=O$.....:........i..S......:......8........A'..N@.wt...l..s.....2..e.oE..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_close_ad.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 132 x 12, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1770
Entropy (8bit):	7.3009152918418305
Encrypted:	false
SSDEEP:	48:lANn2NUKoXJ3yk9b8vL4W2X89BhQ5l599o3ls6fQ6yacc:G2Qb8jt2MFsp9onQ63
MD5:	E2B79F679608BA0E899657D14D19214B
SHA1:	B3765BE645E043C25D942D5CE4458B7A6CBC2F88
SHA-256:	196911B028CE71BB8DCF0DDDF7F105BE8ECB40667F783C0FA827F9819104DD4D
SHA-512:	193EF5B2E6A4CD5CCBA2C5A8E57E6F51DA3E19C5EB332023C9EC2DF5D25BC5F852E3C55093FBEDA78350F95936FB72D29430EC3A939389DD416197A15D4D0415
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:B6F0B6EE5CEC11E8AA0E9ABAA3514C23" xmpMM:DocumentID="xmp.did:B6F0B6EF5CEC11E8AA0E9ABAA3514C23"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B6F0B6EC5CEC11E8AA0E9ABAA3514C23" stRef:documentID="xmp.did:B6F0B6ED5CEC11E8AA0E9ABAA3514C23"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.cJ....ZIDATx..X1kbA.^....t.I)Dr..6...*}.?.@.....xB...'....)N<..F;...n.f.....[-......]....YS..9!.Xk...\..=X....\

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_close_white_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 36 x 12, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1101
Entropy (8bit):	6.421429549511757
Encrypted:	false
SSDEEP:	24:TM1h4SHWwh82lYSgKRVCVjVSCV4T3XyJ3VZ1GnjIG7B8A5J1TdSy:TyKS2vnkVCNIC2eJ3lAjIy8QAy
MD5:	115EF999D91EE7FA06C2AFD85534B3A2
SHA1:	0119B304A7FEC38246107CC213F45C0F5A025D1D
SHA-256:	21728E69DF2E294C9F496024EF1B8C7AC7B6B64FEA0811E4883DA43B04BF9DF0
SHA-512:	195244DD02A292FDAEFE21C9FFC42DC95C32BA67F24B3F325244ABC1DA47281557AFF68A34B52B878A30D18FFB73B0B4BA8640ECB96EAC8EB106044CC015AD63
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...$.................tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:B869C964574F11E88208822424BE03F8" xmpMM:InstanceID="xmp.iid:B869C963574F11E88208822424BE03F8" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9D0E15AC574E11E89790B5444D6B3E9B" stRef:documentID="xmp.did:9D0E15AD574E11E89790B5444D6B3E9B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....0..... S].y..I..2..:.0../9..Nc.?...V.b.Z.....w..V....mS[Q....Zk..&..c.>....f..\...3...A(.d(.d(..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_load_crash.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 61 x 57, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2053
Entropy (8bit):	7.427184529148957
Encrypted:	false
SSDEEP:	48:nyANn2N4J37uxu4QV0Ac6rs727Hf1AknDFwMOw:T2cuo4QVxc68WH6knDFwrw
MD5:	0DD1E5F9DD4012E886005CB780B3FFD7
SHA1:	729F7B5485C853BD160777FE9168EA7CDC416648
SHA-256:	88C700A9ABC87D37D61C11232632C32967C70C6871195E07FED7820D598AC11B
SHA-512:	ABA9EF27322D5EB8AC1B65203F715A835F530EAC7892DF74F3D3B925F6597374CF8BDC21427A0596B5F813EEBB2F209171610D9FD1A219B75B59CEBFC2B5DDB8
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...=...9.......#.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:1BF61557573A11E8B0B09536B00D0DA4" xmpMM:DocumentID="xmp.did:1BF61558573A11E8B0B09536B00D0DA4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1BF61555573A11E8B0B09536B00D0DA4" stRef:documentID="xmp.did:1BF61556573A11E8B0B09536B00D0DA4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.-.....uIDATx..Z_HSQ..6.6iV...tZ ..."....QO............T&=E .KE.>....&a. ..f.".E....}.......u.......=....}.;.>]k

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_load_failed.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 58 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2553
Entropy (8bit):	7.610157388322318
Encrypted:	false
SSDEEP:	48:AANn2Nhs7tJ3hygTDv8X4q/7zOmqsxFy2x0PeQq6ldQ/ltFU/R0ftY2:Z2Ts5yqDErumD0BQ+p0h
MD5:	F5D6ADB3838CDBFE270FC1679E5F9C29
SHA1:	B757B0744A8E030D5E42FD8C71A80C9C2B9A3710
SHA-256:	440A27029CA14061921200F9BC2BD345F2758597040DA44B05D72DCF95772C38
SHA-512:	02B7A25324C9BA3324FA3E9A26A14D4A28B3BCF34CE091AC3E9FA8C37182BC128438C25695E999E0A7F223A9746110CFF217DED13BA3BACFE19F2AC477D5487D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...:.........y.......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:0F9EB3AA573A11E8A09D9B112E4F45EE" xmpMM:DocumentID="xmp.did:0F9EB3AB573A11E8A09D9B112E4F45EE"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0F9EB3A8573A11E8A09D9B112E4F45EE" stRef:documentID="xmp.did:0F9EB3A9573A11E8A09D9B112E4F45EE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.t...iIDATx...l.U..g....B.Ei.Z...ZT.lEDP..K...4...D4j..4.hQ"..n.AC...m...-U\|.PBy.(...[k..'.......'...y..?..s

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_load_refresh.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 270 x 31, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3611
Entropy (8bit):	7.75836250160765
Encrypted:	false
SSDEEP:	96:tx2Eg6a8sbP8wCQy1Dm/zQ9OspdQZY/c7arC:Dsb0wq1DmyrV0urC
MD5:	2F35A4C5655C19D469BED25DDCF48FE4
SHA1:	21162D7BBAA72CF9F8DDF92E5B50AA24AD518670
SHA-256:	F3D4C319BA7D9E239BDB902D18D8BF271B39F3EF32B94CB93D8963594C1852D8
SHA-512:	615BC2E40485F37CB369A7FF6E0CC46D153EB127BB08176BD82AF4D32CD0E88526958995C41908E7642F5CA989CF9470DEBEB4A84A6C147CEC61742D7D8F5467
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............L#/....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:627472FF573C11E89B36FA82310F95C5" xmpMM:DocumentID="xmp.did:62747300573C11E89B36FA82310F95C5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:627472FD573C11E89B36FA82310F95C5" stRef:documentID="xmp.did:627472FE573C11E89B36FA82310F95C5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>u.......IDATx..gh.[..w...n.....{E, ...........`ET,......{..+b....c.>..a2..s..?.o.08g.Y...*{.Q.-.SJ..}.Q.~ ....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_load_start.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 2176 x 68, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26223
Entropy (8bit):	7.933021820774049
Encrypted:	false
SSDEEP:	768:YsAYpB4CXSw4nv1XbH5bWqiubCVxUwM6CXXNtstuyp87mjE5hCd4CKJCaCCHCCb/:Y/G6Su3vtstp++A
MD5:	0D4FDBD1E4739D2775AC4E4BED8B69FC
SHA1:	ED2C430020646AE06E5664EBA08ABC718FB67059
SHA-256:	2568F12B2C2F97EF841C8FE8F26F4AA9E431DDB1B2DF3C3864026E09501877E3
SHA-512:	109FE144877998635AB6F5995DFAC362DB49ECA3DF65DD42E1FF850AE2D4A16B78A3A5DBF2C64A5E23A0EA485D0A2C093DA0412E2C38F07A4A4AED4DCC2B48F2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......D.......,..f6IDATx..u.U..o..Q:$d(.D.)A.P...pIJK...b.....4... .".%%.RR......f......3_.~O....u.y...{.7.~.ZSP0...vK_O2.3...h$..l.\|.x.....(4...4+...\t,.@.#i~.3.w.t....0..E...HZ....Qt,.......c..$-.`f...K' i..3...X.F.(`...&3.Xd<E..X3}.S.....k..".)........6N_/.=4.....\|3{..x...y..\3{..h.'..4;../..O.H...>}=..^(2...4....d3{..x.&.}..'.u...E....S..".)..G....z\|..n.z..=P`8.#i.`...Wfvw...M....q...@.._...p$}..%}=..+2......W.z..]Ud<E#...>...fvy.........C..LQ..%..T. ...E.S4.q.~.S.?=.......O.y...~...jf...O.H..8:}...-2...t pX...3;..x.F...C.....a....H.......f...).I.?..]`8.#.7....o.l.".)..c.I...6K...67..b.....o.I.......... ..K_.b..7Pf.....zL.....&...bf...UqH....,.&...df...Uq....e...../M1...<.,..z<.,.&..X...........^XP."i&\|../Mz..?^-...H..9..q=..$$in.a`.4.e`I3.OqQ.G.#i.~..&.../....H.y.a`.4.m\|..K.....{.r=.3.G...8......X._..IZ.....&M...)...H.[...b...$........R\T.!iM...\....OE.4j.YZ..UN..Vbr...\...H....Q.....~:.L.V.t..m%.jlj1...).p..%.A....8 M.K.h.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_mask.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 752 x 537, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3254
Entropy (8bit):	4.738513842846614
Encrypted:	false
SSDEEP:	96:C2w4J6RuGBuGBuGBuouGBuGBuGBuouGBuGBuGBuouGBuGBuGBuouGBuGBuGBuout:+uGBuGBuGBuouGBuGBuGBuouGBuGBuGi
MD5:	970ACAB39B6F629CE3387589939DE888
SHA1:	27A2E8042877F5CDAA72A38B2F063D62BC2E095B
SHA-256:	2FFE37395E7CECF0BB96BD0BBE689D7BC043E7F888DED19313B4D4DB6056EAFB
SHA-512:	D7086911E13BB350A2BB8ACDB05416DDE1138B5C90B0F933884663C0C54A425C7B62B5968D2B86475D9D484D542ACC8BB8AAA05E78C4B7C50524612DE88A6A2F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................0....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:E57E40E25F0111E88D8CF71441EB162F" xmpMM:DocumentID="xmp.did:E57E40E35F0111E88D8CF71441EB162F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E57E40E05F0111E88D8CF71441EB162F" stRef:documentID="xmp.did:E57E40E15F0111E88D8CF71441EB162F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Q.N...&IDATx...1........HG..I+.$..........<..`............0...`.........x..0.........<...x............<..`.......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_menu_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 211 x 54, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1690
Entropy (8bit):	7.126216474515973
Encrypted:	false
SSDEEP:	24:P1h4SHWwh82lYSKwHaNdVUT3XyJ3VPBTfG6CDa205H1NJWYpjDBlJI2hh5jUbmiN:dKS2vnLyMmeJ3zWlSH0YPJ5jUb/7
MD5:	CAA96AF2DCD72F99E50261EB4E17F41D
SHA1:	E15DDC8CF911A39F9A9C2B0E8445C296DB03AC6E
SHA-256:	15D4E0569976166B823383EBD6AB65D79EF3BDB696819DCD9568B6DB0E038CFE
SHA-512:	13A709E5FADC82CC1CAD481E8E2BF382A60C1E68C837CDD81AE419AFEBCAE051668762452075C2750518931ECF4A8714F795AF591CBCCB45E2B0F0A3BC433EEA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......6.....].......tEXtSoftware.Adobe ImageReadyq.e<...eiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420" xmpMM:DocumentID="xmp.did:F40D6689597A11E89FCB9B7A7B32E192" xmpMM:InstanceID="xmp.iid:F40D6688597A11E89FCB9B7A7B32E192" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:678ECC1A571F11E8B82A949DB97FD7F0" stRef:documentID="xmp.did:678ECC1B571F11E8B82A949DB97FD7F0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx...1n.@....{.m.&.......h....7.......P

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_menu_checked.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 42 x 11, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1191
Entropy (8bit):	6.610569041855609
Encrypted:	false
SSDEEP:	24:Fsa1h4SHWwh82lYSgf00VqsT3XyJ3VlhP/GAarJKR+BuAy9H10e:FrKS2vn/HoseJ3NG1KIyHh
MD5:	4FFF5A506C3E8FE09B8F4CA89109E7BB
SHA1:	B37A3FF892F6CC728943244FE97BFCDF596F1EF0
SHA-256:	EF3307EEB5095D7902D5E80A5CB906BA13AC00320E69023A7CBD799AB30B76E4
SHA-512:	646AAB42D3B02545004E54EF996697D528BF0A85049240658AEB9C4A2BFFB4BDFAD568565CD66468F9106505681F25C5481A10A3708C48714210EFA0BC5E4CDC
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...*..........3......tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:058BBB2A597E11E89CBCB6F1EE846102" xmpMM:InstanceID="xmp.iid:058BBB29597E11E89CBCB6F1EE846102" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:01AAFCCB597C11E8B870F873FC607641" stRef:documentID="xmp.did:01AAFCCC597C11E8B870F873FC607641"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..6....IDATx..?k.@..qE.8.......][''....twk\....Z.y....H.,...r.]{..c.{...........l....<.m5.CX....{... ?.#....l.f/.t.U.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_menu_shortcut.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 54 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1309
Entropy (8bit):	6.823817784191604
Encrypted:	false
SSDEEP:	24:T1h4SHWwjx82lY2T3/VJLKCTyJ3V7yKsUGqd0iaWUA8b/T96BxQTb:ZKS2Nn2D4J3zDd0MZ8braWTb
MD5:	350191B678BDA7E6ACABEC04B39AEBCD
SHA1:	0A3254B7374225EED559463F0D41C9ACC7DDA58F
SHA-256:	6AAD76488980190C6B606276BD5C1647E48E72CA0E1700087EAD8326A9958960
SHA-512:	0C3BBC06133CC85B6E99669B21B058DEDCDE7DC58E9A56C6CD1D99740C933B8A809F2BB5B2FFD3BC742AF7022C983279221055F82A05211885765003FFB64112
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6..........x-.....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:B41B109E5D9C11E8900AB96E3FA3B47E" xmpMM:DocumentID="xmp.did:B41B109F5D9C11E8900AB96E3FA3B47E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B41B109C5D9C11E8900AB96E3FA3B47E" stRef:documentID="xmp.did:B41B109D5D9C11E8900AB96E3FA3B47E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.p!.....IDATx...J.@..7q.O.. .....#$.W}..}..)x..x......>.6i.6.BX.t&.........7;..i.e..DQ.f.#Ab{x..N........@3.>Ssh......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_menu_splitline.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 197 x 1, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	928
Entropy (8bit):	5.83706042128012
Encrypted:	false
SSDEEP:	12:6v/7QXT1TbpO1SsbT2cDPilYwlfxD82lY2E23IDJKVLfm7L8G0LyJiKVLfaL80be:D1h4SHWwjx82lY2T3/Va74yJ3VWjG7/
MD5:	63BF55F3DB535F01487046A284E2F64A
SHA1:	BE4F3E70D14EF4F6D2623CF819E45A3A186B0B76
SHA-256:	DBCC75E33EE35B5A057658DFE9F3FD44BAF70497D0DA811BD8D7E2A5E2FEC411
SHA-512:	D3EC5E7B0D5028FE64DBCBA574B812D0C28781DF636E4338C14BD669FA51ED161BCE37EECE2336A5242E3AC4D1865F5E1CBB47074DF38B573052CD4FE1AA04E4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............#......tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:425526A15D9A11E88C9099C9E3F5D7B0" xmpMM:DocumentID="xmp.did:425526A25D9A11E88C9099C9E3F5D7B0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4255269F5D9A11E88C9099C9E3F5D7B0" stRef:documentID="xmp.did:425526A05D9A11E88C9099C9E3F5D7B0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...@....IDATx.b\|..1.(..T.....&x....a.....IEND.B`.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_mini.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 81 x 27, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1020
Entropy (8bit):	6.136413802759745
Encrypted:	false
SSDEEP:	24:RZ1hfvWwjx82lY2T3JVPCrMyJ3V1XNVGsrfPgcid:ZANn2NoJ3jdi
MD5:	F036E1C09816F2A90AF51628B467F2FD
SHA1:	70045F7807FB70D94AB82C3ECD46E840691C554B
SHA-256:	41E8903121E1B6841C48EB6C7212416045D45FE0C55215C6F4767AF4A6AFC00A
SHA-512:	EBAAD15B69E27B94A9F70CB588867D62186E67EFE94B3083E1FCFC6BAD68524D9D85D0096B0423040E243413AA7B4350735BC03FBA0BAB6929370324DAB6BA6A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...Q..........Lc<....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:5D7C1BAC6D4811E8A557B7D8C2767591" xmpMM:DocumentID="xmp.did:5D7C1BAD6D4811E8A557B7D8C2767591"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5D7C1BAA6D4811E8A557B7D8C2767591" stRef:documentID="xmp.did:5D7C1BAB6D4811E8A557B7D8C2767591"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......lIDATx......0.@.F..1t....8F\.R.....H9D......p.S.hk.... B..Q.!B.q.....8O...&v..'qa...;... B..Q.!B.(..{...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_msgbox_close.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 78 x 25, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1145
Entropy (8bit):	6.531086738343119
Encrypted:	false
SSDEEP:	24:T1hfvWwjx82lY2T3JVg/4OayJ3VOBzQfGyzJrJFC/t:ZANn2Nq/zhJ3oSfhzJng
MD5:	69C1C100F50F127BC3BC518B8C2B1F29
SHA1:	5227F6D3435FDBA363A66854251CAB4322DB7777
SHA-256:	64C84DA4EBE2FC4FB077B8D80AE45DC8D17D5DC194D6FD2D365F1346B5A2D66F
SHA-512:	224060968531D32F1C1570A2F8940ECBCB88518F6FE152C09E67DF8DB999018EAF224458C9FDB2E76D1F953271E939C800D661547E4401DC66ABA5EEA7B95568
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...N..........!.R....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:D9F27E8D68B511E8AFD395A13C280589" xmpMM:DocumentID="xmp.did:D9F27E8E68B511E8AFD395A13C280589"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D9F27E8B68B511E8AFD395A13C280589" stRef:documentID="xmp.did:D9F27E8C68B511E8AFD395A13C280589"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>n..q....IDATx...A..!..P.kx...O.5..H...BC...........i.E$....s.'.r%.p.#.........7...7.....+...>..[........4B.g._.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_progress_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 295 x 9, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1069
Entropy (8bit):	6.260937674332916
Encrypted:	false
SSDEEP:	24:JL1hiyWwjx82lY2T37VcNqlFGUFyJ3VtgmUqGcrOty1o+NJ:vuNn2veNoGHJ3latyrNJ
MD5:	0D6A7D1206F2EFE7BE8ED67AE102FE66
SHA1:	50B88BD4B26FE18C4D6CF7762EA3BC1DE3506FDF
SHA-256:	EB5D95ADF8AFA72B7658C31474EAD3C2001597A1FA7078C52F5F01F5A0CBE8A9
SHA-512:	AC30F1A79B03773133FBDBCA28506B4D12A1F63D63B7601CB24D4B4AC5A98DB4CDD369F205996B1330E9AFBF0FB92FF9333CD86E412663A0B1F88D63D5418379
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...'.........p......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:E1725406A44211E8A70EBA411CD4627E" xmpMM:DocumentID="xmp.did:E1725407A44211E8A70EBA411CD4627E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E1725404A44211E8A70EBA411CD4627E" stRef:documentID="xmp.did:E1725405A44211E8A70EBA411CD4627E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Xc.r....IDATx......P.E.k..1..~.!5..%..`.)A.M....5.Y..Op;..Z.R.....n...o.&.7.R)N.^.Z.m....r..H....=...S.."yz....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_progress_frg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 10 x 9, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1035
Entropy (8bit):	6.190862730284504
Encrypted:	false
SSDEEP:	24:3I1hiyWwjx82lY2T37VBNNauyJ3VeErGrGcSc:WuNn2vbsJ3VrQP
MD5:	B2AB3A00A986E005EE285C19A9CF39B7
SHA1:	43D1C05E1E2E5C16543999F8AD18F0450CF35914
SHA-256:	F3D0B5E2359886624610EEEE33294AC95076BA47BD2E00862A88856CB0F55EDC
SHA-512:	161C76714B5D7A1617680E8B2FE1C100A32A25A4A96EE05499F3661D65DC19A15F4BDD0B24B63A8C537F40176BDB2F985C362CEDF0F5E9BEFA820E9447899E70
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:C3108E9AA4E611E89113D474C48951A7" xmpMM:DocumentID="xmp.did:C3108E9BA4E611E89113D474C48951A7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C3108E98A4E611E89113D474C48951A7" stRef:documentID="xmp.did:C3108E99A4E611E89113D474C48951A7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>I..F...{IDATx.b...?C........@...\|.......q.X......9'.X..;....L@..."..\...:B....M........&....] ..P.1..u5.0.n.....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_remove.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 54 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1067
Entropy (8bit):	6.289820650824897
Encrypted:	false
SSDEEP:	24:T1h4SHWwh82lYSgAdVbNT3XyJ3VZY+iwGnAdJFzPLoc:ZKS2vnmTeJ3L9dJFzjB
MD5:	ACCB6476AF5EE31864C83FFE1855DD5B
SHA1:	DAEAF7CEFE4F64CAEFD685DC6F199766106E71F7
SHA-256:	E476557265903C16A31803CB721375EC96A395A2FB0717BADF4E3A53218D7805
SHA-512:	E3184EC29D428D1AB1AD541D683BC73D5FC75BB5ED8E9548B592E7602A8B631C59FE6F0C4837445ED0E53CA8B1F5BD4EECC502A52FA614782FC5E41EC037CB00
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6..........x-.....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:43162D02572511E8A980F403412BC703" xmpMM:InstanceID="xmp.iid:43162D01572511E8A980F403412BC703" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5A4E7FDC572211E89533921777EDD228" stRef:documentID="xmp.did:5A4E7FDD572211E89533921777EDD228"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>r.......IDATx.b...?.p., ",,.... V."~..5..V.Z.@Msp...{...R...9L....<&..o..?..&.y...XR\|.."T..Ac.zR.O!..3....F=6.Q..zlD

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 54 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1283
Entropy (8bit):	6.795357024903638
Encrypted:	false
SSDEEP:	24:T1h4SHWwh82lYSgJTV5yFT3XyJ3ViJXZMJVGZJJIVQr6pzxMiDkn:ZKS2vnBGeJ3kbMLYJJIGWpiion
MD5:	66A036781BF9E4F0A76390A0FFB64140
SHA1:	4EAD685D79601ACEFCE0505C96A7088A1D5AB7FB
SHA-256:	7C85FD3D37E152998BD67D3320E94834764D61F9EF9E5F504F22715B2F8988B1
SHA-512:	E0C874F1F5EE3A71306B6E5A781FC7160DD38241DFA7B025A21161FEB1FF8904A591378FE746888D1FF7472D9AE3F91D2D03E200A4A96D12B2A07D3B6EFEE042
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6..........x-.....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:444DA687572411E89A42FC9FCB26E2E8" xmpMM:InstanceID="xmp.iid:444DA686572411E89A42FC9FCB26E2E8" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F33EB25A572111E8B0F1E2B5FA992E85" stRef:documentID="xmp.did:F33EB25B572111E8B0F1E2B5FA992E85"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.L....xIDATx...K.0...S.Apu.]t..'..7...........(..."..g'.uq;uq..I.t..'..Gi..w....B....^....+..A....1..s..Q...a..E.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_check.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 128 x 16, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	1439
Entropy (8bit):	7.016617906188713
Encrypted:	false
SSDEEP:	24:Mn1hiyWwh82lYSg8qDEVp/T3LyJ3VfywC8Gf9ad19sr8n5E0RgX9524dlUOQ+Aj3:M1uvncqA7/SJ3LhVsr8n5HRgq4XUOIj3
MD5:	8B7B9E5106045B2D93920B75B1964C29
SHA1:	AA385E8606DE56A03393E5821048F032ADD22D01
SHA-256:	F07BDD6E580A2DE8C230F38F0723304ACE8684CDEF34FED58B203975B636A30C
SHA-512:	5C3B47576FDAFDA8FF66CACA4F1CF2EA61065DAA12BB2FD7A0621E86492A9CC268A1EE1DEA31D51455D83134E08F41D5BBB0A9017047B7EA315965373053077F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............Q:......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:87C746FDBB2011E89A9AE9A639B6810C" xmpMM:InstanceID="xmp.iid:87C746FCBB2011E89A9AE9A639B6810C" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E142B931A5CC11E88EB0B8338D65DBA5" stRef:documentID="xmp.did:E142B932A5CC11E88EB0B8338D65DBA5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?><w=k....IDATx....a......,..d..$....P..!.Xd@.Y(.Ef..h1(.....HF.t..;...y.{o=..{z.......}..y.l6/$j6.D.h4"..(.o.XX.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_edit.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 464 x 78, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1207
Entropy (8bit):	5.9414017159793
Encrypted:	false
SSDEEP:	24:71hiyWwjx82lY2T37V7vycqoyJ3V7Fc0rGtKla7d+:huNn2vQrJ331lSd+
MD5:	BC383D6B354E6A9BE441B6AB7B1EA818
SHA1:	10D53F280B63A5DD87E9D22ABA98932E30B2B22C
SHA-256:	14A0AA3235B2071C54B73230DA92C95504534DE4D2CE92CCAEA5F786798783A7
SHA-512:	D77E5327B232A6F6BB18740CA1D61C5AD336889FC4BE71EA26E1D4B31C389A52C1322D8B8CB3256F18FCD6FEE6905B2B92B4C9DA8F598E369069F5E4078E5002
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......N......FG.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:D30C0D2CA4EE11E8A7CDBEE83B7E210B" xmpMM:DocumentID="xmp.did:D30C0D2DA4EE11E8A7CDBEE83B7E210B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D30C0D2AA4EE11E8A7CDBEE83B7E210B" stRef:documentID="xmp.did:D30C0D2BA4EE11E8A7CDBEE83B7E210B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......'IDATx...1..0.DA.`!.C\t.."".....nq..y-......~.....f......u...................(..(..(..(..(. .. .. .. .. ....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_networkbad.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 185, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6406
Entropy (8bit):	7.673795866925904
Encrypted:	false
SSDEEP:	192:raTaekNlMOACeCcJnJtc1fL62bP+t9z/uaVU3:rNlXbeRJng1TbP+j/8
MD5:	18805E0821D79C50B4AD75CECCE05A7F
SHA1:	1B1066DDE647B2B9FA5B9AFFF27321457F6CECBA
SHA-256:	FB2971B33EA09774C5888A9EF309B4031206CB8D4CBF809734D3A1F812CA930F
SHA-512:	3AF21747A3026488AF99EC03CAB17F843AC0A79057CA6A63F8DA2229A1EFD261C276570C29ADF7307017112CDC795FC5CBB3B66760617F3B134AE165A99CD608
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............!..n....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:F8819CF7A4F111E8B65C805546E61639" xmpMM:InstanceID="xmp.iid:F8819CF6A4F111E8B65C805546E61639" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:54F34787574011E8A89DAFB618902843" stRef:documentID="xmp.did:54F34788574011E8A89DAFB618902843"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>1a.....{IDATx..m.\W..y.I.izM5.6.s......#&.\.W.EH..p)..._...U[E.....b.A.Z...Tm.\_JI>$..\..L....h....3....y&....3

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_retry_submit.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 282 x 29, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2250
Entropy (8bit):	7.476196429027254
Encrypted:	false
SSDEEP:	48:zuvnEiEYWSJ3VLEtlDDlgUm0SHyU2depe7D+/dV1:ifkekDWh0Ssdj+/j1
MD5:	3CFD093EE546DC50B5AFDEF076A0A7AB
SHA1:	D343F92C7719FE1B081F2E3265190606FF72B260
SHA-256:	32D598DDFB91DA888814827E01F616ABC8F5E7E6BA6FA9400834DC9EC6A9926A
SHA-512:	981E5062F06D901039F35586E427608DD0071CC7763E41109562C4115F1323C0A98A3A97522BF1601F0631043CF806C37BD5447F134A96003182325BAF7C61E4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............u.......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:B923D211A4E711E889A3A21FB8151A77" xmpMM:InstanceID="xmp.iid:B923D210A4E711E889A3A21FB8151A77" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4E55A172A4E111E8AB55CD616DAABD38" stRef:documentID="xmp.did:4E55A173A4E111E8AB55CD616DAABD38"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.=.%...:IDATx..;H#]....6....be..Vj!V..+e..._.\|.....Q+_...V.._...V>0.b. (.E.1....\r.d2.D.........{G..f.s..(..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_submitting.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 185, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4087
Entropy (8bit):	7.578317705967573
Encrypted:	false
SSDEEP:	96:t2JGWepVNwwohOjbUkAGyxdf+BRfJdOZg2edsihiyDr2LfOv:qG6woGWZ+BRczyWLf6
MD5:	7F1C81F7C1BFA27C4233503CDA7BE7F6
SHA1:	63B0657E6D37D2A16D4FBE96047B946496BBBEA9
SHA-256:	053696128C52E3E539604E992D301C502A97CEDAA9098B64908FA12725F040DF
SHA-512:	45DB1621DE6FB57095057E95C2EB6E2FFD2F612B517E9B00FCACE318163EFF570828867DB790154407325AF86986A8201E990CFD2F800E02A17291A01B962F1B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............!..n....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:3F6D54D0A67F11E8A1ABD70729B4619A" xmpMM:DocumentID="xmp.did:3F6D54D1A67F11E8A1ABD70729B4619A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3F6D54CEA67F11E8A1ABD70729B4619A" stRef:documentID="xmp.did:3F6D54CFA67F11E8A1ABD70729B4619A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>'..C...gIDATx...{.\U...3..m..%!$....F. !6..$...Q...h.G....4..C....P4....j F...j.Q$&...TC...e..m.;3..]N..{gf.....\|

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_report_success.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 185, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6397
Entropy (8bit):	7.749921474766906
Encrypted:	false
SSDEEP:	192:bxSHuSHPdSHsKSHCaEkP9BsZp4rPFyUUmezNrrG2zw4bTY3:t0u0Pd0h0CPmmssmeJO2w4/M
MD5:	AE40464B121852617D7D6DFF52712FBD
SHA1:	5FFB2D348AF67637C8347AA86E9BBB68CD8CBDDC
SHA-256:	B3C916F4E8129A280606956A8A74877B42433DA1F88EF4652E5090B05FFB496E
SHA-512:	A755E3DE6BB3E18BD8A5CDB3BA36CA7FDB3AF83672EDDACBB410D03843163D884975D47552019FD9A56F380B83F0745E732DBD90F57E5A2094364E5E4A999FEE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............!..n....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:3CA5EA4E574011E896FFC47070E3B159" xmpMM:DocumentID="xmp.did:3CA5EA4F574011E896FFC47070E3B159"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3CA5EA4C574011E896FFC47070E3B159" stRef:documentID="xmp.did:3CA5EA4D574011E896FFC47070E3B159"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......rIDATx.....\.}..3...].Gl.16..y.C@...&M.h..m....-.V..4%.i+.HMD....gR+UT.@..4..-E........`.1`..v.....L..z...g.3.;3

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_setting.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 81 x 27, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1237
Entropy (8bit):	6.651484174084652
Encrypted:	false
SSDEEP:	24:RZ1hfvWwjx82lY2T3JV+0yJ3Vz/OEGD0rq20ZT8W/v1:ZANn2NcJ31WEFq7ZT8W/v1
MD5:	9BF7BCE905B0D7B6FFEBC92F6F59BC1A
SHA1:	E00BF12EBAB1B1DF7C5869F52610ABE3F6521124
SHA-256:	284B62AEE9845DA99FE6D857D9B6512B2C2189629B824187428739FBAF747274
SHA-512:	9AA1B8D63572F45C3811C9E38A145D6BD8752DB42A6371B1C8E29F2BE0DFE6FD3884FB222F7E214DF392CA92EF7F4DF6E20B0C9120889352BFC43EB15C5BB12F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...Q..........Lc<....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:0110E8516D4A11E8AC8FC9762DFD5C5E" xmpMM:DocumentID="xmp.did:0110E8526D4A11E8AC8FC9762DFD5C5E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0110E84F6D4A11E8AC8FC9762DFD5C5E" stRef:documentID="xmp.did:0110E8506D4A11E8AC8FC9762DFD5C5E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>?G^u...EIDATx..?O.A......Rb+....F..t...R.=.R.M...B.......@..;.&S]<...^A.K~........\|....U..<.F..E.i"M.h"M..4...Nt

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_show_day.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 54 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1182
Entropy (8bit):	6.588332051612375
Encrypted:	false
SSDEEP:	24:T1h4SHWwh82lYSgh9djVZd4T3XyJ3VEkgT6kqG4HMjAosKWzgTzAuEci:ZKS2vnZjZ4eJ39OFqpHif4ETzAuXi
MD5:	B9D8122ABE6FFCD08368C8CA303D6A38
SHA1:	BA7EB79CD6AFB158272155F02B952FE367D42916
SHA-256:	545F52B68C9914791EC12D86E04C6A3F1BE3CA6F56E5D8C82AC95B6BEB61D002
SHA-512:	0A78BFE0F0A6C2675E20D750ECB6C0C7DDD3EA659DA53F7DD44728FA36B6702C912863657B2139BA9FEE69DA1D06076C02FA7EB9AB5B160127578C1412590691
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6..........x-.....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:73BF1EDE572411E886B1BF2F84F5488D" xmpMM:InstanceID="xmp.iid:73BF1EDD572411E886B1BF2F84F5488D" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C634272572011E89379AE9D5B0CC531" stRef:documentID="xmp.did:8C634273572011E89379AE9D5B0CC531"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.tSy....IDATx.....@..W[<t..g(......z...:...C.D=.'!*....$4]Yd..o...pf]V-.uEJ......m..yF<6h..\@........i.O.V..f....NT.E

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_show_forever.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 54 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1370
Entropy (8bit):	6.933099382934738
Encrypted:	false
SSDEEP:	24:T1h4SHWwh82lYSgCSSVr9mStT3XyJ3Veo8vxUymGkmqktv3Ul5wJkLBO:ZKS2vni3tY0eJ3VmNmOB5JkLBO
MD5:	BCF94EA203100C99744D4365B84F07C4
SHA1:	FF38EF076184D3880054D75A5D24DC0501E924F3
SHA-256:	8B43715B6C149C1AACDCFCC9DAAEA30503E79209C1034BA057507382F153AFAC
SHA-512:	CC8340B3C05C9C374B2950FFA95AEAFF16F084A48B32B3CC8DB9ABCDCD08CF41FB83A43474712BFF4D59AB9FA2A93DE5BE4E805C1CF21CE7D56377A507503CB2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6..........x-.....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:267131FE572311E8ABADDACE41510F64" xmpMM:InstanceID="xmp.iid:267131FD572311E8ABADDACE41510F64" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9B4DA8E5572111E89D87BD888190B779" stRef:documentID="xmp.did:9B4DA8E6572111E89D87BD888190B779"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.5(....IDATx..=K.P..M..~...\,...".VA.v2.Q.Q. (..A....!....U.G.'...:....Q(.=..bH......B..i......h.ic`....=.+`..3....i

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_show_week.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 54 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1231
Entropy (8bit):	6.701647346762561
Encrypted:	false
SSDEEP:	24:T1h4SHWwh82lYSgcnV2zET3XyJ3VR7xJGZ66FNKIoYNzrfbi6sqlN:ZKS2vnMheJ3TqDKIVNzrD3N
MD5:	19F31A2B4F9855447406F6840F0F6BE7
SHA1:	60D6EFC0C1653BAB0A6602E798E37080CEB0BB6F
SHA-256:	5F1453EBE7209B5CB5DF76C4F6A2D21EDDC92515BDE8F75CE95310AB61C7D884
SHA-512:	A84E929E4CB7AD6C512CAA51C96FA43FA50DB21CB3A13B1C4322EE93CCA61C9FF894781D499E6BA0B0D095918939D43107116B92B736B3F087B6EC90F9FC40C7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6..........x-.....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A465F438572211E880E8B53348AC6890" xmpMM:InstanceID="xmp.iid:A465F437572211E880E8B53348AC6890" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:36504867572111E88598CA3C60DE46F0" stRef:documentID="xmp.did:36504868572111E88598CA3C60DE46F0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>u.9v...DIDATx...j.0...X..K/...0v..!.kA......[8/.A.7..V.....%m.v.a...`~z..C..0d.I.].q..Q...O..}.8.{...,.7..C.i.....>8.5

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_tab_mark.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 40 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15185
Entropy (8bit):	1.8011240236366068
Encrypted:	false
SSDEEP:	48:d/6uMh8k29WJsEvJLZJFlQGm3fVueJbBLbXWxN+Y97sc5Nl7l7FyEGVF3H:dSN8kEWmsLXxMt1GxNX7sc5bhFTGf3H
MD5:	A5E461603F40A93891DEAFB975E1E024
SHA1:	AF8AB0C62F47D83E0A995FF4E0131D3C6BE5B5EB
SHA-256:	9F3EDD9379D70EA95FEB538EB99FF6262896A83CD38B25C98C26F52541363C13
SHA-512:	D195930BA0CE780CE7849AFB998C00F54B3E0E2D63A60C34BFC4979CF1B3E197E2F131A4698B9651578EFAFF7210C9EDEE5A6D79760DF35D5F5CC7D3756B1792
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...(................pHYs...............9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2017 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2018-05-14T10:56:35+08:00</xmp:CreateDate>. <

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_tab_mark2.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 40 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1200
Entropy (8bit):	6.570021190876103
Encrypted:	false
SSDEEP:	24:TG1hfvWwjx82lY2T3JVY9Ba5KuyJ3VYXd50uEGvNqGjXRkJVEUJ:oANn2Na4yJ3ajqCXRYpJ
MD5:	51EB1813F0979CB1FD691D165C1AC336
SHA1:	C598102250E08F6B012666E86D364B8BA71C8576
SHA-256:	9468948C7ECA3C4DC97E929BCDD227E41130240AA94268AD66387FD6DF31E82F
SHA-512:	E3B5041502374439BE727932C2734C1A600A963534472FF25BDB4AC2C3B76FCBDE2FEBB2AB394420CD20844606435E9F8494EBBEC9A85283649A309BFB079BF2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...(................tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:A558F66C692F11E891B1F9E46686FEFC" xmpMM:DocumentID="xmp.did:A558F66D692F11E891B1F9E46686FEFC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A558F66A692F11E891B1F9E46686FEFC" stRef:documentID="xmp.did:A558F66B692F11E891B1F9E46686FEFC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>2. .... IDATx.b...?..........Y.b.......b.a.@....@......O.....%.B...r...s....O....-....@.9A.#.H.=!<.c...ACN..9*.Z.B.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\news_toast_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 34 x 28, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1004
Entropy (8bit):	6.09485578734553
Encrypted:	false
SSDEEP:	24:l1hiyWwjx82lY2T37VUADJyJ3VUrD4vGh3gk:LuNn2vYJ3De
MD5:	0F9B3A3307478CA376B485D7DA1C3427
SHA1:	2C2342B27120613073892CCECD1156D144C29AF8
SHA-256:	B9D59B7DEF2CDEFA6575E40BA8BA6F21FF7FFF714259305A848E6ACF6164328F
SHA-512:	C1D65EFAF3D9BEB4AF781F57E0843297584EAB77BA13E6223B66DFB1A4D1D3C8AFC98E0031752BFBF42F610F8232CB85C9773D52783D6975E2B6CE1765B1C1B1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..."..........7m.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:93C1C217A9D111E89987E78E7350B188" xmpMM:DocumentID="xmp.did:93C1C218A9D111E89987E78E7350B188"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93C1C215A9D111E89987E78E7350B188" stRef:documentID="xmp.did:93C1C216A9D111E89987E78E7350B188"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......\IDATx.....@..A...}..4ECt...].......:.&iu...Y....D.....FW....... @.....(...w...I.......g.....a....IEND

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\common\title_mask.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 752 x 44, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9021
Entropy (8bit):	7.937154921541812
Encrypted:	false
SSDEEP:	192:vMiyOcZlEZ26l/WuISCtduVkFoUoRXRk9CYU:kimZlpQ/H0myABH
MD5:	537D63F82523BDA938D45CF81A02FE7C
SHA1:	D24A62CC90584EFE9412A6D828D21944B82AB8D8
SHA-256:	4A343A26BA41C1B1F092976A064DD86BA42579691CF156B7872E85BF7BF0BC11
SHA-512:	E8B9A82CAF8342FE48B8EB265C7362760347655356BF29C27D51802AB82397E3508EC3CAB3EAFD39ABB00F8BD06ECEB39E88DCEE6EC3A1104815BA1DAE94E88D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......,............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:0DBAE076082811E9871F88BBDD6CB727" xmpMM:DocumentID="xmp.did:0DBAE077082811E9871F88BBDD6CB727"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0DBAE074082811E9871F88BBDD6CB727" stRef:documentID="xmp.did:0DBAE075082811E9871F88BBDD6CB727"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>4r.J....IDATx....#..........XW%....k.I.. .R......(&... ~..............&.s..a...z.....U........z.L...=...\|.M.6..O

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\900_53_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 900 x 53, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	20812
Entropy (8bit):	7.9790519383887775
Encrypted:	false
SSDEEP:	384:5/xzBwWM3wVBY8Yz0ZjZdGRBxJCQmzGBmwtFyOnN5qinIoD9vIkca1RGJI:5/JM3q1RjZkRIwtFyOnrBIoDjGJI
MD5:	A50C34A4F8BE2095B1B84E46628A040E
SHA1:	A79AD8A78CDC8E769BF1213B35A85FE8A65548CF
SHA-256:	CD9F88555F55D7C094AA0F2E4226A3FD01E8DD925253FE94253AFD79F79C220E
SHA-512:	DD699DBEB0B54F051C3E4841355A1F9D9EE11FDB90127286B29C5FC5D6A774A6CDD3027B12E3A02656A54168EB5585488ADA998C420E58F87874627D5EDF9BD1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......5......R.!....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:3ADBD00B6EE311E9AB73E0CDF6100C69" xmpMM:DocumentID="xmp.did:3ADBD00C6EE311E9AB73E0CDF6100C69"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3ADBD0096EE311E9AB73E0CDF6100C69" stRef:documentID="xmp.did:3ADBD00A6EE311E9AB73E0CDF6100C69"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.x....M.IDATx..}[.$;r...=?.8....H..9.s.-j.Z.:3\.x..@<.~.ns.].......sw3......._.@...nX................3./..B..-...OC...&

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\awake_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 522 x 126, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	13476
Entropy (8bit):	7.92893206678966
Encrypted:	false
SSDEEP:	384:JoGvGOuCNcru45tLLZVIBRWPC7nJ6Ubeq:SF6945B3IBRWPq
MD5:	1B53EEEBD4255B26A08B0F695C6A1121
SHA1:	6943C8485A1B59AE8232461A19D1860F94261A7A
SHA-256:	07188A0E8EC9F6E2E73472910069016D442971C8FBED7BF6537C41200C657FFB
SHA-512:	FCC6F24A7E52CD690E3F365934E86711162E602382F86AE2B3127FA08F7FAD6A5B3555800DDE6D93BBAD28DC36F093597E1DD9DD51B5111B4BDAC30C4639DCD7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......~.....r3.....PLTE......n@..........gG.-.sD...........(.eI.dI.....#.iI.<........7.gJ..........gK.(..5.cL.!....dK.6.....'.}A.....=.....:.]I.....!.4........./...........-.YC..>....Q%.]$....0".......n,.F2....x9.....$.1".;..M....~5.?..0 .5.....&..Q9....>1.F .E..O%.X$.a#.:....K..x3.K.....Q9.......Z.....Y..Z.....u........^..k-.....6.......Z1.o#.: ....G=....;..<..i..0(.@.XJ.\=....H..S1.A..F6.E8._4.\J.9%.SF.t..w........g..u/.PB.V%./)....g..t!....5..)u.......M"....[Q....<.....k.....%f.......,%.n.....)^.+$....F8..........k....../..Hj.)..Lv....!.@S.jB..0.0..B.........%......#...._r..7.g_.D.....V.tG.@=.mC.;..NI........1.m0.%..tg..%..........Df.$.. ..@{..........0..X..'.F..l..g....%...+....*..F........".4..I....V......;.p{.T../.!...3.A..g..Z...7.O..c..]....k~.]..C..O.... ....tRNS...................... ...'.... /." ..+&$8&.,%'.,71B4.m.2.A6vc?>8=....ms..I.OM9~...X.O.I.IpfG.S.rB]YT.ii`\X.I.s....~D.n.e.....ZL.c.sujhSza.{.....w.[..\|..R.`.d.W.....`.....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\awake_title_wide.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 580 x 132, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	15422
Entropy (8bit):	7.92210632198251
Encrypted:	false
SSDEEP:	384:fb+2KZqO11t93XHLtbTtKbzxPyG/9Hua4InUHT4Iz:fi2KZqat9HrFTtraGr
MD5:	02F8AE2C56D8ADC50B2AAD2A97E985C4
SHA1:	81FCF522F7BE0D2C3D3E72E0BC151503BF5D8632
SHA-256:	DDE288D252E656F247C9A06D99686B4C962745FC38E294EBF9BEC049BD757474
SHA-512:	EA7D360868C245954025E92B9B5B946F28EABEC447F1A20D0584E56F28763E6597B328FD9C8D7AD00EDC82B88A3C18282DA8C5CBC1CD9FF36367A0B17D0D133B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...D.........FI......PLTE....6.......fG.1....iG.......fG....eI..... ..7..6.gK.cI.dK.=.}B.bK.7..... ..;..1....................,.....%.....,........?./........aL.1......./!.4.....L..,..`E....-........T$......,".Q..\|5..7.......1#.M$.?..;).>..V!.3".n).?..c/.r..:!.]$.L&.......z..l........J6.>........d.....`...2.S:.a&.......t"._L.R..Q4.X.C4.^2.SD.\M....?..U1.2.....o;.}0....n........d........ZF....d>.x..o..L9.U>.L?.>0.D9....L..\N.......k.....7$.......z+.-$....ZI.B3....K..H9.-&.?&....(a.......)#....?-....*$.-..^.."........& ....rx.o..m.....-v..=.T`....i8.......\|].......Cm....E..C].fo.oS....F........;B........O.....-..F....[t.:T..4.P~.X2. .....;.... i.\|Y.&......~................ .........-..G..).+..i....%..0..4..:.B... ..5.......\.G...$.V..X.P...1.\..K.i..n\|.e...m..C.a..f..U..Q.U%Le....tRNS..................%...,!..)....#.).#).#.32.0,5:'8..<}.>=.1@..I.Ep0D.....g.\|oTz.\|vRI.VmJ3.xm..naL..]EF.f^Y..tT...p{PLiS..a.]\..bzp...d.RcV.\|.[ksK.gB...).....9._...tr..........

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_add.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 78 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1178
Entropy (8bit):	6.593468355683075
Encrypted:	false
SSDEEP:	24:61hfvWwh82lYSgHVET3xyJ3VBHUGG6bTzKMN:YAvnnu8J330Gl7B
MD5:	46BA32F8761D0EC49DD31E5D8B9115F4
SHA1:	BDC2B757B436E506EA9EBE9BFDA39C4E97D8CF0D
SHA-256:	E2E96EDED1D149220B4EB4C02BB85CBEC0BAADDD7D5B01C63B74A5BD9CEF22C2
SHA-512:	692384569B4FFDCA621B53AA43EFC50D24F6AFEA40EDFAFD7078A5ECAF71EAA22BBFE988CA509161B6647038D25FEF70F9D85F48A0B13216304E3C1DAC5B16A5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...N.........nw......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:521EF25F67CF11E8B0C18095B8D104B2" xmpMM:InstanceID="xmp.iid:521EF25E67CF11E8B0C18095B8D104B2" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:98A6F6AC571611E8B34585AC2C5473D3" stRef:documentID="xmp.did:98A6F6AD571611E8B34585AC2C5473D3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?><......IDATx..Y;..0.u.U...%.G`..9l.....K.....W..........7.....Yu].......4..YZ..."#.>.2G^,}...!S..yE.c1`6.L...9M.S

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 1020 x 820, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	25650
Entropy (8bit):	7.589931432186478
Encrypted:	false
SSDEEP:	384:soRXYdTvRqet7eZTM+qrDRWBDQBnzSDWtaiwXjbVy6ig2xVSzTFnB:soBuvvt72TM+KVSMhzIy8nNMozTFB
MD5:	24F865684BF2CF8BA959072E808AB3DA
SHA1:	2C079C1DA91D860E7847691C96B97C1D2F247B4A
SHA-256:	9322A4F1A846260477C08534C42CB6F3059764F04CB7B5B40F32A938F96DA382
SHA-512:	5953D24228AEFD9E621270AF090E3AE9465B7B037AEC3D7FD469FF61711C5ADD03A304291D6FEBA5C16459D0A94CD5784C6F222A08A421EE7FB35A1E6545F8BA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......4.......)"....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:872d2818-f31f-8947-93f2-b44288ccfdd7" xmpMM:DocumentID="xmp.did:4CAE507994B711E88B9A8E2047E7D86B" xmpMM:InstanceID="xmp.iid:4CAE507894B711E88B9A8E2047E7D86B" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A947DB8A5F0011E89D1FC699991E6553" stRef:documentID="xmp.did:A947DB8B5F0011E89D1FC699991E6553"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.OYb..`ZIDATx......6f....8.......8./.g..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1849
Entropy (8bit):	7.323790416751482
Encrypted:	false
SSDEEP:	48:7ANn2NidUditJ3idtdyxqBgFamfkwbBcd:c2kdUdndtdyozE6d
MD5:	F9E08C21ED822069741B1FF9FAFED26F
SHA1:	A9A6CCD6AED3BCE8DFDC722737EBD41099A67108
SHA-256:	C67017EBCA2AD014204FD081EA5E2DA2E53C65E378BF594668723759957D8AF7
SHA-512:	21320AD72FAFD0A17A60C46024D5FA1E22C521C3E1D475AF12C3A8E9F0A968E62BC7C315770BDDBF292C4B2B12E5D0214768F316E559EEC0492530AD31DF34FB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............;0......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:8868DA8354F911E88E33D2EBF06DF790" xmpMM:DocumentID="xmp.did:8868DA8454F911E88E33D2EBF06DF790"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8868DA8154F911E88E33D2EBF06DF790" stRef:documentID="xmp.did:8868DA8254F911E88E33D2EBF06DF790"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...a....IDATx.WKLSA.=......"..4(..P.%...t.......Md.*...n.......K.$...0..@......x......x..4.;s...9/.....h

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_menu_bar.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 591 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1246
Entropy (8bit):	6.306430427178882
Encrypted:	false
SSDEEP:	24:1r1h4SHWwh82lYSKwHaNeQ9s/kVhQOs/bT3XyJ3VHHoHa98GhVj7xB4Il3l3l3lw:3KS2vnLy0m8IBDeJ3lHKfGT2IppppBS
MD5:	8F47785EB6496F1ACFCB867E80D8C565
SHA1:	9958970D58C29FE51F03DAD9A2A8960B96A43EE4
SHA-256:	61BAA3A74B0A51C8FB98F21E9E46CC0E3D10F8ACB05E10193DDFC4A394D86547
SHA-512:	13EC53314327B610901C0BB399E0DCB64F1F728B9354C633F2D137D6879DEF321EBC257E847024BB19C89EB6E0F47F29049B2700FC55FD31703E52C7BCF8A71A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...O...(............tEXtSoftware.Adobe ImageReadyq.e<...iiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420" xmpMM:DocumentID="xmp.did:C0F91751597A11E8BABBC7CC89BBA6B8" xmpMM:InstanceID="xmp.iid:C0F91750597A11E8BABBC7CC89BBA6B8" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9a34a591-c83b-a442-830e-c87b757c67e7" stRef:documentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>./7.....IDATx......@.........-...".4....D/.W.{

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_nopop_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29754
Entropy (8bit):	7.955174871117623
Encrypted:	false
SSDEEP:	768:Nfc7tLrWTmoN3QHZcGOdUpnIHNXxxExPu2gpK:Nfc5yCZjoSIHNExPp3
MD5:	BB4581394849673B42E08FEB711960E4
SHA1:	D295A912CFAFDE2BD5B050EB17386425328CF70D
SHA-256:	CE367119D320DCA94474EBBD3E27DB256378A0AEA8614217EF2E8CA778071DD1
SHA-512:	B59D000E779CF89C8CBF8327CCC35A1672813B9F3001F2C8CAAA27C5A3ACEF1674C2A4091E6A245B7BFEEE609BEF0B94DB266C38A74D196A4678422CFE750688
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:E9B03408573C11E89EADC60D1CC46470" xmpMM:DocumentID="xmp.did:E9B03409573C11E89EADC60D1CC46470"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E9B03406573C11E89EADC60D1CC46470" stRef:documentID="xmp.did:E9B03407573C11E89EADC60D1CC46470"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>G).[..p.IDATx....$Wu.\|nUu..3.y.+i.....!. $.m........X........7.y.......~....drP.....J.$.jW..<.......s.oWW......53..+

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_report_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 536 x 373, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	43085
Entropy (8bit):	7.941208685601904
Encrypted:	false
SSDEEP:	768:7+Xj9QBElXnJak5N1BOz0YvRHlXCn8aT0xcTVS1AjmJcUXKpb9dRNst+IMnlpR0m:KXj9Q2JnVzHmHprpxx6cQZOwIMR0euqR
MD5:	F5E18865453146ABC31743D783F81210
SHA1:	6DB597EDBAEC4470F655F0F7F7B7E0EF06E1399C
SHA-256:	93F8E61B7FAAF2C2222459555B747080C2C094CBB8D7838709DEB9A246C2E7E0
SHA-512:	A6E37D249486AC59B8A7569C5260AD5027D14435530360E30E1866FCBC60506282863E0FDF543EA590DB70E3B90D974D6B64D492FC58814ACF37D8693A2A6A79
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......u.............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:F5456636BB2211E8B563C93FC83D70D8" xmpMM:InstanceID="xmp.iid:F5456635BB2211E8B563C93FC83D70D8" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:947B2B24A43F11E8AD1090CC9B62C0ED" stRef:documentID="xmp.did:947B2B25A43F11E8AD1090CC9B62C0ED"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.E.~....IDATx..].5.u...3{.F&.....K .....$."c....vb.bC*......\.$.\.R....l...qU..STYR...-.......rYD....;..{.Lwv..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_shortcut_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	32576
Entropy (8bit):	7.960267586368295
Encrypted:	false
SSDEEP:	768:PNEbmph4536XJMoL3nZl5x2ogu8Jimeahu/3oVuNfWOOcvC/:P8mph4po3Zfxmu8Ji/Quf3NOOOz/
MD5:	A4E103AA3A358CDFF9A6B526B5D1B55E
SHA1:	B7B9494A17C9D6CF22680F5ED4C3D4013917BAF5
SHA-256:	40AA4A1B17768270ACE71495A5E5F2478F489CDC763FDF3B32072098A32EAF79
SHA-512:	98DC8F60DBF80CD944E53A07D05D291255FF518B38E5078656A0AAEC5790B0558A06773CABC07F454E12CF5751AF813B5C1E598C5CB9E98E6544564FC450A9F9
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:D9B9DE4E573A11E8BD7BBDFEE8D34E16" xmpMM:DocumentID="xmp.did:D9B9DE4F573A11E8BD7BBDFEE8D34E16"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D9B9DE4C573A11E8BD7BBDFEE8D34E16" stRef:documentID="xmp.did:D9B9DE4D573A11E8BD7BBDFEE8D34E16"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C..{.IDATx..}..\U......%.M..N.!t.H.....=E..`..T..*(b.'".OA...A...&%....%.fwS...=....s...3;5....\|..;;s..\|...3.f.#.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_shortcut_later.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 405 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15280
Entropy (8bit):	1.8472786663792886
Encrypted:	false
SSDEEP:	48:D/6rMlYk29WJsEvurFTliMucPBLQFC6xN+Y97sc58B7Vu+Vk70hO:DSaYkEWmzWZxNX7sc5uVTVk7OO
MD5:	D6AC8165BFA52B17C38F2BC42F5C932D
SHA1:	C5A68C43417150D3CF7AFD7746454B3CC4A62A82
SHA-256:	6AC3107C6E574936A2798EE67FD702BEFC231A5AFCE1D15A695BF86B05816865
SHA-512:	E5F065577ACFAB26E69A5065C6EB94ADE80519E2F4E4E9F3D7D9385AE93EF82450B4C6D31A26E59C05381C61C22D0BB8B2C2BAF086F5113989387315466F4B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......#.....\.......pHYs...............9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>xmp.did:2BC34A87574D11E8B421AF123BD4E4C1</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:075f24ca-16a2-e64a-815d-2e7fdbfdea

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_shortcut_now.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 447 x 49, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2024
Entropy (8bit):	7.369869496366605
Encrypted:	false
SSDEEP:	48:cWKS2vnfEJeJ350OM+Yd4fRKaGN2Q/L7cAZzewxtHuP:c1SefW2MLO5cHdkwx8P
MD5:	635E5646ADA298DB92B61564E863057E
SHA1:	4160B3EDB12F9FF15391ACFD21AF43196B3FB150
SHA-256:	958FB1924CF1085416B8738D5EB904A04126C5DC8972521260CDE225DA767A60
SHA-512:	4640A4CCFC236D04C0145FAC5BAE7BC78114E982D11634A6C7E98025BBF3CB371983B2F11F5F18A7EADCF3E197DD9F4B6FF6E565EC0A827B50FB1D1654E83C4B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......1.....J.n....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E4D7586F574C11E89B0CB758439C6287" xmpMM:InstanceID="xmp.iid:E4D7586E574C11E89B0CB758439C6287" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5DE92AC2574A11E8A331D65ABC8282DB" stRef:documentID="xmp.did:5DE92AC3574A11E8A331D65ABC8282DB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......]IDATx...An.@....q..(...;..i..5W....^....8....TB.RjH.a.c.e2..l:..O..IM../..5.W._T...4..)....)....x.....q.)..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_tab.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 396 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1225
Entropy (8bit):	6.526925141023063
Encrypted:	false
SSDEEP:	24:o91hfvWwjx82lY2T3JVgaDyJ3VbMuGqZ/nt0SsLA4NjQYJ:ojANn2NIJ3TpvtMLvD
MD5:	76827415DCA1F02DF01878E4FB28707A
SHA1:	FE66A43740AB03CB81A7B80F764D39725F66FC61
SHA-256:	1F4DA92032E7642631048B8CC08790031D241B41C55EDF449D8283010FE3F38A
SHA-512:	E61F7FD118BC0176848141BF4927A5A06D0DF5B4E54BAF98F245A3FB0AB0850D63C47850B5FE8F4DF5EB6DA1999320AAB1D19C0B828B7DF9C1A40874501FBB76
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:2913CEFE572011E88DC1C27188559B3C" xmpMM:DocumentID="xmp.did:2913CEFF572011E88DC1C27188559B3C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2913CEFC572011E88DC1C27188559B3C" stRef:documentID="xmp.did:2913CEFD572011E88DC1C27188559B3C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.j5....9IDATx...1..q...]T..N(7$..t..]VKI.2...H..($$.B..O~...2..d2...7..a.u...L.q.4......>y.{.Vgb%YPU/\|'.u.^..$.d7

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_tab2.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 396 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1225
Entropy (8bit):	6.526925141023063
Encrypted:	false
SSDEEP:	24:o91hfvWwjx82lY2T3JVgaDyJ3VbMuGqZ/nt0SsLA4NjQYJ:ojANn2NIJ3TpvtMLvD
MD5:	76827415DCA1F02DF01878E4FB28707A
SHA1:	FE66A43740AB03CB81A7B80F764D39725F66FC61
SHA-256:	1F4DA92032E7642631048B8CC08790031D241B41C55EDF449D8283010FE3F38A
SHA-512:	E61F7FD118BC0176848141BF4927A5A06D0DF5B4E54BAF98F245A3FB0AB0850D63C47850B5FE8F4DF5EB6DA1999320AAB1D19C0B828B7DF9C1A40874501FBB76
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:2913CEFE572011E88DC1C27188559B3C" xmpMM:DocumentID="xmp.did:2913CEFF572011E88DC1C27188559B3C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2913CEFC572011E88DC1C27188559B3C" stRef:documentID="xmp.did:2913CEFD572011E88DC1C27188559B3C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.j5....9IDATx...1..q...]T..N(7$..t..]VKI.2...H..($$.B..O~...2..d2...7..a.u...L.q.4......>y.{.Vgb%YPU/\|'.u.^..$.d7

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\news_tab_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1044
Entropy (8bit):	6.238800077759264
Encrypted:	false
SSDEEP:	24:U1hfvWwjx82lY2T3JVJkaK0XyJ3Vb+KGwGT5PNnKjjkb:aANn2NrhCJ3Z+w+xKjkb
MD5:	76CF2FF5B1C3D1D26F059A07C9EB6BC1
SHA1:	518EACF10312AB4D00E564F89ED3A3C448666737
SHA-256:	8844610C447277C34A77D50489CC7093C9718930201928B5A7A86C54829AECFE
SHA-512:	6A229C07BB78F1B2C81EE17193E52E98E02C77D3F179EEFDEDA928D62F98AB336411C2D3ED2D9732F276B2D20FF0B75C8D7AD0A119BBC3BF6A035109A6C7A44C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:B957CDA3688A11E89DE68DE50CFFA3AC" xmpMM:DocumentID="xmp.did:B957CDA4688A11E89DE68DE50CFFA3AC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B957CDA1688A11E89DE68DE50CFFA3AC" stRef:documentID="xmp.did:B957CDA2688A11E89DE68DE50CFFA3AC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.bT........9....@......;H.......S...N......Q........Ji.r..D.`!.6$......`*...a.a.+L`jA.......)a0(.....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ldslite\product.ico

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	MS Windows icon resource - 4 icons, -128x-128, 32 bits/pixel, 48x48, 32 bits/pixel
Category:	dropped
Size (bytes):	82726
Entropy (8bit):	2.6687907562358353
Encrypted:	false
SSDEEP:	48:x/r4o7GbE/NNNNNNNNNNNNNNNNNNNf8Qy22sdU2q8h:xDR88h
MD5:	ECA0C2BA1E764A5DF996FDC0670F3847
SHA1:	B81112A054D72C4A0B06FDF62E8E88CBAADB79B9
SHA-256:	03C20E20E3C0FC0BB1524AD63709A066DAEE3C33F071B2B0823E91E620655BA9
SHA-512:	463E821E5E9D1D1C525F7F59AE70103AE7B2435679F53068F3E913C94C3C7BB8E52E47029F713DDA8A66D4EC12FDD025E588CA55569C55DC39E1E8B95E469A9C
Malicious:	false
Reputation:	low
Preview:	............ .(...F...00.... ..%..n... .... ............... .h....>..(............. ................................................................................\.............................................................................................................................................................................................................................................................................................................................................................................................................................L...................................................................................F.............................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\900_53_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 900 x 53, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	25000
Entropy (8bit):	7.983431295024632
Encrypted:	false
SSDEEP:	768:5G2KkSq8xtYgQ1pgWA084cU9VGn+Doc/Sc4Wxmr6HPIc:tSqQtVQ1y4cCVtL/1ueH
MD5:	7333D3AA275603A0CF1F183E0C64595E
SHA1:	F9C2EA971E53E6F3F2D81BCB4E309650AC7A1240
SHA-256:	934C38C7DE8309EC412E9F3C43ACBB07561B6BBA69CD5D1FE1F27A5A4D40E5F4
SHA-512:	03E1B3B790C962BC48A83077A66077F20A881DEB64DE12EEBAA971CC88786E67073B837F5B1A1682F3A669EDEE5831F404638A7662F0D0D83F040BEF03A5DA40
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......5......R.!....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:C891D0FF6EE211E98739D1584ECA36F3" xmpMM:DocumentID="xmp.did:C891D1006EE211E98739D1584ECA36F3"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C891D0FD6EE211E98739D1584ECA36F3" stRef:documentID="xmp.did:C891D0FE6EE211E98739D1584ECA36F3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......^.IDATx..}.r$9.....l./.*~m........Y5.....Y...;.fwF.i...H0..2.......... "...~W.p..@.J.....h..V.,..o......../W....

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\awake_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 522 x 126, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	14450
Entropy (8bit):	7.924873745152401
Encrypted:	false
SSDEEP:	384:uNrXzmykWyTwQ5ASEgcSbM1H3mlfV7LMryOx9J:uRzmdWy0Q5uS4H2lfh4jTJ
MD5:	767403C5E64B2914FF02D32E8A43CAD8
SHA1:	FE012D71CF76954A7B47DD17B53275D267EDF32E
SHA-256:	BBCF28217EDF9CA7434A4739C5C6867BA09811042E4496FF608B31E0A05EFC09
SHA-512:	A5D5F89233E248A3A407F636943CE939CDBEC941772BBE83E769C5F4DBAD126101AF8F9A62EBEFC6D5D3393B9A04650986D476128619981D39AD758F48EA07DA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......~.....r3.....PLTE...r=.......hD.....2.eB.....".......hI.6.mI.lJ.lI.iK.5.....7........!..8.....5..!....iK....&....gI.gK....3".fK.;../....-...:....dI....Y..5..'...)....W(.~;.V..bJ...1%.......D.....o.....L..<%....A..d..J..2..7.~5...).F..p4....D5....4..A..@)....3%.J9.`..i........g.....Z:.1..p)..&.k..s..R?.y..R6.w'.8'._. ..8.T"..........L..I,...../.F".V#....M..d,.X).( .dL.B........./.+..k........hH.\..3T.......{(....bC.......ZG....#..Z.._N.(..;..eL.gM....v.I7.....m.Bo....+..$..T=.(.~................%.......Q=....r..w..>.....]V....8.......G..~X..I.0...._w.8..........qM....l_..-....hq..9.R..C.ZU.5L.TJ.Hm.4..".....7d..M....5.....7../....................Q...0..4..........}o.M..<..d....k~.wt.\..A..(.._..i.F..4.."..X..>..$.B..Q....9..0..'..N.f... .."..L..:..D.pz.\..I...P....tRNS............................."#..',!.3-'(.%1:.y..0+l6.BO.,9.%YV..;.p....:.AG.3.....\|.d=K"MF.~\|.cr.....zH.vc[.`HoX..K..Vj0..uk..j.dcsn.{S..vd.Ua].n...>{WM...uD......U.......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\awake_title_wide.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 580 x 132, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	16345
Entropy (8bit):	7.9318617234827995
Encrypted:	false
SSDEEP:	384:wxv/Io1qHmEGNbCM408CbnLgh1M1BqWi1jJ6pHjhHLjs23Dj:6/J6PGNbsMUh1oli7CHjhHLw2X
MD5:	ADC15C5C78220133E81C0C4E2F1B88DD
SHA1:	3F0BC83BD9E48B1E9B82C6009AD6E20EA324D003
SHA-256:	3C68D91E265FD08DA94544ECF9AAE3E88CD998B5B68EED0FFE948A216F5A3367
SHA-512:	48B580E49B6D74BF41D4C0DAFD72E95B4AE01A685A1B4676F54FABF2CD4946921E93975F154F7A02070EF78817751704E581248785C3FEA7072804717ABC4760
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...D.........FI......PLTE......n=.....3.uC.`E....kJ.#..&.mI..........kK.-..;..&.iJ.gJ.3................fK.}@.....8.......gK.$.......:.L..dJ.2.....c......;.6%.5&.....%.~9.eG.a..r..6..c#.p..D..`+.....(.4 .V&.N!.X&.3...../..!..7"....h...(.>..x..p..........D........>".s,.@1....N.....&..`N....m3.cM...d..X.../.(.....bK.`:.1$.@,..........D,.d3.!..P..M.....J8.O=.w..6..X...-.7.........&.kG.gJ.8-....>..VD..........,..S:....dL...I$.,..)..x.....ZF....$..%...........' ..S.'.....N.....I8.&.~s........T@...........1..s.B-.......A......G.BO.w..iK.0U...........#.Dl.3..U....[Z.6{.....).at.L=..0....Py.O......../..y@.qh..P..n.fg..<.bA....d&.#..>\|.Qf.+..7b....:.................N..j......>.Z......0..C.....4........%....T..xs.:..%..G..~n..!..i.>...d..`.....).3..P.C......M.qy./......\..8.6..K.a..K4......tRNS....................#.......!".(1#/0.8.$j.)...29@.R.y]..9M..qa....z.?.kA)K....E./j7.~W}H9.xn._SJ.._Q\|W...m..w..`.E.yvk.k.{EDd-_W^Q.;!...u....._..xJ..xo..w.R...........

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_add.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 78 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1351
Entropy (8bit):	6.900178642064066
Encrypted:	false
SSDEEP:	24:61hfvWwjx82lY2T3JVgKHyJ3VPTKT+GXWLpThnERqgedNIqD:YANn2NuJ3hDlLJhELIh
MD5:	D345B318ECFA76E0077929437E0C9333
SHA1:	6661B2F66ECB6FA2710EF04973C52FB28E6E8648
SHA-256:	DC9A9D7C288B04EC90B0994B2B81566BCA49802A410C1E775A996A5F1FA1C628
SHA-512:	DAEE9FEA3094BBD3A8241A3A5C0E44977134986A273CF66A9164FF3C750F900E8005E39C3D35AA9B4EC8098C6EAC0F215038DE80CA339A4A1130B5B58CDA0B91
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...N.........nw......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:B39B9F0667B711E88EBDC94705CB80C5" xmpMM:DocumentID="xmp.did:B39B9F0767B711E88EBDC94705CB80C5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B39B9F0467B711E88EBDC94705CB80C5" stRef:documentID="xmp.did:B39B9F0567B711E88EBDC94705CB80C5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>q..-....IDATx...n.0......J.........t.a......:e...*".I.k$#......X.........R.Q.q#.]J....=i[.............ZG.M...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 1020 x 820, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26291
Entropy (8bit):	7.611140270814309
Encrypted:	false
SSDEEP:	768:so9KeGBjZZbkc6Gj6bz7dxgaR+mzSgjCZF:v921XzuRJhjcF
MD5:	AC32874E0678C20E4226879ADFAE9AC9
SHA1:	B63E7D1CB163FF1EFE768F64B64333926C338A0E
SHA-256:	AF558584BBE41C51117FF6DAD004636BFCBE6B8C3CF48333965EBB8F61D0A118
SHA-512:	29785C3F25893EFB9AF8BBBE95CFB0EA5820D075B798B77F9DCEF2B2A9B1E4F7B81C2FCAC63BDFEECC449164F44E0CF2273C7BEF2F64AFE6FB68CBC438C8D95A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......4.......)"....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:872d2818-f31f-8947-93f2-b44288ccfdd7" xmpMM:DocumentID="xmp.did:EEB0C4B994B711E89826D4EB53197E27" xmpMM:InstanceID="xmp.iid:EEB0C4B894B711E89826D4EB53197E27" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A947DB8A5F0011E89D1FC699991E6553" stRef:documentID="xmp.did:A947DB8B5F0011E89D1FC699991E6553"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..x...b.IDATx...[..M.6...)..1F.......b"..3.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3177
Entropy (8bit):	7.744887758361115
Encrypted:	false
SSDEEP:	96:c2gyV9YVUiB+n61sYDVHidXMjQeLq2uzOGiMCM:wmDYDVTjQKVSOUL
MD5:	09FDD5E828FBC7587BA8BACB228B8F68
SHA1:	0A5E0C86AFA34F3AD11E3B018859A6554C093121
SHA-256:	C302E0865C22426F8493F66FB8AC77DDF5754C281800144A6E9BE738A792AE9E
SHA-512:	71F967190C90C6187EECEF6A0DE77E177FB0C738C2DF3B9ABD165A6850C9DAC87F06700533B6F0364836403F5AEEF3C899F92BA47D973F67368B2839B00F5878
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............;0......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:741214F054F911E8A45A97A82BD43E4B" xmpMM:DocumentID="xmp.did:741214F154F911E8A45A97A82BD43E4B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:741214EE54F911E8A45A97A82BD43E4B" stRef:documentID="xmp.did:741214EF54F911E8A45A97A82BD43E4B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.2<V....IDATx..yp....?.......&..BB.)9...........2..h........m....i.V;.[l....V.9..@.\....$!..I6.../.L.x.xg.......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_menu_bar.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 591 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1247
Entropy (8bit):	6.25917429348484
Encrypted:	false
SSDEEP:	24:1r1h4SHWwh82lYSKwHaNIVBT3XyJ3VHHoHa98GYZn0hy8alz6lz6lz6lz6lzf2:3KS2vnLyFzeJ3lHKf9ZPgggg12
MD5:	CE6E4A44A73B016ECB6BC1082D402673
SHA1:	0048AF80243529CFB635F802097D5D7B0F0E04B5
SHA-256:	F91CB32EC5CA81C0F3CA1706CB366C248DFA53DACFB8B831D5028D3FFB87ADBB
SHA-512:	B0C8D5D9D4FDD0269A52CB013BB0AFDEE0D178CFCC37F2B6DA7DCCD5BCDF48F1CB96927DC7D0D0D4510270229EDCF1CA5F77F2DBB710658760BBC497641FCD61
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...O...(............tEXtSoftware.Adobe ImageReadyq.e<...iiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420" xmpMM:DocumentID="xmp.did:8A423F59597A11E89DA4BD0A1F7942D0" xmpMM:InstanceID="xmp.iid:8A423F58597A11E89DA4BD0A1F7942D0" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9a34a591-c83b-a442-830e-c87b757c67e7" stRef:documentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>-.>.....IDATx......0...T\....s..w...t.o1..V/...y

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_nopop_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	16464
Entropy (8bit):	7.94526053248297
Encrypted:	false
SSDEEP:	384:KC6vTYVt6q6oRGqJKbq/kHeWt+tn+d8+DefVQojoo+ooBE:KC6vs685Jj/aec2+e+yiojoo+ooy
MD5:	09B4A350CAFA54A8623E9569E340A94D
SHA1:	C1DB452D73DEB9BB53868A43E8A11C73F0C9228F
SHA-256:	D58C939CA8988BB8F8DE23A6118AF09D6584ED60570F0778EB687FCF5A1D175B
SHA-512:	9081C9B8707FCC8275AD3B679967C15B55B4C56CCC144F88D46E9CD1F8D023BE5389C2526EFC653D7D2F42E9D24899761BC2A64BD02D057E47459FCB264570DF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:DC58C925573C11E88BFCB02B25DEE636" xmpMM:DocumentID="xmp.did:DC58C926573C11E88BFCB02B25DEE636"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DC58C923573C11E88BFCB02B25DEE636" stRef:documentID="xmp.did:DC58C924573C11E88BFCB02B25DEE636"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.LEE..<.IDATx..}..$.U.%.Z.....zoY-..B..1.X......^.....[p..e.>.....t`.0pl<p`........1.%...,..nYR.U.Uw.Y....#~....=.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_report_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 536 x 373, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	34223
Entropy (8bit):	7.954534363663997
Encrypted:	false
SSDEEP:	768:LYbYpNNUPws7roDYLmOhn//B24f/rYO7HNPNWPiJpzKT:LYb6NNi7rpH5/A4f/rYOpPCiJJKT
MD5:	3CE2DA3DDC2C4E04FF33186C31DE3653
SHA1:	047DA9125A981AEA4BB2A619C08386547ADBB070
SHA-256:	8D124BC3C3396E9A2E0951954AEB5F190990C0A117753D7B5A6587A227F4CAB9
SHA-512:	87C6E6195B895DC53CC64D7AE6DD0D3456564B0F9CBD06AB0A5A63FCB35D1DB5EF6C59D884351EA5DC692CDCFA126D14C200DB953FB41DAC820483686AAC5FCB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......u.............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E736519FBB2211E89D30907AA60557FA" xmpMM:InstanceID="xmp.iid:E736519EBB2211E89D30907AA60557FA" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5B4B5736A43F11E8AB00BE635CAC30F0" stRef:documentID="xmp.did:5B4B5737A43F11E8AB00BE635CAC30F0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.m......IDATx...l.r..jw.{...Cr...A..L...H@.,.... .."....c$Gb.. .<......).g@. ........ G..P..y....^.^..jU....>..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_shortcut_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	19576
Entropy (8bit):	7.9641554009562014
Encrypted:	false
SSDEEP:	384:GDV5zsFdrek8mmurpgu0s0dzltrnrMypgWBSFW59eVxx03FEdDw78mooqooVoolZ:GD/zsOkHKdzltrnrMyp38WiC36wFooqh
MD5:	EB12794C095CBF37249CDC1C91B923BF
SHA1:	F7313DA102248DA5551923DEFED7E53E6A5026F9
SHA-256:	CF54F99C2BE1353B3E4162F7E7EFFA9C2C0747B33884F66C585FB79D7239A2B9
SHA-512:	8624AA17A747D989BE8B2CE9FD6588C441A02E05C6086333C9BE906ECFBCDD55FE3FAA7585B0ADBA1ECAB50763B3A5FA279A11A991D04747CE7FF7653A3DADF3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:E5D56931573A11E8AA7C866D60B16ED7" xmpMM:DocumentID="xmp.did:E5D56932573A11E8AA7C866D60B16ED7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E5D5692F573A11E8AA7C866D60B16ED7" stRef:documentID="xmp.did:E5D56930573A11E8AA7C866D60B16ED7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...5..H.IDATx..}.x\W..;E3..u[...[.$v.8Nq.....I.@.,..n...aaC.?.......!.C.).8q.8N\..w[..Q.M..wg....&.H#.{....h....._;.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_shortcut_later.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 405 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15280
Entropy (8bit):	1.8472786663792886
Encrypted:	false
SSDEEP:	48:D/6rMlYk29WJsEvurFTliMucPBLQFC6xN+Y97sc58B7Vu+Vk70hO:DSaYkEWmzWZxNX7sc5uVTVk7OO
MD5:	D6AC8165BFA52B17C38F2BC42F5C932D
SHA1:	C5A68C43417150D3CF7AFD7746454B3CC4A62A82
SHA-256:	6AC3107C6E574936A2798EE67FD702BEFC231A5AFCE1D15A695BF86B05816865
SHA-512:	E5F065577ACFAB26E69A5065C6EB94ADE80519E2F4E4E9F3D7D9385AE93EF82450B4C6D31A26E59C05381C61C22D0BB8B2C2BAF086F5113989387315466F4B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......#.....\.......pHYs...............9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmpMM:DocumentID>xmp.did:2BC34A87574D11E8B421AF123BD4E4C1</xmpMM:DocumentID>. <xmpMM:InstanceID>xmp.iid:075f24ca-16a2-e64a-815d-2e7fdbfdea

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_shortcut_now.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 447 x 49, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2012
Entropy (8bit):	7.347984462605845
Encrypted:	false
SSDEEP:	48:cWKS2vnh4JeJ3B3fuyPf4yr/daiNe1FpALg:c1Seoe3Ger/daiaF
MD5:	4633E3AC55A7547FC0624C75EA3A3C3C
SHA1:	F88A2DD586B3EFAD78B47C59DD9A6A7865A16E47
SHA-256:	C6EF2048273E9E449A8E95DC9E28585183066E4CEAB124C1D67699911061ECB7
SHA-512:	3AD63B398FAFD4C5393BF1A445E8968BCFA7E9BA78C2CF1FC8219491C5CAFA573B58B6AC4E932F66BC326C4FB0CBEC3968BD650144BF081D6D0CCA100C628F54
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......1.....J.n....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:D379BF87574C11E8B49A879367FD3286" xmpMM:InstanceID="xmp.iid:D379BF86574C11E8B49A879367FD3286" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1DEADA12574A11E8934EB46CBDCECCD5" stRef:documentID="xmp.did:1DEADA13574A11E8934EB46CBDCECCD5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>J......QIDATx...QN.A....)-bQ.F..<...Y.O..8....J..G..+p.M.).B..q.\|...}.I..K......g.q........8..)....)...jx....q.)

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_tab.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 396 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1476
Entropy (8bit):	7.021102825770602
Encrypted:	false
SSDEEP:	24:o91hfvWwjx82lY2T3JVA4iayJ3VLBAfGzeISjPy+Pp4AqKfo2F88P:ojANn2NaJ3Kx5jPJPGKQ2FD
MD5:	5B22A1237E0C6EF4B00D96578E050D2D
SHA1:	ECF033E377F1A48D4158A26BDBDA2C101744DA2B
SHA-256:	611E9998E4DF97DA95A0997C7AF47C546174E74962CAD732934CD25E9C7618D3
SHA-512:	CD388268B4797F3C575C0F1E795853000630B438B3896571B548D7394AF3C46F1C0CF8EAEC3CB64DC453C30A6EA6BD1452F33A48239D98A7DE76D17A9A61CB0F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:D6C02F2B571E11E89BE7826CCD77D0F0" xmpMM:DocumentID="xmp.did:D6C02F2C571E11E89BE7826CCD77D0F0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D6C02F29571E11E89BE7826CCD77D0F0" stRef:documentID="xmp.did:D6C02F2A571E11E89BE7826CCD77D0F0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>;$.\|...4IDATx....jSA.......j.*R..P..4.VA..&.n...>.O.{.w....8.7.tn.p..>8...C...L&..f..u..(.8.V..........n...m...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_tab2.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 396 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1476
Entropy (8bit):	7.021102825770602
Encrypted:	false
SSDEEP:	24:o91hfvWwjx82lY2T3JVA4iayJ3VLBAfGzeISjPy+Pp4AqKfo2F88P:ojANn2NaJ3Kx5jPJPGKQ2FD
MD5:	5B22A1237E0C6EF4B00D96578E050D2D
SHA1:	ECF033E377F1A48D4158A26BDBDA2C101744DA2B
SHA-256:	611E9998E4DF97DA95A0997C7AF47C546174E74962CAD732934CD25E9C7618D3
SHA-512:	CD388268B4797F3C575C0F1E795853000630B438B3896571B548D7394AF3C46F1C0CF8EAEC3CB64DC453C30A6EA6BD1452F33A48239D98A7DE76D17A9A61CB0F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:D6C02F2B571E11E89BE7826CCD77D0F0" xmpMM:DocumentID="xmp.did:D6C02F2C571E11E89BE7826CCD77D0F0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D6C02F29571E11E89BE7826CCD77D0F0" stRef:documentID="xmp.did:D6C02F2A571E11E89BE7826CCD77D0F0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>;$.\|...4IDATx....jSA.......j.*R..P..4.VA..&.n...>.O.{.w....8.7.tn.p..>8...C...L&..f..u..(.8.V..........n...m...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\news_tab_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1044
Entropy (8bit):	6.221005004079167
Encrypted:	false
SSDEEP:	24:U1hfvWwjx82lY2T3JVxdpKgdByJ3VHdUK+dOGiNZU3Y:aANn2NzdFdAJ3VdEdOJNZoY
MD5:	9AF2CF28F3EFDE5C882B9C6ECCBE44FD
SHA1:	AE914041B9F35BDB7B28DD38D73BC6CE34A9B1B8
SHA-256:	3657B3E697559DFCD8B98F17EF244BF613E0095B1D1B033D6FCEA1FA68D21F8B
SHA-512:	D9D4AFDEB916BD4E3EEC89DCB80245271A10F6751558DB389E41ED1432D482FDF38AB8B591D69AD1B52F7134AB2CAF3A3ACE6A1DAB02B5698CE09A2B62C56CE4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:BD937AE4688A11E8B42DEB388A299364" xmpMM:DocumentID="xmp.did:BD937AE5688A11E8B42DEB388A299364"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BD937AE2688A11E8B42DEB388A299364" stRef:documentID="xmp.did:BD937AE3688A11E8B42DEB388A299364"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>1.xA....IDATx.b..Y.........? ....@..$....Dj....b'd....(...c.-W.P%.y.('Q.XH...p...%.....A.o.....Z......@J...t.b.k

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\ludashi\product.ico

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	MS Windows icon resource - 8 icons, -128x-128, 32 bits/pixel, 96x96, 32 bits/pixel
Category:	dropped
Size (bytes):	161862
Entropy (8bit):	4.280477565246753
Encrypted:	false
SSDEEP:	1536:kJJJJJJRJJJJJJJJJJZMzoZJJJJ3JJJJJJJELQJJJsJJJJB8JJLJJJJ53J:Cio4T
MD5:	048E727585F742629E968F020DD8FED5
SHA1:	5ADBD106C9A9E9322B2582C312E798BA69433C94
SHA-256:	B3570B90A479F180BBEAC4F6058A83F4833C5F1D50BAF4F4198E53D780D82DB3
SHA-512:	1DCD15FDD70B562264F39F89E2DC5CB1B06B8F0DE430C684F0595DF384156BEE86DE34AF48D38720D62E63C73832E5BAB0A689383C66747747CC85AC343B8E80
Malicious:	false
Reputation:	low
Preview:	............ .(.......``.... .........HH.... ..T..V...@@.... .(B......00.... ..%...4.. .... ......Y........ .....Vj........ .h....s..(............. ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\900_53_title.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 900 x 53, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	3758
Entropy (8bit):	7.633288158845211
Encrypted:	false
SSDEEP:	96:ofo7F526HGgR8Cl/Zs6dRm/eOFprI5rWfgZiw9HvN:57F9j8+//do/emrIxWoZz9PN
MD5:	1B73D2DC029EEC98991F30791BE63B96
SHA1:	3B1647C14AAD8551BC12753BD6310FB8837E4F0A
SHA-256:	9F1F044A8BA8F03B3B6724AFFE5BB197158588AF90E8AA60AFA7260FA4DD8D2A
SHA-512:	64624B3269BB75C785288C7843E9E9443EF41C154A3E4CE0F3E4D6789B943447E2514770AF64812DBA46A705377AD92DB0BE404F07423F9E6608C1F5E9B22F48
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......5......R.!....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:B83256426EE511E998ECFB6E8F9DA0D5" xmpMM:DocumentID="xmp.did:B83256436EE511E998ECFB6E8F9DA0D5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B83256406EE511E998ECFB6E8F9DA0D5" stRef:documentID="xmp.did:B83256416EE511E998ECFB6E8F9DA0D5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.j.M...#IDATx...r.(.@I@R....Zs..j.*G.Z.I.^j.#.kG.].E...$.....u.E..tq....)..zN^u..;W..3^).(.....?P......].F^..y....dw.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_add.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 78 x 22, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1351
Entropy (8bit):	6.900178642064066
Encrypted:	false
SSDEEP:	24:61hfvWwjx82lY2T3JVgKHyJ3VPTKT+GXWLpThnERqgedNIqD:YANn2NuJ3hDlLJhELIh
MD5:	D345B318ECFA76E0077929437E0C9333
SHA1:	6661B2F66ECB6FA2710EF04973C52FB28E6E8648
SHA-256:	DC9A9D7C288B04EC90B0994B2B81566BCA49802A410C1E775A996A5F1FA1C628
SHA-512:	DAEE9FEA3094BBD3A8241A3A5C0E44977134986A273CF66A9164FF3C750F900E8005E39C3D35AA9B4EC8098C6EAC0F215038DE80CA339A4A1130B5B58CDA0B91
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...N.........nw......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:B39B9F0667B711E88EBDC94705CB80C5" xmpMM:DocumentID="xmp.did:B39B9F0767B711E88EBDC94705CB80C5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B39B9F0467B711E88EBDC94705CB80C5" stRef:documentID="xmp.did:B39B9F0567B711E88EBDC94705CB80C5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>q..-....IDATx...n.0......J.........t.a......:e...*".I.k$#......X.........R.Q.q#.]J....=i[.............ZG.M...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 1020 x 820, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10681
Entropy (8bit):	6.691662249171865
Encrypted:	false
SSDEEP:	192:3/a0lLPew2WdOMKgxRO6Cr54CexJKM/mhcbkxxg:H772MO/OJCrldOmOOxg
MD5:	29C66D789D22257714AA40949A1AD048
SHA1:	106391F761C96DC09F148605370C2AB7DBD24F89
SHA-256:	6CEC4BE54173F45C1C746D0A478E3C4B9D2E11B3D4C40145AF786DDD1F2A3DA1
SHA-512:	4894B54DCA6862F8BB166B9781FBD5A1FFF64DD9419D10EE7B97BD9C194FB6B1E3651BAE547530F44F0ABE35384459E288DFAA6CDE264D949CFA453A940E260B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......4.......)"....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:46D3BF15913C11E8BA6CADDD998F840E" xmpMM:InstanceID="xmp.iid:46D3BF14913C11E8BA6CADDD998F840E" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ED92F0A48F1A11E8B0C8B4467B26755F" stRef:documentID="xmp.did:ED92F0A58F1A11E8B0C8B4467B26755F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......&)IDATx...I..Hb.a.....x....z./ax..%..o.#.0.0..EjH....$...B.^.R........1.............?... ...........~...@.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2295
Entropy (8bit):	7.556817746956045
Encrypted:	false
SSDEEP:	48:7uvnqWASJ3tB8uiQ2uyoFom/vvdo+9yr+paaC9:KxAE8uiQh9FtXvd+r+pa/9
MD5:	3EF13AF7802B9BCCC872B6640A8E42FB
SHA1:	944C7999B022C7E964550C7491EC4CED123733C6
SHA-256:	A5DE4DE4B46F25CB42D19E460D3AB69E34BC7C4C1F24C41743E1627821ABDE80
SHA-512:	8BDBB497727D27195DB351CB2FDA111DE8AC971552742790B3A7BDA66C82FDB547E04DAF027C1FD8C63266BD878B01AE2461CB386C36B5D56B1D509B5E6F70FB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............;0......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:3404B17F8F1B11E89E9AD40541A166BD" xmpMM:InstanceID="xmp.iid:3404B17E8F1B11E89E9AD40541A166BD" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:10CD8B4E8F1B11E897AF94898EBDDA61" stRef:documentID="xmp.did:10CD8B4F8F1B11E897AF94898EBDDA61"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.1.....gIDATx..}L.u.....qw..'...h>.%..4.U.e..r6.j.U.Y..?.[+[sj.......H.2M..Q....C .....N...........s}.....}...

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_menu_bar.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 591 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1235
Entropy (8bit):	6.26227912419721
Encrypted:	false
SSDEEP:	24:11hiyWwh82lYSKwHaNS/VDnT3XyJ3VvcaJqMFJ3GHa/i888883xU:buvnLy9ReJ3qaJqyJ35K
MD5:	5074370C81702F4A82AA5DEDA697E28A
SHA1:	FD8BF8958B0CB5A20DC3B818C428FFE2F4B4503A
SHA-256:	BE8D1D4901CDE51EFEBDB185614DA8A751D699E7EDA0CEE1C447E483AB2B283A
SHA-512:	8AC0D2694B6562E8C1BD8777775DA9F472EBBEDDAF59145879EB41E35D11A14EE76ECB4E961DD44059269790EE683ECC16255F6EC054816D9F98447B99D16C13
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...O...(............tEXtSoftware.Adobe ImageReadyq.e<...eiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:98FB8C6B571D11E8AB60A9F32D5A1420" xmpMM:DocumentID="xmp.did:9AD4D1168F1C11E88DC6FDB0C9D08959" xmpMM:InstanceID="xmp.iid:9AD4D1158F1C11E88DC6FDB0C9D08959" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:747AFA36597A11E88ECD8B27919821DE" stRef:documentID="xmp.did:747AFA37597A11E88ECD8B27919821DE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..}.....IDATx......P.E.1.%Y.BJre.v."h.... & J..s`..x

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_nopop_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	17245
Entropy (8bit):	7.896391963569425
Encrypted:	false
SSDEEP:	384:p12/uzG+0ZSv59y6qMibz5faUNV9UnmOiTkHj9jW3:pYrSvP0lSUCnmRTkD92
MD5:	52BDE55F6FF540D982B32527DC2BDFA3
SHA1:	C22DA729A207E494F5553214F47B2AADA1BA69D9
SHA-256:	81E19BCC4394C497268110D2C967CDD095994E33070AD9AF6DE606B308269976
SHA-512:	2421F3B82B1E2CA9E1941B1EC1E02D1417ED531C12F5B14E86B1B32246847E34EDF7C7518A27DA40E51BEC8A4B01762E369BCC13195D267A70CEC385947C291D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A7157B1E914711E88FDE82B75F488841" xmpMM:InstanceID="xmp.iid:A7157B1D914711E88FDE82B75F488841" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7B76257B8F2011E88BA3F531A6CAF0AF" stRef:documentID="xmp.did:7B76257C8F2011E88BA3F531A6CAF0AF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...t..?.IDATx............%.F9.%... @.....0....g.<.5{.............D..Lp$c{M2.h{...Q...H.M.Xu...NOuuUu.L.g..zJ..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_report_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 536 x 373, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7050
Entropy (8bit):	7.643753241529608
Encrypted:	false
SSDEEP:	96:2V0jeo+wot6+OP5hxflPNQ10Vs4iWCp9y0g2Gmru9TxbSzvDzo8yZm+8BPhV:54mhnm0m4Rm22ITxi7+8BPhV
MD5:	E7313F14FED5DBB40FE34D107678DA20
SHA1:	AFFF655D13B51F74EF777D04865F3BCDD3AE2A0D
SHA-256:	ACA390CECDF014C2CB5D28DEC22A96C0C0860F6CF7C29246495E28DD20BC0964
SHA-512:	0ACCE6D3D6B00146E8CDA729DEA404F4DBB2CDCC997DDBF5A4B65C84A8FA12265606359F36C5A4E35203BE0D6C2B8EDBFF736C37EF6CD4091050D0A41C1D4048
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......u.............tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C2F47EF4BB2211E883759E207F6D9C89" xmpMM:InstanceID="xmp.iid:C2F47EF3BB2211E883759E207F6D9C89" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CD738DB4A44011E8BD86F0F766AF2F44" stRef:documentID="xmp.did:CD738DB5A44011E8BD86F0F766AF2F44"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......IDATx...M.<i]..zzjf....1(.$...x0A .z.%"o.......z2...&&......_......p....An..h..(........L?.S].SU.Tu..?..3

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_shortcut_bkg.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 384 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	19902
Entropy (8bit):	7.955779912808816
Encrypted:	false
SSDEEP:	384:KS/lRbyX293kQdlNaUMLcacOFtxPCsL4wdy8kO2MSy+gBxSMog:vlReX2vlN1kcacOFtxPBcws8kS+yt
MD5:	3DDC44E78A07BB324C609A59FBB9F697
SHA1:	D516D9466F9A5AF4A7DD010ABCD9A9DB2C07FE32
SHA-256:	514CB05188E548B6E02A57BE564A93B831C6B37EB04C6D8574E9970A44952051
SHA-512:	1B5AC8F4983AF329DAC44C6CA78158BD29903D0BB22A43CC7E7AFCAA9DF3F6A4137C7C70245DE3FDBBCE79D1D76DB5486306A634B3A333F62A7FB6D8C3387D3A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................"....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:7B4549D5914711E88656D6BEB679DD5D" xmpMM:InstanceID="xmp.iid:7B4549D4914711E88656D6BEB679DD5D" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6BB8B3078F2011E89693A4F2449FD575" stRef:documentID="xmp.did:6BB8B3088F2011E89693A4F2449FD575"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>\..\|..J.IDATx...`......*.$!...........qMb'6nIll'.O.g;...\.%q.....]lc;.{..bz.M..D..!.B...........j......A.......

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_shortcut_later.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 405 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1373
Entropy (8bit):	6.689440989735385
Encrypted:	false
SSDEEP:	24:pG1hiyWwh82lYSKwRxmLyVE1LNT3xyJ3VvFBGGcnimD9ny9dQcu6EmD:6uvnLMDmf8J3VFIpimZniN/D
MD5:	F0D2FA4014CF76B2963ECF4112B14CED
SHA1:	1A381E734C7B446C1FA35BAEC82102E8482596A4
SHA-256:	B486488523D64B7ED40EBD71766E1C1D1611BEB19119078E93AF9782EEF7E6B3
SHA-512:	9C97727FDD07FBB67DDB50BB71017970E6D7D0A91238D446522C88FABDC10FA99F4D3CA0B4DFCA62D945092D24EE1B846C983DA03F07825E1AF853930F377F86
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......#.....\.......tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2BC34A87574D11E8B421AF123BD4E4C1" xmpMM:DocumentID="xmp.did:A3A007068F2211E888BBE605F03A07C1" xmpMM:InstanceID="xmp.iid:A3A007058F2211E888BBE605F03A07C1" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:075f24ca-16a2-e64a-815d-2e7fdbfdea82" stRef:documentID="xmp.did:2BC34A87574D11E8B421AF123BD4E4C1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...9....IDATx...1j.P....RC'Aqw.*N...]......y

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_shortcut_now.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 447 x 49, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2004
Entropy (8bit):	7.354217241095991
Encrypted:	false
SSDEEP:	48:cWuvnPKKHKVeJ3XRxusolcUJMFz/n65Lg2TOSptJnFKts92iUaV7uK/:c7M+xusoPJejnYhH7pFKtssLLK/
MD5:	0BE30B0D1B4D1A2197E62F19BA9CEECE
SHA1:	D37B3ED6D5DFB45D2861509B8B82C842DC998A1A
SHA-256:	5EFCF256818187F2A34F4A4B8B0EDC2E0978A359DA100804F59BB649341ED400
SHA-512:	72C1F85D6943A6E0E65C8697F3233ABF75172A6CB49441C9B050AD386C1789A9719072CD03ED1E3AE7DB50FB4C948AC2175DB347AD67277EC0B24DCA00C004C1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......1.....J.n....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:F15CF8998F2211E88CB6D94FC4AD62B6" xmpMM:InstanceID="xmp.iid:F15CF8988F2211E88CB6D94FC4AD62B6" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D379BF86574C11E8B49A879367FD3286" stRef:documentID="xmp.did:D379BF87574C11E8B49A879367FD3286"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>vO.F...IIDATx....n.T..a.I.T...^i\..n.n...U....0.]...+!$.t.tKl...O..K....'.9M.^X?...f..z.g7.c..a.:.W[....MiJS..M.yvz.x

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_tab.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 435 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1826
Entropy (8bit):	7.251717917317824
Encrypted:	false
SSDEEP:	24:dvG1hfvWwjx82lY2T3JVTsYryJ3V4eGHHS4M43AucqJHKXrr4M7vRnLeRnM+81EP:dkANn2NZuJ3jzvBiq7bvRLX+kEsDNk
MD5:	945B371FAEA0330351BE7848E4EB7C7F
SHA1:	3A6C9DCC6440E4C8D7D3FF76706B1488DB4FD463
SHA-256:	57830D314DEA89F96A7833B9FCA7CC3BB8B99B30AAC7E59EA6793AB6A12967C2
SHA-512:	E0617CCED6005A843CFC702BC9E8DC2EF7B6EF28893962AA06664131777801AE00CA88E02E0E20614EFC6A9A5D70116375C9287CD2B2A9B07A306B4836BAA03C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!.....S4E{....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:EA8C1503550B11E888C28804482F1475" xmpMM:DocumentID="xmp.did:EA8C1504550B11E888C28804482F1475"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA8C1501550B11E888C28804482F1475" stRef:documentID="xmp.did:EA8C1502550B11E888C28804482F1475"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>@u.Z....IDATx...n.P....4i.&...Z....1@%.JAB4............ .tAL.(..S..}..K...#..U......^;.......m[;.z.).a...{[_[x.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_tab2.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 435 x 33, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1848
Entropy (8bit):	7.290870401747524
Encrypted:	false
SSDEEP:	48:dkAvnHx68J3ZdEhAH65QD0vWSfod67SW9Hl:dvoigqE1f46Z9Hl
MD5:	FD17BBB545512803A4F1554D03FF8223
SHA1:	87493818C5920C8A49C94B25D069009248D0BAC5
SHA-256:	23849B662C18EFCB5BACA59277E5D78007A6E68BEDB709ED262345185F2EB249
SHA-512:	3580FBD89B8D0844A6F3ED49586C3BA598E5509F0B5368CBBA6720E67C454D647F31A1E28FB9B2DA43333FC9F98C1CC5E4E4DC5C1E6CE5165E226CE2ABA48DDD
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......!.....S4E{....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C4864B6C6A4B11E8A6D6D2722D844983" xmpMM:InstanceID="xmp.iid:C4864B6B6A4B11E8A6D6D2722D844983" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA8C1503550B11E888C28804482F1475" stRef:documentID="xmp.did:EA8C1504550B11E888C28804482F1475"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..~....IDATx....N.Q...[J-B..j.,\..'..D."...._.n\|$.../.Z.7.@L...z.L.p..3....~..k.8..7g..Lc8...Y..R.Z.)8... u8..

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\news_tab_icon.png

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	974
Entropy (8bit):	5.993390526065508
Encrypted:	false
SSDEEP:	24:nTn1hiyWwh82lYSgXCEVpf2T3xyJ3VxdUKgdOGxr:nT1uvndH+8J3zdadOW
MD5:	F0FEC68EDCD63622759E14982FCA73AF
SHA1:	F89643A5E0A24C79CC79FAEC087A0D5E6D51C197
SHA-256:	F598D298C7A3C75B87C43CC478B933E56F75264C42E5D0D122F2DC2AAAA9DA26
SHA-512:	AAAF3F20181977879ED755ED45515249837595362C3D2591CC356F226C6099EB9655E69A86603D8BAE758B5C59D6495DDE1219653DC9D6E22545346252EABA8D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............h6....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:ACA5FB618FDF11E8BC19D331D1D75F8C" xmpMM:InstanceID="xmp.iid:ACA5FB608FDF11E8BC19D331D1D75F8C" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BD937AE4688A11E8B42DEB388A299364" stRef:documentID="xmp.did:BD937AE5688A11E8B42DEB388A299364"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3.:...>IDATx.b4\V.@.`b .....B..hF.5YQKm...I.?`.......~.c<....n".N..0.k...._......IEND.B`.

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\xundu\product.ico

Download File

Process:	C:\Users\user\Downloads\Utils\MiniNews.exe
File Type:	MS Windows icon resource - 8 icons, -128x-128, 32 bits/pixel, 96x96, 32 bits/pixel
Category:	dropped
Size (bytes):	161862
Entropy (8bit):	3.267901214538903
Encrypted:	false
SSDEEP:	384:rn4ZkPKFNriYtJ7/r+5lPVBsuRtw2Mhx0JFVrxAQD:D4GPqN7Li5lPVBLRXMhuJFVrxAI
MD5:	C3424DC74A8590137EFE478A75DD4F4F
SHA1:	ADF2EA5F2F1869FBF6A28603503671E75B53E416
SHA-256:	EFAF5554E09211D3B6DED0A8C154A7F8E59823A3C403B96C487BFB1F43C5D8D5
SHA-512:	8980E848C6A428A8281D9F0F713168BA727CBB40941C8E266CF22E3B58E7D17B223E8D50365AA5D58EBFEFBF038CD52EB2D32A7878FC1CA958A87783B448E2ED
Malicious:	false
Reputation:	low
Preview:	............ .(.......``.... .........HH.... ..T..V...@@.... .(B......00.... ..%...4.. .... ......Y........ .....Vj........ .h....s..(............. .....................................................................................->.SYy..x..................................................................................................................................................................................................................................................................................................................................................................................................x...Xy..->.S................................................................................................,<.Q{...............................................................................................................................................................................................................................................................

C:\Users\user\Downloads\360Base.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	883528
Entropy (8bit):	6.70016089285541
Encrypted:	false
SSDEEP:	12288:QVOg//e45xTf7F6HDijel/R3ieZ+oaUZw4P/RqfjrTpvFmwDWv6TmFlQsU2rx+f:QYg/rh9jePibpianTtcCpTmFlVU2rx0
MD5:	AB00BED7CB2B7A8290E247FC34AAA5FF
SHA1:	D6014E2920D9B587A8E12AE1BA0F1E1FC9EDFFA8
SHA-256:	CEFFAEDC050688E8DCC11EC30B703C63FEFBFCF479558604FDB0EA42BCB497C0
SHA-512:	FBE3BF5E142D689BB15D05503FCF5C807AAD5BCB99A02DC99590589EE66F7942A0D8365D470041972212DBDF9C232AB4BBAB25E79D7BCD43F001A95D9012CCA6
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}.F.}.F.}.F..(F^}.F../F.}.F..F.}.F..F.}.F.}.F.}.F..>F.}.F..!F.\|.F..9F.}.F./?F.}.F.}<F.}.F..:F.}.FRich.}.F................PE..L......S...........!.........h......:X...................................................@.........................0...^...4........................`....... ......p................................................................................text............................... ..`.rdata..............................@..@.data...H...........................@....rsrc...............................@..@.reloc..T.... ......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\360NetUL.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	236872
Entropy (8bit):	6.7034655766010385
Encrypted:	false
SSDEEP:	6144:WJlU7zM4nGH4Ye1XBINNN8YCh2Jo9TB7PT0Rc1:W/SMH4YUXBIfPdo9T1l
MD5:	6C2CD3003689A373B158A4F8C6FE75A7
SHA1:	F4938A64224B9CFC16920A83B4CB9EF83C8B68FF
SHA-256:	A7FF68FE983F3FC97EFCD0970E3F93952658420290A3E3D1CEC97A2E0BFA83ED
SHA-512:	8A89DA3786BCC7B2936E090A35B51FE59FA37C5B80BAC5FD471777B9068A79B8F46BDEAF22F8D5BE8BF47A3E1E239366F04EA1FB49C2233526BD1EA545960BD0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."..sL..sL..sL.....sL....{sL..7..sL..sM.UsL.....sL.....sL..!..sL.....sL.Rich.sL.................PE..L...=.LS...........!.................T....................................................@......................... E.......6..........\..........................................................`...@...............t............................text............................... ..`.rdata.............................@..@.data....1...P.......8..............@....rsrc...\............N..............@..@.reloc...(.......*...V..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\971c3db5-228d-4e34-ad97-a62124199b4b.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	7-zip archive data, version 0.4
Category:	dropped
Size (bytes):	36934
Entropy (8bit):	7.995206593182269
Encrypted:	true
SSDEEP:	768:VsmtUG16fWOAJxlyY8tKFD9cbeQnnUD0v03h2yZuj5guzAUzZomu7dXRVF:emyI6fXAJVDa3nUIvPyZuBzpBu7D
MD5:	A70C9411BCE4B385C6DA3BBF89E5937A
SHA1:	EB2D2718F1474ECFF6B92771B53FAA491FC34D43
SHA-256:	7BE04F0436A66FA5219D2E23F3D629C6C5C06C8AA30B86F4D65DA5220D25DD8A
SHA-512:	A538BE40099A17B6F4636FCCEB4782714DD42BE691C7055CAAE9C96F3D53692B77977422885C7E0B024A569A748637AA4CE74BE3DBE34DEAAE37F04A21664CDC
Malicious:	false
Reputation:	low
Preview:	7z..'...Y>.lU,F.....%..........H.....].&..p.........../D.N...BTJ.u..a.s'..N/:.lz..........q.+.....S..U.^dq..~@..9en...@...3.x~....8..G?..2.$......s..hYI.~Ptj.D_..$...'...#...F....@...;.=T......m.Y$I.f.v.....Ex.@..#.q].38..r.De.N....#l.,..l...o.\|.x.....a...).w...5@...........4/.)?..D.x....H.f).:/..z....=..G..{..B....a.......\|.........P.Xf...!..i.z&./...V..XT.vt.=w....#Wq{z../......p./...u...\...q..$...\\d...v...E.....(.<.B...........Ym....J..9p.eWs`.....Y=....:g.%bp.-N.k'!.#..W4}h...p.#..>..ibb~SP. A.8.r.....+1..........?9.. .../EYvBm..I;.9.\%..1..q..X.BOP.O..~..\|.....?..Swc.Tt....&J..z.K7...i.=.YB..'[.B.].W........j..U..ob..U.'lB...3.!u....{$K..>M..~..a..&...\.c...D..."x..2.....yc.....8 ..=E...1.c.Lf)@..,G4..O..#....&..~.....N....L.&.P....].ABF}..+GNI..fax1.D.s..n.<t.-.S8.......ZG....X...V.\i.K....}b/.4b....J..Z..ep.W#k..l.X.+Z?4.....r.a.Q.PrQd;...zwGt->..I......?.[.L)~`..Z...9".,.Mn'.J...*......7..3.d.oBA.7)n..%.Ag..>..mKy.....`$.

C:\Users\user\Downloads\MasterPDF.exe

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	68424
Entropy (8bit):	6.371387010979524
Encrypted:	false
SSDEEP:	768:5LNk0yiFYWkgALpW+QvSugX0wUepQNXTQXdF+Q+An70emea+AkIWqSux:AyY8wugEwOVEXdz70eqiIXS
MD5:	CA4E189F4A3ACE1E728786A0E2998D85
SHA1:	D44F955300E106887CA597A9CFD06C098625B71E
SHA-256:	5776BD2CE6F4BAE0BFB44AA9EB1E147C7B6051D211AAA3AD565AD4F3742E652B
SHA-512:	E0B0CB646FB9218C87A0A124743261347CBA29B1D21A226AD61DB194E9F22ED40890226602091E6C551E5082DFB18E9318B016B99662D862B5528A0E692AB717
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.<w..ow..ow..oPj.os..o...o~..ow..o...oPj.of..oPj.o>..oPj.ov..oPj.o]..oPj.ov..oPj.ov..oRichw..o........................PE..L......J...........!.........6.......>............@.......................... .......%....@.........................p...^...<...d.......<.......................8...................................x,..@............................................text.............................. ..`.data...............................@....rsrc...<...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\Utils\DisPatchMini.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	587112
Entropy (8bit):	6.65851380090146
Encrypted:	false
SSDEEP:	12288:jC2FVR9gBoLamx6HeUEDyAfhH0EjkZgn78ezd3:m2FVReBo5xqAfhH0EYZg
MD5:	61432453BFF112A807354977468A2D65
SHA1:	E54343B8A1A9D1FC94AC9F3E3DBD4930346AFE53
SHA-256:	C9AFCBB90BEC719D89D07969D37B2601E33320556F1E89591EE45E97A5EB3348
SHA-512:	514B4145B7A68091A5E1CAE9A91A54FF95CA216463426EDEF504F1D330770B1DC9C3751AD6B55EE2CDDB35ACE87F91DC8C63F3D43E04A2D18803F02DDAE6A9ED
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..........-j..~j..~j..~..L~{..~..N~..~..O~t..~c.>~k..~8..r..~...h..~j..~k..~...k..~...l..~+...y..~8..J..~8..P..~c..~w..~j..~...~...\|..~...k..~..B~k..~j.*~k..~...k..~Richj..~........PE..L...=.h]...........!....."...........P.......@.......................................P....@..........................9..p...0:..,........................4.......U......T...........................h...@............@..\............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data....K...P.......4..............@....rsrc................b..............@..@.reloc...U.......V...h..............@..B................................................................................................................................................................................................................................................

C:\Users\user\Downloads\Utils\LDSBasic.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1743872
Entropy (8bit):	6.77204749057581
Encrypted:	false
SSDEEP:	49152:LlMT8cA4VPho161nINsq0695cPOieKd3gRBR:xMTPQ1EImAcPNvd3w
MD5:	B8DA66F1D207C1048E3FE69464830EEF
SHA1:	DDF0F50EC6074F0AD0242E308833E643CB06B85F
SHA-256:	CFDEAB2D532660D0FF0B4CC23D8D58B37A98C19B42F75F23DE030DBDC577FFEC
SHA-512:	6ECD9EF24C01255CC8A8F6693CF42E910D31CD9DCECBF4E6703E1B98BE4A453E1D7CA17FCB2BB4E37A48F66C28B3FE84FE7DA3C52685AE007F6652E3FCEEDC77
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.......6..r...r...r....; .F....;"....;#.T...M...p...r...s.......w.......q.......x...3...p...3...R...{.R.{...{.B.W...r.......a...o...a...L...a...Q...M...m...M...X...M...s...M...s...r.F.s...M...s...Richr...........................PE..L.....\...........!......................................................................@.....................................T....................d..h7..........0M..T...................(N.......M..@............................................text.............................. ..`.rdata..Hi.......j..................@..@.data...0...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\Downloads\Utils\LdsWebView.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1067520
Entropy (8bit):	5.9499225205971475
Encrypted:	false
SSDEEP:	24576:vISO3dfT0eqoL5tj112jGLF2eoRdDyLI3QAp9jIL23QyPXacu2Bz:vTEdfTbL5tj112jGLF2eoRdDyLI3QAjr
MD5:	0A603A6F1B5DBB6FE93D8DB67945EEB5
SHA1:	A623DC4E268E1EFB28DE1E5CAFBB4B7F2AA37889
SHA-256:	EADA1A3632EDBC2E7CEC0BCD5B7EE877995B0FC1C7A349BD2377FA31E939FF1B
SHA-512:	61BA6506753A8BDBFE8E212A43C73D9F33A49342CEF74893DB64853916FAE777C4B4A5C23BD90F8C3DBBC2A8DC8A92D5BEC0BD226A1068741D97C3705F529D50
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$....................v4c....v4a.n...v4`....\.U........................................................m................Rich...................PE..L...3..]...........!......................... ......................................G:....@..........................H..................................h7......0p......8...........................H...@............................................text............................... ..`.rdata..R... ...,..................@..@.data...\J...P......:..............@....idata..f............d..............@..@.shared.............................@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc...~..........................@..B........................................................................................................

C:\Users\user\Downloads\Utils\MiniNews.exe

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4239872
Entropy (8bit):	7.070172012255232
Encrypted:	false
SSDEEP:	98304:UhaKNvEOj7TwWoFSpM0F8NF59zbLogRixeyVqZ2J:UIKNvH7Twup9esgRixHuQ
MD5:	5F855B18F8B30ACAF2E9764E99FEA3A3
SHA1:	D8D20A0C9CA82B89A1BD436782B1F71E479BF557
SHA-256:	C98A7F86AD9C7B75D3EA03A5600D7E068F9FA48815FB635E578773556CC8A2F9
SHA-512:	BF58DE358D36033C6769E87AE2A28962AD38B51BEB2C8A607BA8798AC7DDF83C86D3953FAAD13360EBADE70C3C7EDB919AECB84CD1AFBAB4009A14E636A6B679
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 10%
Reputation:	low
Preview:	MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........d}............aZ......aZ..{...aZ..............Kf........./......./......./......./............../......./............................./......./....................../....Rich....................PE..L...9].\......................$.....w.............@...........................@.......@...@.................................(r ......P!.<3...........z@.h7....?..:..P...T...................H...........@............................................text...=........................... ..`.rdata.............................@..@.data...h..... ..x.... .............@....rsrc...<3...P!..4....!.............@..@.reloc...:....?..<...<?.............@..B................................................................................................................................................................................................................................

C:\Users\user\Downloads\Utils\ie\LdsIeView.exe

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1038336
Entropy (8bit):	6.6898175965290525
Encrypted:	false
SSDEEP:	24576:a/cnBzZ0xPlKJaGfL5tj112jGLF2eoRdDyLI3QAcNR4PTdB3Bxi3tJ:TGgfL5tj112jGLF2eoRdDyLI3QAczqZe
MD5:	6369CEB54B36EB1C462659F2569B1073
SHA1:	E6E57770B0CB853A024714BBADF8CDBAA008FD5F
SHA-256:	3CF036ECC419DC74122BA512E7872B57ABA7EA2109E4ABD1A46264A148B45E65
SHA-512:	ACE96F663FD44474309387890884881931C90EC413CA5D4396360661C3BBBC553DD817E5FE483F23BFE470C418ECCF673F84F84826313EEA7EF89E46E33D1209
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........FfO.(5O.(5O.(5.K.5@.(5.K.5..(5.K.5R.(5#.,4K.(5p. 4M.(5O.(5N.(51.45H.(5.w.5L.(5\.+4V.(5..-4_.(5\.,4j.(5\.-4..(5F..5B.(5F..5j.(5O.)5a.(5p.-4T.(5p..5N.(5O.5N.(5p.4N.(5RichO.(5........PE..L......].................<...^.......].......P....@..................................z....@.................................,...\|....P..\...............h7...`......@...T...................8...........@............P...............................text....;.......<.................. ..`.rdata..T....P.......@..............@..@.data....W.........................@....rsrc...\....P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

C:\Users\user\Downloads\mini_20190902.7z (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	7-zip archive data, version 0.4
Category:	dropped
Size (bytes):	4598938
Entropy (8bit):	7.999947390646124
Encrypted:	true
SSDEEP:	98304:mNsWzs1kd/gpzCDweRNbXkN7pUdlhw/Yys/u:mNsW2/p5eRNnG/sW
MD5:	62B51D9E656AF3B6DE2B634B00EEB1D7
SHA1:	3438204AAF2F2C0D6D49F576E327C0DB8E2A19B4
SHA-256:	17C64F0675040D4CA5F935D0833E416BBD65AC1CE684E9D7750EE4EA4149F73D
SHA-512:	4B05DFD4A0EC50FC4894B8CE523AA637DEFBC44CB0BA268A8A3866BC4D39A96A170E9C5D1B8FD1F1B09E3FDE80CA29AEF982B631835C80AA554BDF3226DE261A
Malicious:	false
Reputation:	low
Preview:	7z..'...Y>.lU,F.....%..........H.....].&..p.........../D.N...BTJ.u..a.s'..N/:.lz..........q.+.....S..U.^dq..~@..9en...@...3.x~....8..G?..2.$......s..hYI.~Ptj.D_..$...'...#...F....@...;.=T......m.Y$I.f.v.....Ex.@..#.q].38..r.De.N....#l.,..l...o.\|.x.....a...).w...5@...........4/.)?..D.x....H.f).:/..z....=..G..{..B....a.......\|.........P.Xf...!..i.z&./...V..XT.vt.=w....#Wq{z../......p./...u...\...q..$...\\d...v...E.....(.<.B...........Ym....J..9p.eWs`.....Y=....:g.%bp.-N.k'!.#..W4}h...p.#..>..ibb~SP. A.8.r.....+1..........?9.. .../EYvBm..I;.9.\%..1..q..X.BOP.O..~..\|.....?..Swc.Tt....&J..z.K7...i.=.YB..'[.B.].W........j..U..ob..U.'lB...3.!u....{$K..>M..~..a..&...\.c...D..."x..2.....yc.....8 ..=E...1.c.Lf)@..,G4..O..#....&..~.....N....L.&.P....].ABF}..+GNI..fax1.D.s..n.<t.-.S8.......ZG....X...V.\i.K....}b/.4b....J..Z..ep.W#k..l.X.+Z?4.....r.a.Q.PrQd;...zwGt->..I......?.[.L)~`..Z...9".,.Mn'.J...*......7..3.d.oBA.7)n..%.Ag..>..mKy.....`$.

C:\Users\user\Downloads\mini_20190902.7z.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	7-zip archive data, version 0.4
Category:	dropped
Size (bytes):	4598938
Entropy (8bit):	7.999947390646124
Encrypted:	true
SSDEEP:	98304:mNsWzs1kd/gpzCDweRNbXkN7pUdlhw/Yys/u:mNsW2/p5eRNnG/sW
MD5:	62B51D9E656AF3B6DE2B634B00EEB1D7
SHA1:	3438204AAF2F2C0D6D49F576E327C0DB8E2A19B4
SHA-256:	17C64F0675040D4CA5F935D0833E416BBD65AC1CE684E9D7750EE4EA4149F73D
SHA-512:	4B05DFD4A0EC50FC4894B8CE523AA637DEFBC44CB0BA268A8A3866BC4D39A96A170E9C5D1B8FD1F1B09E3FDE80CA29AEF982B631835C80AA554BDF3226DE261A
Malicious:	false
Reputation:	low
Preview:	7z..'...Y>.lU,F.....%..........H.....].&..p.........../D.N...BTJ.u..a.s'..N/:.lz..........q.+.....S..U.^dq..~@..9en...@...3.x~....8..G?..2.$......s..hYI.~Ptj.D_..$...'...#...F....@...;.=T......m.Y$I.f.v.....Ex.@..#.q].38..r.De.N....#l.,..l...o.\|.x.....a...).w...5@...........4/.)?..D.x....H.f).:/..z....=..G..{..B....a.......\|.........P.Xf...!..i.z&./...V..XT.vt.=w....#Wq{z../......p./...u...\...q..$...\\d...v...E.....(.<.B...........Ym....J..9p.eWs`.....Y=....:g.%bp.-N.k'!.#..W4}h...p.#..>..ibb~SP. A.8.r.....+1..........?9.. .../EYvBm..I;.9.\%..1..q..X.BOP.O..~..\|.....?..Swc.Tt....&J..z.K7...i.=.YB..'[.B.].W........j..U..ob..U.'lB...3.!u....{$K..>M..~..a..&...\.c...D..."x..2.....yc.....8 ..=E...1.c.Lf)@..,G4..O..#....&..~.....N....L.&.P....].ABF}..+GNI..fax1.D.s..n.<t.-.S8.......ZG....X...V.\i.K....}b/.4b....J..Z..ep.W#k..l.X.+Z?4.....r.a.Q.PrQd;...zwGt->..I......?.[.L)~`..Z...9".,.Mn'.J...*......7..3.d.oBA.7)n..%.Ag..>..mKy.....`$.

C:\Users\user\Downloads\plugin\Basic.tpi

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1816936
Entropy (8bit):	6.758032419093093
Encrypted:	false
SSDEEP:	24576:aeMflN23SKZG30V1kUYudqMlxj39IeDlFVY/ifI9WXfkPnRXPoqoj8Eartm0hwsY:ZSOvqEjtIep57fk/to8sSG084rlQbr
MD5:	76D5574404B95B155EABE71F77E88462
SHA1:	F8087235351AAF8EDDF908A1D4E1CA0DEA8E569C
SHA-256:	D011FAB388CBA359AB5BA0F1ADB8FFDCEDAF76399975B4E57700B919527532ED
SHA-512:	E3EAE742B1CAB201E2080B616633562542F5CFA3508EA5F922D69F81A634854F566FAF6DCF3D36B679A7C45959B65B39B8CAD7C03EBE2721FB6DDF51BC82D9BB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$...........C..KC..KC..K.6CKw..K.6AK...K.6@Ke..KC..KB..K..JH..K..uKF..K..J^..K..JB..K..J]..K..J`..K..J...KJ.1KJ..KJ.!Kj..KC..K...K..Jc..K..Jp..K..JB..K..MKB..KC.%KB..K..JB..KRichC..K........................PE..L...\|.e]...........!.....T...N...............p...........................................@.................................,...........P................4......\|...pV..T...................hW.......V..@............p...............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data.......@......................@....rsrc...P...........................@..@.reloc..\|...........................@..B........................................................................................................................................................................................................................

C:\Users\user\Downloads\plugin\PopMgr.tpi

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1409608
Entropy (8bit):	6.577922029744569
Encrypted:	false
SSDEEP:	24576:K2QO56cvFDe0+KpYQ0LnePuoIR3T6XtYhLkjt5xhX:KWbDeLKpYQ0LnePuoIR3wtYFkjt5xhX
MD5:	62787027F2ADF82C2E1F07B93EB964D2
SHA1:	7640575961D58F414E5F2FF78AC1F34AA7C67D33
SHA-256:	15675015EEFB9BC51E991F3A0FD05F836694DCA01A9B7FCDD1E42FFC7CE727A6
SHA-512:	19F935AFF0056DF79A62B151FF09691967C288010CE99C3D99B388837A32271B61DC7A5D11AD459AABE625D3A169B4395289EAE3CFDCB4CB5C15AD18B435948D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+%bqoD."oD."oD."H.a"nD."..."mD."f<."pD."f<.".D."f<.".D."H.w"vD."oD.".D."f<."@D."f<."nD."q.."nD."f<."nD."RichoD."........PE..L.....Z[...........!................ ...............................................~.....@.........................@d..N....Q.......................J...7... ..........................................@...............<............................text............................... ..`.rdata..............................@..@.data...\....p...N...N..............@....tls................................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\plugin\PopMgrStub.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1378376
Entropy (8bit):	6.567021802472494
Encrypted:	false
SSDEEP:	24576:ED/1gTa2SAc25iiWwdZnHLGh/l+YBsXRk+liYFhMmEm9HZ:Eh2Xc2MZwdZnHLGhl+YeXRJiYF6mEm95
MD5:	518DA492CFBD3E8FAA7EB3B8B7A68AD0
SHA1:	274D3C5DB56923A770F23518775E9748ABB2C21F
SHA-256:	73FA5520E612CD8F15EAC65ED5DF3EB8EC3DD21D411D6F9FFC003D6B37D5AF3B
SHA-512:	CECA19D31F3CDF1C6A70238A4309F7569B5908C5C6F981434FF284CD48EF82528CF56B06700854E25FD3DF9059BA2ECB6491BF0B8555582C7CBAFEEDEB1A7F04
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.b9..19..19..1.I.18..1..u1;..10.v1&..10.`1...10.g1M..1.I.1...19..1..10.i1...10.q18..1'.w18..10.r18..1Rich9..1........................PE..L.....Z[...........!.....\...n..............p...............................@......be....@.............................J................................7......\{...s.......................g......Hg..@............p...............................text...K[.......\.................. ..`.rdata...}...p...~...`..............@..@.data............J..................@....tls.................(..............@....rsrc................*..............@..@.reloc..2............0..............@..B........................................................................................................................................................................................................................................................

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 9, 2022 05:34:11.512372971 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.512408972 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.512469053 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.512672901 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.512686968 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.512737036 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.514182091 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.514199972 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.514359951 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.514369011 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.584178925 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.585556984 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.585602999 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.587367058 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.587508917 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.613815069 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.617207050 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.617223978 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.617811918 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.617902040 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.618762016 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.618834019 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.729288101 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:11.730933905 CET	49695	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:11.904196978 CET	49696	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:11.929594994 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.929661036 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.930033922 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.930495977 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.930529118 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.930717945 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.930788994 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.931143999 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.933082104 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.933129072 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.959520102 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.959723949 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.959757090 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.959857941 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.959922075 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.961639881 CET	49693	443	192.168.2.3	142.250.186.110
Dec 9, 2022 05:34:11.961671114 CET	443	49693	142.250.186.110	192.168.2.3
Dec 9, 2022 05:34:11.963754892 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:11.963884115 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:11.964885950 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:11.970922947 CET	80	49695	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:11.971077919 CET	49695	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:11.974917889 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.982903957 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.982990980 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.983031988 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.983211040 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:11.983284950 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.984858990 CET	49692	443	192.168.2.3	142.250.186.45
Dec 9, 2022 05:34:11.984899998 CET	443	49692	142.250.186.45	192.168.2.3
Dec 9, 2022 05:34:12.138940096 CET	80	49696	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:12.139055014 CET	49696	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:12.508800030 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:12.742727995 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:12.747083902 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:12.755105019 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:12.755187988 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:12.952687979 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:13.192528963 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.193746090 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.194021940 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:13.201749086 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.209676027 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.209919930 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:13.217689037 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.225828886 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.225934029 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:13.233676910 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.241739988 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.241930008 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:13.249672890 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.257663965 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.257792950 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:13.265569925 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.305871010 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:13.430120945 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.438069105 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.438354015 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:13.445962906 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.453918934 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:13.454144955 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:15.445066929 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:15.445135117 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:15.445277929 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:15.445528030 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:15.445554972 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:15.511647940 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:15.512067080 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:15.512108088 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:15.513887882 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:15.514077902 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:15.516021967 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:15.516037941 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:15.516134024 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:15.556003094 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:15.556042910 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:15.595995903 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:25.490159035 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:25.490283966 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:25.490397930 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:27.301794052 CET	49704	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:27.301860094 CET	443	49704	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:28.193860054 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:28.194194078 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:29.307524920 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:29.926295042 CET	49694	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:30.340692997 CET	80	49694	123.56.161.176	192.168.2.3
Dec 9, 2022 05:34:44.499049902 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.499114990 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.499205112 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.499726057 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.499746084 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.555546999 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.598244905 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.605818033 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.605843067 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.607122898 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.647515059 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.650152922 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.650181055 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.650346994 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.650353909 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.650516987 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.689728022 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.689883947 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.689922094 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.690762997 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.690866947 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.734138966 CET	49738	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.734180927 CET	443	49738	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.823227882 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.823277950 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.823393106 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.823754072 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.823775053 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.883670092 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.902313948 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.902354956 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.903567076 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.942673922 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.942720890 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.942847013 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.942853928 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.943032980 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.984580040 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.999382973 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.999497890 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.999584913 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.999586105 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.999633074 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:44.999705076 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:44.999902964 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.000035048 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.000103951 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.000117064 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.001595974 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.001686096 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.001705885 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.002352953 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.002460003 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.002475977 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.003642082 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.003721952 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.003739119 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.018408060 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.018492937 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.018563986 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.018578053 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.018610001 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.018627882 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.019745111 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.019835949 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.019853115 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.021085024 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.021188974 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.021208048 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.022407055 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.022480965 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.022501945 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.023598909 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.023675919 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.023694992 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.024833918 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.024910927 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.024926901 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.026041985 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.026117086 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.026133060 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.027230024 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.027328014 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.027348042 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.028398037 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.028476954 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.028492928 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.029642105 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.029716015 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.029735088 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.030764103 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.030829906 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.030848026 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.032525063 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.032601118 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.032610893 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.032629967 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.032685041 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.036757946 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.037074089 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.037156105 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.037175894 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.038094044 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.038177967 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.249532938 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.249623060 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.249628067 CET	49739	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.249664068 CET	443	49739	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.249766111 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.256329060 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.256380081 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.320465088 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.364330053 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.364418030 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.366395950 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.368098021 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.368139029 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.368385077 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.368463993 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.368489027 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.408577919 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.438452005 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.438575029 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.438647985 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.438654900 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.438699007 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.438827038 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.439013958 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.440263987 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.440336943 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.440344095 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.440362930 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.440421104 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.441513062 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.442822933 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.442889929 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.442923069 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.442945004 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.443008900 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.456918955 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.457364082 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.457439899 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.457531929 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.457588911 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.457662106 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.458540916 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.459881067 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.459958076 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.459959984 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.459995031 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.460055113 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.461172104 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.462469101 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.462539911 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.462596893 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.462622881 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.462691069 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.463754892 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.465066910 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.465140104 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.465179920 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.465198994 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.465265989 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.466487885 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.467502117 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.467577934 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.467612028 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.467632055 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.467708111 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.468677998 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.469871998 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.469934940 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.470015049 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.470037937 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.470107079 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.471040010 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.471719027 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.471837997 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.471856117 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.475544930 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.475728989 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.475766897 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.475933075 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.476007938 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.476028919 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.476917982 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.477018118 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.477045059 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.477722883 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.477826118 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.477874994 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.478576899 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.478691101 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.478735924 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.479435921 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.479521036 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.479543924 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.480360985 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.480485916 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.480519056 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.481131077 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.481225014 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.481252909 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.482002974 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.482099056 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.482134104 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.482861996 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.482955933 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.482988119 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.483825922 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.483918905 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.483952999 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.484946966 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.485008955 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.485110998 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.485158920 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.485233068 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.485851049 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.485955000 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.486047983 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.486090899 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.486706972 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.486795902 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.486835957 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.487610102 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.487687111 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.487709999 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.488482952 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.488584995 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.488610029 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.489407063 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.489567995 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.489593029 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.490175009 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.490267992 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.490293980 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.490953922 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.491055965 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.491080046 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.491825104 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.491915941 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.491940975 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.492539883 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.492626905 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.492650032 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.493293047 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.493381977 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.493406057 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.494056940 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.494144917 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.494168997 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.495167017 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.495244026 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.495266914 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.495292902 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.495347023 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.495958090 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.496068001 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.496136904 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.496160984 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.496841908 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.496915102 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.496927023 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.496952057 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.497003078 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.497452021 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.497607946 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.497677088 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.497684002 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.497709990 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.497772932 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.498380899 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.498513937 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.498588085 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.498615980 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.498640060 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.498686075 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.499449015 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.499573946 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.499639988 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.499646902 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.499670982 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.499723911 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.500319004 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.500447989 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.500514984 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.500524998 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.500546932 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.500602961 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.501125097 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.501610994 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.501681089 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.501715899 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.501740932 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.501811028 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.501825094 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.502420902 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.502496004 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.502518892 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.502542019 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.502599955 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.502613068 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.502636909 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.502698898 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.503441095 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.503621101 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.503695965 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.503698111 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.503719091 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.503772020 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.504159927 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.504281998 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.504355907 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.504398108 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.504420996 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.504484892 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.504914045 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.506108046 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.506196022 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.542325020 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.648514032 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.648551941 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.648670912 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.649087906 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.649106026 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.711497068 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.723376989 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.723433971 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.724891901 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.765590906 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.822231054 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.822268963 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.822501898 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.823925018 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.823935986 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.823955059 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.823997974 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.824116945 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.824318886 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.824340105 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.840282917 CET	49740	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.840316057 CET	443	49740	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.876784086 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.877098083 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.877259016 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.884273052 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.924658060 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.932620049 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.932657957 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.934139013 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.948362112 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.948422909 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.948651075 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:45.948667049 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.948818922 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:45.989552975 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:46.005554914 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:46.007952929 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:46.008100986 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:46.030179024 CET	49741	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:46.030213118 CET	443	49741	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:46.217878103 CET	49742	443	192.168.2.3	142.250.185.132
Dec 9, 2022 05:34:46.217926025 CET	443	49742	142.250.185.132	192.168.2.3
Dec 9, 2022 05:34:46.719270945 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.719367027 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.719480991 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.719729900 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.719760895 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.781863928 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.782294989 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.782355070 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.783488035 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.783655882 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.902833939 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.902911901 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.903047085 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.903064966 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.903271914 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.922451973 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.922553062 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.922581911 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.922652006 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.922741890 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.922746897 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.922774076 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.922853947 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.922880888 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.923116922 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.923196077 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.923218966 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.924447060 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.924547911 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.924566984 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.925542116 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.925636053 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.925657988 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.939627886 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.939706087 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.939791918 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.939810991 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.939836025 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.939899921 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.941121101 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.941200972 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.941214085 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.941239119 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.941304922 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.942159891 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.943351030 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.943418980 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.943439960 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.943473101 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.943542957 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.944515944 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.945920944 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.946001053 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.946017027 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.946043015 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.946110010 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.946826935 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.947913885 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.947994947 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.948015928 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.948045015 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.948117018 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.949043989 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.950088978 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.950166941 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.950182915 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.950206995 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.950272083 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.951172113 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.952267885 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.952383041 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.952405930 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.952433109 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.952502966 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.953294992 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.956501007 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.956579924 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.956594944 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.956625938 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.956701994 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.956856012 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.957811117 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.957886934 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.957897902 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.957921982 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.957989931 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.958482981 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.959326029 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.959400892 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.959414959 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.959439993 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.959510088 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.960000992 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.960802078 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.960890055 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.960915089 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.961597919 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.961673021 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.961692095 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.961718082 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.961796045 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.962373018 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.963196993 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.963274956 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.963289976 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.963319063 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.963396072 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.963946104 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.964407921 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.964493036 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.964519024 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.965215921 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.965306997 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.965332985 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.965955019 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.966039896 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.966064930 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.966774940 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.966861963 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.966881990 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.967571020 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.967655897 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.967677116 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.968266964 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.968344927 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.968365908 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.969188929 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.969279051 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.969301939 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.969829082 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.969912052 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.969930887 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.970551968 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.970634937 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.970655918 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.971265078 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.971342087 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.971362114 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.971972942 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.972057104 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.972075939 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.972676039 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.972769022 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.972795010 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.973639965 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.973728895 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.973752022 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.973908901 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:46.974001884 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.975342035 CET	49745	443	192.168.2.3	216.58.212.174
Dec 9, 2022 05:34:46.975378990 CET	443	49745	216.58.212.174	192.168.2.3
Dec 9, 2022 05:34:47.897047043 CET	49750	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:47.898526907 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.018599033 CET	49752	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.166805983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.167177916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.167572021 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.204225063 CET	80	49750	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.204457998 CET	49750	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.294476986 CET	80	49752	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.294761896 CET	49752	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.425708055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.425967932 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.438793898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446038961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446204901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446227074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446245909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446264029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446279049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446296930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446316004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446322918 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446335077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446352005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446371078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446372986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446389914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446403027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446408987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446425915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446443081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446454048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446460962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446477890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446491957 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446495056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446516037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446516991 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446533918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446552038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446559906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446568966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446587086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446597099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446605921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446623087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446623087 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446639061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446654081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446655989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446674109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446691990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446710110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.446721077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.446764946 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.455327988 CET	80	49750	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.455497980 CET	49750	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.544445992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.550237894 CET	80	49752	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.550347090 CET	49752	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.595361948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.595496893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.646305084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.702548027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.714899063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.714943886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.714965105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.714986086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715004921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715022087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715039968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715058088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715071917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715075970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715071917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715095043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715111971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715125084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715125084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715131044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715147972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715162039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715166092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715200901 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715217113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715231895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715255976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715296984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715315104 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715317965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715353012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715373039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715392113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715413094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715431929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715445995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715466976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715481043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715591908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715642929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715708971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715816975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715868950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715874910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715893984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715914011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715948105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.715949059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.715961933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716001034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716020107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716039896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716058016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716070890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716075897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716094017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716104984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716111898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716139078 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716146946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716187000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716188908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716207981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716226101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716254950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716262102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716285944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716315031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716367006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716418028 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716670036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716698885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716717005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716744900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716768026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716784000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716819048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716840029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716865063 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716866970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716886044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716903925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716922045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.716933012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716970921 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.716989040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.717016935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.717063904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.717075109 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.863790035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.863841057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.863857985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.863872051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.864077091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.867290020 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.973839045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.973870039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.974101067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.977423906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.986556053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986577988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986589909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986603022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986614943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986651897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986669064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986721039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986762047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986800909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986839056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986902952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.986929893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.986929893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987018108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987099886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987131119 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987212896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987231970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987291098 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987441063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987514019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987517118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987535954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987548113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987564087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987581015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987596989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987608910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987623930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987626076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987658978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987665892 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987677097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987694979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987706900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987709045 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987725973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987744093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987761021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987777948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987777948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987797022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987812996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987819910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987854004 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987875938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.987973928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.987992048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988059998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988071918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988090992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988123894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988152981 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988195896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988253117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988276958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988296986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988310099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988327026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988362074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988389015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988395929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988409996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988456011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988473892 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988502979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988519907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988568068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988588095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988607883 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988620996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988634109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988668919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988679886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988715887 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988755941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988759995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988830090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988851070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988863945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988883018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988902092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988919973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988923073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988941908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988957882 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.988960981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988980055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.988993883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989015102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989027977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989048004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989054918 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989067078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989085913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989104033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989105940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989135027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989156961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989161015 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989191055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989204884 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989216089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989229918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989248037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989279985 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989285946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989316940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989339113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989351034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989373922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989411116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989449024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989454031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989502907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989541054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989559889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989578962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989603043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989624977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989645004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989706039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989726067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989784956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989804983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989814043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989823103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989850998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989881039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989888906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.989902020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989918947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989938974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.989957094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990020990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990042925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990056992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990082026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990097046 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990101099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990119934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990139008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990151882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990170956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990171909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990191936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990205050 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990222931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990225077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990247011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990261078 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990295887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990314007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990320921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990340948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990374088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990396023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990406036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990416050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990427971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990446091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990489006 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990499020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990520000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:48.990657091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:48.990680933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.135591984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.135653973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.135696888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.135744095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.135808945 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.135873079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.138708115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.138756037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.138798952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.138839006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.138880968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.138921976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.138947010 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.138947010 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.139010906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.244857073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.244920015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.245235920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.247823954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.247870922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.248050928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257086992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257148981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257194996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257241011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257282972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257329941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257352114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257353067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257374048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257406950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257417917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257431030 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257457972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257488966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257498980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257539988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257563114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257581949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257623911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257658958 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257668018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257709980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257735014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257754087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257796049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257827997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257838964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257883072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257925034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.257925034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.257966995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258007050 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258009911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258053064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258075953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258096933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258141994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258169889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258184910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258228064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258265018 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258270025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258316994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258338928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258358002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258402109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258424997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258445024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258486986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258527994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258552074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258569956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258605003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258614063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258656025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258678913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258697987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258730888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258771896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258800983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258812904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258855104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258862972 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258894920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258935928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.258935928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.258979082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259006023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259023905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259066105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259089947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259107113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259150028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259181976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259191990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259234905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259274960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259279013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259326935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259347916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259368896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259412050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259438992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259454012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259496927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259531975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259538889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259581089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259602070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259625912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259679079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259699106 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259721994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259764910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259805918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259825945 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259845972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259882927 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259888887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259928942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.259954929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.259972095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260014057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260036945 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260054111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260096073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260121107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260138988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260179996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260217905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260224104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260267019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260293007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260313988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260358095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260381937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260401011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260442972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260464907 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260483980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260524035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260546923 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260565996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260606050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260632038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260647058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260690928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260710955 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260756016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260798931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260819912 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260839939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260881901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260902882 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260921955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260962009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.260962963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.260992050 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261003971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261044979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261065960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261086941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261127949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261163950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261168957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261210918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261233091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261250973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261292934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261315107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261337042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261378050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261399031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261421919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261461973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261486053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261502028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261543036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261564016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261584997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261625051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261646986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261666059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261708021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261729002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261749029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261789083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261825085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261830091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261869907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261889935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261909962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261950016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.261971951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.261991024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262031078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262052059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262073994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262114048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262139082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262155056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262197018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262221098 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262237072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262278080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262300014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262321949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262363911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262389898 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262406111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262447119 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262479067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262487888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262523890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262530088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262552977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262571096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262603045 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262613058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262651920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262651920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262655020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262684107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262697935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262727976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262739897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262772083 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262780905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262821913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262836933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262862921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262866020 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262903929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262908936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262933969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262944937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.262976885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.262984991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263019085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263026953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263056993 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263070107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263099909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263111115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263144016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263151884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263180017 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263194084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263225079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263235092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263272047 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263274908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263303995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263320923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263346910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263362885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263394117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263405085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263433933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263447046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263478041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263489008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263518095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263530016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.263560057 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.263605118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.404794931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.404894114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.407218933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.407268047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.407318115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.407336950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.407360077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.407399893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.407401085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.407399893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.407448053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.407453060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.407495022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.407536030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.407582998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.407891035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.513868093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.513930082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.513977051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.514036894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.516226053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.516273022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.516305923 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.516366005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.531763077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.531810045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.531881094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.531915903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.535778046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.535824060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.535859108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.535866022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.535882950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.535908937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.535932064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.535944939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.535964966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.535986900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536010027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536030054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536053896 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536070108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536101103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536113024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536150932 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536154985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536176920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536197901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536231041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536238909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536263943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536281109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536309958 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536325932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536350012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536365986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536398888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536406994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536422968 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536448002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536470890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536490917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536524057 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536533117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536556005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536576033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536600113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536617041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536643982 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536659002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536684990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536699057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536727905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536761999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536778927 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536804914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536844969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536848068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536871910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536886930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536914110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536930084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536955118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.536969900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.536998987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537010908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537046909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537055969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537089109 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537097931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537122011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537139893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537158012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537180901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537204027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537221909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537245035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537264109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537295103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537306070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537324905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537350893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537369967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537391901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537415981 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537434101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537456036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537476063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537497997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537518024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537539005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537559986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537580967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537601948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537622929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537643909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537666082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537684917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537707090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537728071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537749052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537769079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537791967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537811041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537838936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537853003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537883997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537894964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537909031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537936926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.537954092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.537977934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538014889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538017988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538038969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538059950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538084984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538104057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538145065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538145065 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538170099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538186073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538227081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538238049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538261890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538269043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538284063 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538310051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538331032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538353920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538373947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538393974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538415909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538434982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538458109 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538475037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538500071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538517952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538539886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538558006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538583040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538599968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538623095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538640976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538662910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538683891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538702965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538724899 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538753033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538772106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538794994 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538814068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538837910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538853884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538877964 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538896084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538917065 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538937092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538958073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.538978100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.538997889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539019108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539041996 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539060116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539082050 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539098978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539124966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539139986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539159060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539180994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539201975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539222002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539238930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539263964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539285898 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539304972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539325953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539347887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539367914 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539388895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539407969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539427996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539448977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539469957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539490938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539510012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539530993 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539551973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539572001 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539593935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539616108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539633989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539654016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539675951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539695978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539717913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539737940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539757967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539778948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539798975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539839029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539839983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539863110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539881945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539901972 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539923906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539944887 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.539963961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.539988041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540004969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540028095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540045977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540067911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540088892 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540106058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540128946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540149927 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540169001 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540193081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540211916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540232897 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540254116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540272951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540294886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540319920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540338039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540349007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540379047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540401936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540419102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540445089 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540460110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540486097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540499926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540517092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540540934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540560007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540582895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540606022 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540622950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540647984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540663958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540690899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540704966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540719986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540765047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540766001 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540805101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540842056 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540847063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540868044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540888071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540910959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540929079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.540951967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.540992975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.674721956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.674865007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.677077055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.677124023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.677160978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.677167892 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.677194118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.677211046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.677225113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.677252054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.677273989 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.677292109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.677334070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.677336931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.677373886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.677398920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.677469015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.677532911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.787725925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.787776947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.787817001 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.787859917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.787890911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.787986040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.803080082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.803128958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.803165913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.803208113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812288046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812350988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812377930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812395096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812416077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812438011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812463045 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812480927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812503099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812525034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812552929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812566996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812583923 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812609911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812630892 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812650919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812676907 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812690973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812706947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812753916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812762022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812805891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812824011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812844992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812866926 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812887907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812922955 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812931061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812947035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.812971115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.812990904 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813011885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.813034058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813052893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.813076973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813093901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.813121080 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813136101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.813157082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813178062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.813199997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813219070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.813237906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813261986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.813302994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.813421011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813575983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.813930988 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.946391106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.948656082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.948740959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.948796034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.948801994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.948848009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.948884964 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.948889017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.948932886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.948975086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.948991060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.949018955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:49.949040890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:49.988893032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.071540117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071607113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071650028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071695089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071746111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071788073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071820974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071849108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.071849108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.071861982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071906090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071947098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.071964025 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.071964025 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.071988106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072010994 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072030067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072072983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072102070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072113991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072154999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072175980 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072195053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072237968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072259903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072278023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072319031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072340965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072357893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072403908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072417974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072444916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072485924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072503090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072527885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072570086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072587013 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072609901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072650909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072666883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072691917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072765112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072770119 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.072805882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072846889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.072887897 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.081674099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.081720114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.081763983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.081804991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.081846952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.081866026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.081866026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.081890106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.081928968 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.081931114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.081973076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082014084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082024097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082063913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082092047 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082108021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082149029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082171917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082190037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082231998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082261086 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082273006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082314968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082338095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082355976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082401037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082422018 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082443953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082485914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082510948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082526922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082568884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082597017 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082608938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082649946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082669973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082695007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082736969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082768917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082771063 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082811117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082840919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082853079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082895041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082925081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.082936049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.082978010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083003998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083019972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083065987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083086014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083117962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083159924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083192110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083201885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083244085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083268881 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083286047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083327055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083353043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083370924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083412886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083439112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083456039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083497047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083523035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083539963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083580971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083606958 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083622932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083664894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083697081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083705902 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083750010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083770990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083791971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083832979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083873987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083878040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083914995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083942890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.083956003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.083997965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084017038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084038019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084079981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084104061 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084121943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084162951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084184885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084204912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084247112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084264994 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084286928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084328890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084347010 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084374905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084417105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084434032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084459066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084500074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084516048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084541082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084582090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084608078 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084625006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084666967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084687948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084707975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084774971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084781885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084820032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084862947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084880114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084903955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084944963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.084963083 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.084985971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085031986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085059881 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085072994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085114956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085134029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085155964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085197926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085215092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085237980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085280895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085297108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085323095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085366964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085382938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085407972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085448980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085468054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085489035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085530043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085556030 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085571051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085613012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085633993 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085654974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085696936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085715055 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085737944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085781097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085794926 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085822105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085865021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085880041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085906982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085948944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.085972071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.085993052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086034060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086055040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086075068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086116076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086133003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086158037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086201906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086225033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086242914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086287022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086302042 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086329937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086374044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086388111 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086416960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086457968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086483002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086497068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086538076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086556911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086579084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086621046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086637974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086663961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086705923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086721897 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086746931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086790085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086806059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086832047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086874008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086894989 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.086915970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086957932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.086973906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.087002039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.087059975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.087152004 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104027987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104079962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104115963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104151011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104150057 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104187012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104222059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104223013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104260921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104285002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104296923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104331017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104365110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104382038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104415894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104448080 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104449987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104485035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104516029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104520082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104556084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104583979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104592085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104628086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104655027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104662895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104697943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104723930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104780912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104815006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104849100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104854107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104885101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104912996 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104921103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104958057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104991913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.104991913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.104991913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.105031967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105062962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.105067015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105103016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105138063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105143070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.105174065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105200052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.105209112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105243921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105262041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.105278015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105313063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105333090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.105350018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105389118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105407953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.105423927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.105473995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.217441082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.217510939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.217556000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.217598915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.217642069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.217674971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.217674971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.217681885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.217724085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.217735052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.217766047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.217824936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.341375113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341439009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341485023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341526985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341568947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341571093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.341614008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341619968 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.341655016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341670990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.341697931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341738939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341751099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.341780901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341821909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341835022 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.341864109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341906071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341916084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.341948986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.341989040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342001915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.342031002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342072010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342081070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.342113972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342154980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342164040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.342195988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342237949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342248917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.342279911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342320919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342338085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.342363119 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342406988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342418909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.342447996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342489004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342502117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.342530012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.342583895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.355740070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.355784893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.355832100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.355873108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.355914116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.355930090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.355931044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.355954885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.355997086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356009960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356038094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356079102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356096983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356121063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356163025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356177092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356203079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356244087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356267929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356286049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356326103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356338024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356367111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356410980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356421947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356452942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356498957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356506109 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356539965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356580973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356591940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356621981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356662989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356676102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356703997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356760025 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356774092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356816053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356861115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356870890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356904030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356945038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.356956005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.356985092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357026100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357036114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357068062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357109070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357120991 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357150078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357191086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357203007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357234001 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357275009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357286930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357316017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357358932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357367992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357403040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357444048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357453108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357486010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357527018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357539892 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357568979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357609034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357620955 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357650042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357692003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357702971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357732058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357774973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357784986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357816935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357857943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357870102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357899904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357940912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.357953072 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.357983112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358023882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358035088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.358064890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358097076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358119011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.358135939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358176947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358186007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.358567953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358613968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358622074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.358655930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358696938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358706951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.358738899 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358781099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358789921 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.358937979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358982086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.358993053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359024048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359066010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359076023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359107971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359149933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359160900 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359191895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359234095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359245062 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359275103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359318018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359325886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359359026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359402895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359412909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359443903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359486103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359498024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359528065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359569073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359579086 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359610081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359651089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359659910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359692097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359733105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359744072 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359774113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359816074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359826088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.359901905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.359957933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360065937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360107899 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360152006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360169888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360194921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360235929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360261917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360279083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360321999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360332012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360361099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360404015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360435009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360445023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360487938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360495090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360529900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360570908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360584974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360613108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360654116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360665083 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360694885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360770941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360788107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.360814095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.360882044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361010075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361046076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361087084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361098051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361129045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361170053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361181021 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361211061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361252069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361277103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361293077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361314058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361335993 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361351967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361378908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361422062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361433029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361464024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361505985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361516953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361547947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361589909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361602068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361629963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361671925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361681938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361715078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361756086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.361768961 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.361953974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362013102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362117052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362160921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362211943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362245083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362287998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362329960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362339973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362373114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362416983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362426996 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362457991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362499952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362512112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362540960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362581968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362592936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362622976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362664938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362678051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362708092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362749100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362761021 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362790108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362831116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362843037 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362871885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362911940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362921953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.362955093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.362997055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363008976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363040924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363082886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363094091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363123894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363167048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363174915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363207102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363248110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363255978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363289118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363332033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363341093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363373995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363416910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363425970 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363459110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363501072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363513947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363543034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363584995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363595009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363626003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363667965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363678932 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363709927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363750935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363761902 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363792896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363835096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363845110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363876104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363918066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.363929987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.363959074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364000082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364012003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364043951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364084959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364094973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364126921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364167929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364180088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364208937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364252090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364259958 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364293098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364334106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364345074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364376068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364418983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364429951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364460945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364504099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364514112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364545107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364586115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364595890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364626884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364667892 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364681005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364711046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364763975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364773035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364814043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364855051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364866972 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364896059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364937067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.364955902 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.364978075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365020037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365032911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365066051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365109921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365118027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365149975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365191936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365200996 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365236044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365258932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365279913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365283966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365302086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365324020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365330935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365345001 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365365982 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365366936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365391970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365401030 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365413904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365425110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365434885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365458012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365473032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365479946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365503073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365514040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365526915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365547895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365554094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365570068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365592957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365598917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365613937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365636110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365643978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365658045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365680933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365686893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365704060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365725040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365734100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365747929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365770102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365775108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365816116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365820885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365843058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365864992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365886927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365895033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365931034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.365936041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.365974903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.366000891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.366028070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.366040945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.366091013 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.374857903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.374903917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.374948025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.374969959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.374989033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375030994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375055075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.375077009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375118017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375130892 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.375159025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375200033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375211000 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.375241995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375282049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375294924 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.375323057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375365019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375380039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.375408888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375449896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375462055 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.375489950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375530958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375541925 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.375571966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375612974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375622988 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.375655890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.375708103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.390417099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.638633966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638696909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638729095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638772964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638813972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638834000 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.638834000 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.638855934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638897896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638940096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638956070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.638981104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.638989925 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639023066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639062881 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639102936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639113903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639143944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639153957 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639184952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639225960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639266014 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639280081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639307976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639318943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639349937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639389992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639435053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639446020 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639476061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639486074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639517069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639559031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639599085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639612913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639640093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639653921 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639683008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639724016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639765978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639777899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639801025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639817953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639842987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639883041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639924049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639940023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.639965057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.639976978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640007973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640048027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640089989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640103102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640131950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640140057 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640172958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640214920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640254974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640270948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640296936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640310049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640337944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640379906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640423059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640435934 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640464067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640475988 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640503883 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640544891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640587091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640597105 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640628099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640638113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640671015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640711069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640769958 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640782118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640866995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640899897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640928984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640944004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.640969038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.640989065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641006947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641046047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641051054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641091108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641134024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641175985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641199112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641217947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641239882 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641259909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641303062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641345978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641361952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641387939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641402960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641434908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641478062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641518116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641540051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641561031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641566992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641601086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641642094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641684055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641702890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641726971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641740084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641767979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641810894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641853094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641875982 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641895056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641921043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.641937971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.641980886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642024040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642034054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642066956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642079115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642108917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642151117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642194033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642205954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642236948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642252922 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642278910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642321110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642365932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642391920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642411947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642421007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642455101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642498016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642539978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642556906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642581940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642595053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642626047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642668962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642714024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642733097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642755985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642779112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642800093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642841101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642880917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642924070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.642925024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642946959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.642966032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643009901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643054962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643085003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643096924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643105030 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643141031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643184900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643227100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643248081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643269062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643285990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643311024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643352985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643393040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643397093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643443108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643485069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643501043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643527985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643543959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643568993 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643611908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643685102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643738985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643785954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643806934 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643829107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643872023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643913984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643932104 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643955946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.643968105 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.643999100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644040108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644084930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644105911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644128084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644144058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644171000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644212961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644253969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644269943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644295931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644324064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644336939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644380093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644427061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644443035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644469976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644485950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644511938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644555092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644598961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644620895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644639015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644654989 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644681931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644722939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644788027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644803047 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644831896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644845009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.644875050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644917011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644958973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.644979954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645000935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645015955 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645044088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645091057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645134926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645169973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645176888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645219088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645226002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645299911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645332098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645373106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645391941 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645418882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645432949 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645462990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645474911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645505905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645549059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645591021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645610094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645632029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645646095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645673037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645714045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645754099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645771027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645795107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645809889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645836115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645876884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645919085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645936966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.645961046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.645975113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646003008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646044016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646085024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646100044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646126032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646141052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646167040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646208048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646250010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646303892 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646305084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646346092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646347046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646390915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646436930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646450996 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646480083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646490097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646522045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646563053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646604061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646617889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646646023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646657944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646687984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646730900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646770954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646785975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646812916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646825075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646855116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646894932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646936893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646950960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.646977901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.646991968 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647020102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647063017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647104979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647118092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647145987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647157907 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647187948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647228003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647269011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647283077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647310019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647325039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647351027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647393942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647447109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647452116 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647471905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647495031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647496939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647519112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647542953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647567034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647572041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647591114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647598028 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647615910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647640944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647645950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647665024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647687912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647712946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647716045 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647736073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647742033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647759914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647783995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647785902 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647809029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647831917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647855043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647862911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647878885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647900105 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647902966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647927046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647939920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.647950888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647975922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.647980928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648000956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648025036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648047924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648051977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648072958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648086071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648096085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648119926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648123980 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648144007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648168087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648190975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648204088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648215055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648221016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648240089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648262978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648267984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648288012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648310900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648334026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648339987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648358107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648366928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648384094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648408890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648417950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648432970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648457050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648479939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648487091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648504019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648511887 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648528099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648550987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648559093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648576021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648600101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648622990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648628950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648647070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648662090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648670912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648694038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648696899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648718119 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648753881 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648776054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648777008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648802996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648808002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648827076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648850918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648874044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648880959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648897886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648921013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648920059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648943901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648947954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.648967981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648993015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.648993969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649017096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649040937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649065018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649069071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649089098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649104118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649112940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649137020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649141073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649161100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649184942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649208069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649214029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649231911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649240971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649255991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649279118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649302006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649310112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649326086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649334908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649349928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649374008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649379015 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649399042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649421930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649446011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649446964 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649470091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649472952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649492979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649518013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649542093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649545908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649565935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649571896 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649590015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649615049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649632931 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649637938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649661064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649666071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649683952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649708033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649732113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649740934 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649755955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649763107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649779081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649802923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649807930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649827003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649851084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649874926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649878979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649898052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649918079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649923086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649947882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649955988 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.649971008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649995089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.649998903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.650019884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650043011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650067091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650068998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.650090933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650099993 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.650115013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650139093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650141954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.650161028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650185108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650207996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650212049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.650230885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650238037 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.650255919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.650307894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.932457924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932527065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932574987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932617903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932660103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932704926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932773113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.932774067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.932774067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.932780027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932823896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932867050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932909012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932940006 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.932951927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.932960033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.932996035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933037043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933047056 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933079004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933113098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933154106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933168888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933195114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933204889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933235884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933278084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933290005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933320999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933361053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933402061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933415890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933455944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933471918 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933500051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933541059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933583021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933597088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933624029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933638096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933667898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933708906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933749914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933763981 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933790922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933801889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933830976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933871984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933912992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933947086 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933954954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.933981895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.933996916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934039116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934050083 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934082031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934123039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934165001 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934178114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934205055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934216976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934246063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934287071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934304953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934328079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934370041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934411049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934427977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934454918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934463024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934497118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934530973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934555054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934572935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934617043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934648037 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934659958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934701920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934743881 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934760094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934786081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934798956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934828997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934871912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934914112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934952974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934956074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.934972048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.934998035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935039997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935081005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935095072 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935128927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935151100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935170889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935213089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935255051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935269117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935297012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935313940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935342073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935383081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935425997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935437918 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935471058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935478926 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935512066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935539961 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935554981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935579062 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935597897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935642004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935687065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935694933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935729980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935739040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935770988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935815096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935856104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935890913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935899019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935909033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.935940981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.935982943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936026096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936043024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936106920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936121941 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936148882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936192989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936233997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936249971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936276913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936295986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936320066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936362982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936407089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936414957 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936450958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936464071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936492920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936536074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936575890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936589956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936619043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936629057 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936661005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936705112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936760902 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936769009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936814070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936832905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936856031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936899900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936943054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936954021 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.936985016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.936997890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937026978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937067986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937110901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937119961 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937155962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937160015 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937197924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937239885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937282085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937299967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937321901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937333107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937365055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937406063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937450886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937472105 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937494040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937510967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937534094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937575102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937616110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937627077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937655926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937664032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937696934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937738895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937779903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937799931 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937823057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937829018 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937864065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937875986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937906027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937913895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937947035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937963963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.937988043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.937997103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938029051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938038111 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938070059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938081026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938111067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938122034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938153028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938162088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938193083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938203096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938234091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938241959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938275099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938282013 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938314915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938324928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938355923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938364029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938395977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938404083 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938440084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938443899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938482046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938488007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938522100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938530922 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938564062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938571930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938604116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938611984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938644886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938652992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938683987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938692093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938725948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938733101 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938767910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938782930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938812017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938817024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938852072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938860893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938893080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938899994 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938934088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938941956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.938973904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.938982964 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939014912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939023972 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939054966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939064026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939095020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939104080 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939137936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939146996 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939177990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939186096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939218998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939230919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939260006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939269066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939301968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939310074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939342022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939351082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939383030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939392090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939424038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939430952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939467907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939476013 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939508915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939517021 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939558029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939559937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939590931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939606905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939619064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939640999 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939647913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939662933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939677000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939699888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939706087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939723015 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939749956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939766884 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939778090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939804077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939806938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939821005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939837933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939857960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939866066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939879894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939893961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939914942 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939924002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939944983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939951897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.939969063 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.939980984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940002918 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940007925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940025091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940037012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940054893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940066099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940085888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940093994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940110922 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940123081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940149069 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940151930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940165997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940180063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940201044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940208912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940236092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940236092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940253019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940265894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940289974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940294981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940311909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940324068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940345049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940351963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940370083 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940381050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940411091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940413952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940439939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940443039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:50.940460920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.940491915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:50.945365906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.216958046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217025995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217072964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217113972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217155933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217195034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217221975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217221975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217221975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217235088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217278004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217278957 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217298985 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217319012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217350006 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217361927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217387915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217403889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217422962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217447042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217467070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217494965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217509031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217536926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217555046 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217577934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217598915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217619896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217638969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217660904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217679977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217703104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217724085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217745066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217763901 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217787981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217807055 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217828989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217860937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217900991 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.217942953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.217992067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218034029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218040943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218067884 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218075991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218096972 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218120098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218141079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218161106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218190908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218204021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218218088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218245029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218266964 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218286991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218310118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218328953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218348980 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218369961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218389988 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218411922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218432903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218455076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218477011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218502045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218521118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218543053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218561888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218584061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218609095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218625069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218662977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218667030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218683958 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218730927 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218758106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218820095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218844891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218892097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218909979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218933105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218970060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.218974113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.218991995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219014883 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219037056 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219057083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219079018 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219098091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219125032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219144106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219166040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219187021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219208956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219228983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219248056 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219270945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219290972 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219310999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219333887 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219352961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219377995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219393969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.219433069 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.219459057 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220077038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220122099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220139980 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220161915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220189095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220204115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220225096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220247030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220268965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220288038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220312119 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220330000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220352888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220371008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220391035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220412970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220432997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220454931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220479012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220499992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220519066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220541954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220561028 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220583916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220604897 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220649004 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220669985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220735073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220812082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220895052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220901012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220948935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.220984936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.220992088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221004963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221035004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221055031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221076965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221117973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221137047 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221160889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221179962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221201897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221219063 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221245050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221260071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221287966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221302986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221329927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221354008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221371889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221390009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221414089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221435070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221456051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221479893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221501112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221522093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221543074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221555948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221584082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221600056 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221626997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221648932 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221668959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221699953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221709967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221721888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221769094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.221908092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221952915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.221996069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222021103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222035885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222054958 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222078085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222099066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222119093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222136021 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222158909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222178936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222202063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222218990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222242117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222259998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222284079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222302914 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222327948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222349882 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222368002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222393990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222409010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222435951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222450972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222479105 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222496986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222516060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222537041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222562075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222578049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222618103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222619057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222640991 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222662926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222690105 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222703934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222726107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222771883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222826004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222870111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222888947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222909927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.222930908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.222985983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223032951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223077059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223097086 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223119020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223140955 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223160028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223182917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223201990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223223925 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223265886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223326921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223368883 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223387957 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223409891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223433018 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223452091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223479033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223541975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223807096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223850012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223867893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223891020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223912954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.223932981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223977089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.223980904 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.224004030 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.224020004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.224041939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.224061012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.224078894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.224119902 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.359519005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.359785080 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.488173008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488259077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488292933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488337994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488372087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488413095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488455057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488501072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488542080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488548040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.488548040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.488548040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.488616943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.488616943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.488771915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488820076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.488899946 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.489183903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.489227057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.489259005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.489268064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.489308119 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.489310980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.489327908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.489352942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.489365101 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.489447117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.489528894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.489953995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.489999056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.490021944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.490046978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.490071058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.490088940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.490101099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.490334988 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491204977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491249084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491281986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491291046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491301060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491343975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491420984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491462946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491488934 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491508007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491518974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491549015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491563082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491605043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491635084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491677046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.491689920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.491730928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492254019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492297888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492335081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492352962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492355108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492393970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492408991 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492434978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492446899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492475986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492492914 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492521048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492530107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492564917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492574930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492616892 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492861032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.492934942 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.492980957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493043900 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493094921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493154049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493236065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493279934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493300915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493321896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493333101 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493364096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493376017 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493419886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493606091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493711948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493753910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493782997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493796110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493830919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493838072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493865967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493880033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.493901014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.493968010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494014025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494033098 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494055986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494066954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494110107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494141102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494195938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494302988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494347095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494363070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494388103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494409084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494429111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494477987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494510889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494664907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494709015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494750023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494781971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494790077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494817019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494849920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.494911909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.494981050 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495203018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495245934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495270967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495290041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495302916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495331049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495345116 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495389938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495455027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495501995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495515108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495543957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495557070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495585918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495596886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495629072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495640039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495671034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.495682001 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495731115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.495748997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.496124029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.496166945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.496207952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.496248960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.496258974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.496313095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.496675968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.496720076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.496815920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.496875048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.496917963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.496941090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.496958971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497000933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497008085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497025967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497045040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497060061 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497086048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497128963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497145891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497170925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497184992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497215033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497230053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497256994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497271061 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497298956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497312069 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497342110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497351885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497384071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497395992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497426033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.497451067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.497487068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.498917103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.756984949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757049084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757097006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757143974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757184982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757225990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757241011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757241011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757266998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757308006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757333994 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757349014 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757354975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757389069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757431030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757473946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757483959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757519960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757529020 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757561922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757599115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757602930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757643938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757658005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757684946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757721901 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757726908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757767916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757781029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757810116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757846117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757850885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757893085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757905006 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757935047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.757971048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.757989883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.758261919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.765356064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765443087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765485048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765531063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765538931 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.765574932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765590906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.765611887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765655041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765672922 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.765697956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765739918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765754938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.765784025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765825987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765842915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.765870094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765913963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.765929937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.765957117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766000032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766015053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766042948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766084909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766098976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766128063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766170025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766187906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766212940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766257048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766272068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766299963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766341925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766370058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766386032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766428947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766444921 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766472101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766516924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766531944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766561031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766604900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766616106 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766648054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766690969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766710997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766729116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766771078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766784906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766814947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766858101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766870975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766901016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766944885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.766963005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.766987085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767029047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767044067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767071962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767115116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767126083 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767154932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767195940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767220974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767237902 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767280102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767292023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767323017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767364025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767401934 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767405033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767446995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767461061 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767489910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767533064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767543077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767574072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767617941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767637014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767661095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767702103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767721891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767745018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767786026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767805099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767831087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767872095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767888069 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767915964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767957926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.767975092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.767998934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768039942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768059969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768081903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768125057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768140078 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768170118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768210888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768225908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768253088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768295050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768311977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768336058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768377066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768390894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768419027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768460035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768476009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768500090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768524885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768543959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768560886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768585920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768627882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768645048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768668890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768709898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768723011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768781900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768824100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768837929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768863916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768903971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768917084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.768944025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.768985033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769017935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769026995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769068003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769083023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769109011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769150019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769161940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769191027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769231081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769243956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769272089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769313097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769328117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769355059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769396067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769407988 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769438028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769479036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769490957 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769522905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769563913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769576073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769604921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769646883 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769663095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769689083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769728899 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769742966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769769907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769812107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769825935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769851923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769892931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769905090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.769933939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.769975901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.770004034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.770018101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.770057917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.770072937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.770098925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.770138979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.770154953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:51.770180941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:51.770234108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.029408932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029473066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029520035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029568911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029613972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029659033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029701948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029742002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.029742002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.029742002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.029747009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029791117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029819965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.029834032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029879093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029906034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.029922962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029963970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.029985905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030008078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030050039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030070066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030095100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030137062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030167103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030179977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030222893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030240059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030267954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030311108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030333996 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030354977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030396938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030416012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030441046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030483961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030503035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030530930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030574083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030591965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030616999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030659914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030678034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030703068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030744076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030762911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030786037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030827999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030850887 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030869961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030910969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030934095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.030952930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.030993938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031012058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031038046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031080008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031096935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031121016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031163931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031179905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031205893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031245947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031269073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031289101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031330109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031353951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031413078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031454086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031467915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031497002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031543016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031563044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031584978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031626940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031651974 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031670094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031711102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031734943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031754971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031796932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031822920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031840086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031882048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031900883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.031923056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031965971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.031996012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032007933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032048941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032068014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032094955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032136917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032157898 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032179117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032219887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032242060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032260895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032304049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032320976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032345057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032387972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032408953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032430887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032473087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032494068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032514095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032561064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032581091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032601118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032644033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032661915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032685995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032753944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032762051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032807112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032850981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032871008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032892942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032934904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.032962084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.032977104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033018112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033056021 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033060074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033102036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033128023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033143997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033186913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033206940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033229113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033269882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033288956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033313036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033354044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033377886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033396006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033437967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033457041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033479929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033526897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033550024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033567905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033610106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033632040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033652067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033694029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033725023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033735991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033776999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033797026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033818007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033859968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033879042 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033901930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033943892 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.033962011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.033983946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034024000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034056902 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.034065962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034106016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034127951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.034147978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034189939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034209013 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.034230947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034271955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034296989 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.034313917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034353971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034373999 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.034395933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034435987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034455061 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.034480095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034523964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034539938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.034568071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034609079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034626961 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.034651041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034692049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.034722090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.041918993 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.041980028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042026997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042089939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042155027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042166948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.042166948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.042237997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042268038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042299986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042319059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.042334080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042367935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.042367935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.042375088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042411089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042417049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.042440891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.042483091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.042937040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043029070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043068886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043114901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043158054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043203115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043250084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043267012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043287992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043315887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043344975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043375015 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043380976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043436050 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043546915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043636084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043664932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043700933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043708086 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043732882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043757915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043771029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043800116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043827057 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043863058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043891907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043929100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.043961048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.043993950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044032097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044035912 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044064999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044085979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044156075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044186115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044219971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044223070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044254065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044281960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044342041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044399977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044492960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044610977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044640064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044677019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044694901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044748068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044760942 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044783115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044811010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044842005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044903040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044934034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.044964075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.044996023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.045028925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.045058012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.045066118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.045104980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.045133114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.045141935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.045171022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.045207977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.045208931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.045238018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.045264959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.048113108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048176050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048186064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.048206091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048230886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048261881 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.048290968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048316002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048355103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.048376083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048432112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048438072 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.048500061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048527956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048561096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.048562050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.048616886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.048619032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.089121103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.306093931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306190968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306257010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306426048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306443930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.306474924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306526899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.306605101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306658030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306704998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306709051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.306752920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306787014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.306807041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.306883097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.306952000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307075977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307156086 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.307234049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307328939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307375908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307414055 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.307549953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307596922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307645082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.307657003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307703018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307735920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.307800055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307847023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.307882071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.307945013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308037043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308043003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.308156013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308247089 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.308260918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308307886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308351040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308384895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.308568954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308614969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308665037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308679104 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.308718920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308753014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.308799028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308844090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308881044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.308897972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308942080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.308974028 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.308995962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309041023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309087992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309103966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309138060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309160948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309190989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309221029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309247017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309294939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309313059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309345007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309386015 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309400082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309444904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309495926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309505939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309545994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309573889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309603930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309648037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309689999 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309705019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309750080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309782982 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309802055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309848070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309876919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309901953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309943914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.309983015 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.309998035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310041904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310096025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310097933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310142040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310178995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310195923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310240030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310277939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310297012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310339928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310376883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310394049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310437918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310477972 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310492992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310537100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310569048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310592890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310636044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310669899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310691118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310735941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310767889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310789108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310832977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310866117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310885906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310930967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.310969114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.310986996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311031103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311083078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311091900 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311132908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311165094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311187029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311230898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311260939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311285019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311327934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311357975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311378956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311415911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311460018 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311472893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311515093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311553001 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311573029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311615944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311649084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311667919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311712027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311743021 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311764002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311809063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311836004 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311861992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311904907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.311937094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.311958075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312000990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312036037 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.312053919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312097073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312139988 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.312284946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312329054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312371016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.312386036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312428951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312462091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.312482119 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312524080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312556982 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.312581062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312623024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312657118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.312674999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312717915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312752008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.312812090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312854052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312895060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.312908888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312952995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.312984943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313005924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313050032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313092947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313127995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313147068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313199997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313208103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313247919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313278913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313302040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313344955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313395023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313401937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313441992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313474894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313498020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313539028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313570976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313595057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313638926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313674927 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313693047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313736916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313770056 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313788891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313833952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313863039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313886881 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313927889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.313960075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.313982010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314024925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314071894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314084053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314121962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314158916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314177990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314220905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314256907 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314275026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314317942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314352036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314369917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314413071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314441919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314464092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314508915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314537048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314563990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314604998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314635038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314659119 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314702988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314726114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314754009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314798117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314820051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314848900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314892054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314912081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.314943075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.314987898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315004110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315037012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315083027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315100908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315134048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315179110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315196991 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315233946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315279961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315300941 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315330982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315376043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315392971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315427065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315471888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315489054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315524101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315574884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315589905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315623045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315666914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315685987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315717936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315762997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315779924 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315813065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315857887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315876007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.315908909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315953970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.315977097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316004038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316047907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316071033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316098928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316142082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316164017 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316190958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316235065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316255093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316287041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316335917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316349983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316386938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316427946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316474915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316483974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316528082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316556931 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316581964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316626072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316648006 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316678047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316741943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316746950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316796064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316838980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316858053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316890955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316937923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.316955090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.316987038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317028046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317070007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317082882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317130089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317148924 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317179918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317225933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317240953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317274094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317318916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317337990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317368984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317414999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317429066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317462921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317509890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317523003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317563057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317605972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317629099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317655087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317704916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317718983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317754030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317799091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317816973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317848921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317892075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317912102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.317944050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.317986965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318006992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318038940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318082094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318110943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318135023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318182945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318197966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318233967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318274975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318303108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318327904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318371058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318389893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318422079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318463087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318480968 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318485975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318505049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318526983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318538904 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318550110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318574905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318581104 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318594933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318618059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318629026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318639040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318661928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318672895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318684101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318707943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318713903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318728924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318753004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318758965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318773985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318797112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318805933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318819046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318840027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318856001 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318861961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318878889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318886042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318911076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.318912029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.318934917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.368253946 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.592514038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592576027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592623949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592665911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592720032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592807055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592808962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.592856884 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.592866898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592875957 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.592916965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592966080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.592984915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593020916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593039036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593075991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593095064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593127012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593172073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593187094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593221903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593274117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593295097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593322992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593359947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593383074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593410969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593456030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593473911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593511105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593554974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593578100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593610048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593657970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593674898 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593708992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593756914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593770981 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593807936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593859911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593866110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.593909025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593955040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.593966961 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594006062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594047070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594083071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594101906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594151974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594161987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594201088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594248056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594259977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594297886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594343901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594357967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594392061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594436884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594453096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594485044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594531059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594544888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594579935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594618082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594641924 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594667912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594715118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594731092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594763994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594810963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594825029 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594861031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594907045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.594923019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.594957113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595004082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595016956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595056057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595103025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595115900 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595153093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595199108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595213890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595256090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595303059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595319033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595355034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595400095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595415115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595451117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595495939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595511913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595546007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595597029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595608950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595647097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595694065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595710039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595741987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595789909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595801115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595839977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595887899 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595897913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.595937014 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595984936 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.595997095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596034050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596076012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596102953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596127033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596158028 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596184969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596187115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596231937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596281052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596292973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596332073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596379995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596390963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596430063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596477985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596489906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596529007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596575022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596589088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596626043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596669912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596693039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596740961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596791029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596806049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596839905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596887112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596903086 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.596935034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596981049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.596995115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597029924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597076893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597089052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597134113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597187996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597202063 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597237110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597280979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597297907 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597331047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597378016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597392082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597429037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597472906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597490072 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597524881 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597570896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597588062 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597631931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597683907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597693920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597733021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597779036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597795010 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597827911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597873926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597887039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.597923994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.597970963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598021984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598032951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598079920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598094940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598129034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598172903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598191023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598223925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598268032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598287106 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598319054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598361015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598397017 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598414898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598459005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598479033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598510027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598555088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598572969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598607063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598649979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598670959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598704100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598721981 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598757982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598776102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598813057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598828077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598865032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598881960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.598916054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598962069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.598984003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599014044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599055052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599102020 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599108934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599158049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599174976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599209070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599251986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599272013 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599303007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599347115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599364996 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599397898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599443913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599461079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599494934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599540949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599555969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599591970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599633932 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599654913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599684954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599728107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599747896 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599778891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599822998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599843979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599874020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599920034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599939108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.599973917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.599992037 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600027084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600040913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600078106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600100994 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600132942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600147963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600184917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600199938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600239038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600250959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600294113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600301981 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600347996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600354910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600404024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600414038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600456953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600470066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600511074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600524902 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600569963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600590944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600603104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600630999 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600636959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600658894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600670099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600697994 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600703955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600754023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600765944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600765944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600785017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600817919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600820065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600841999 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600852966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600881100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600887060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600903034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600919008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600945950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600953102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.600980043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.600997925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.601022959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.601077080 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.639898062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.639949083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.640136003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869278908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869353056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869446039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869503975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869503975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869513035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869554043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869570017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869594097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869633913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869645119 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869683981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869731903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869745970 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869780064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869796991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869820118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869852066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869879007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869910002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869939089 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.869963884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.869987965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870018005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870048046 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870073080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870117903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870131016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870170116 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870187998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870210886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870244026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870259047 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870299101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870315075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870352983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870368004 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870408058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870424032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870460987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870479107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870515108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870534897 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870569944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870613098 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870630026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870652914 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870686054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870698929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870738983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870757103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870790005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870805979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870841026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870857000 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870896101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870907068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.870949984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.870964050 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871004105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871017933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871059895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871073008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871110916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871153116 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871166945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871206045 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871223927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871241093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871275902 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871295929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871329069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871347904 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871383905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871396065 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871433973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871474028 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871490002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871507883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871543884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871556997 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871597052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871613026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871655941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871668100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871710062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871722937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871766090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871777058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871817112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871835947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871872902 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871882915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871926069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871941090 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.871983051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.871994019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872036934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872052908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872087002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872131109 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872142076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872168064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872195959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872209072 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872248888 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872270107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872301102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872342110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872355938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872375011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872411013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872431040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872464895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872478962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872519970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872534037 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872571945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872591019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872629881 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872643948 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872684956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872697115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872761965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872770071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872821093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872837067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872872114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872889042 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872926950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872939110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.872978926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.872994900 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873034000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873045921 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873085976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873136044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873138905 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873181105 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873194933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873249054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873250961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873286009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873306990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873318911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873363018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873373985 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873414993 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873430014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873466969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873492956 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873519897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873534918 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873570919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873585939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873625040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873673916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873714924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873752117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873753071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873756886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873753071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873788118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873799086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873827934 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873838902 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:52.873861074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:52.873908043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.007540941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.007776022 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143435001 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143496037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143539906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143583059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143627882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143625975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143625975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143671989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143702984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143718004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143755913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143759966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143802881 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143804073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143846989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143851995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143884897 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143887997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143917084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143930912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143956900 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.143974066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.143994093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144017935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144035101 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144061089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144078970 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144102097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144145966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144151926 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144187927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144190073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144220114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144229889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144253016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144273996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144296885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144315958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144335032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144360065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144380093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144402981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144423008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144444942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144469023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144488096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144505978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144530058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144545078 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144571066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144588947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144613981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144632101 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144659042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144678116 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144701958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144717932 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144774914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144777060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144818068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144853115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144860029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144879103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144902945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144927979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144943953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.144959927 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.144987106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145009995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145028114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145066023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145071030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145082951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145112038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145140886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145153046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145168066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145193100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145206928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145234108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145250082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145273924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145317078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145349979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145358086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145390987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145399094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.145442009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.145487070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146084070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146131039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146173954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146173954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146214008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146219969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146260977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146270990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146321058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146326065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146368980 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146375895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146409035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146410942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146441936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146454096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146480083 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146497011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146521091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146538973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146555901 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146580935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146600962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146624088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146641970 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146665096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146682024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146706104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146728992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146749973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146765947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146811008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146835089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146883011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146898985 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146924019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146943092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.146965981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.146986008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147007942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147025108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147049904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147069931 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147090912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147134066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147136927 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147170067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147175074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147196054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147217989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147237062 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147258997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147277117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147300005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147317886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147341013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147358894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147382021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147402048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147423029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147444963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147485971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147582054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147670984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147715092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147756100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147783995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.147799015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147841930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.147883892 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.148020983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.149671078 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417042017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417098999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417146921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417201042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417229891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417248964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417278051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417335987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417383909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417401075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417435884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417486906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417498112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417537928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417587996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417597055 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417639017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417695045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417702913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417743921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417793989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417803049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417845964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417895079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417902946 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.417943954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.417994022 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418004990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418045998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418092012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418103933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418143034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418190002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418200016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418242931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418291092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418302059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418342113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418384075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418409109 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418436050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418488026 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418493986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418535948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418586016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418593884 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418636084 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418693066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418694019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418741941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418791056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418800116 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418838978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418888092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418898106 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.418936968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418984890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.418996096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419034958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419081926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419092894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419131994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419178963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419188976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419230938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419277906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419290066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419327974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419375896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419384003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419425011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419475079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419480085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419522047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419569969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419579983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419620991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419698954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419780016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419826984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419876099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419888973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.419928074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419975996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.419987917 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420028925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420078039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420089006 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420128107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420176983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420185089 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420227051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420272112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420285940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420321941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420370102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420380116 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420422077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420469999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420490026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420521021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420600891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420655966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420661926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420716047 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420761108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420795918 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420840025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420876026 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420893908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420942068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.420955896 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.420989990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421035051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421050072 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421096087 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421143055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421161890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421196938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421246052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421257973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421294928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421341896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421354055 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421391964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421437979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421451092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421489000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421535015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421547890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421582937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421631098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421646118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421683073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421729088 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421749115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421781063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421828032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421840906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421880007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421926975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.421938896 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.421978951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422025919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422039986 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422074080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422116041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422154903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422178030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422220945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422261953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422302008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422318935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422343969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422347069 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422385931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422399998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422426939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422467947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422478914 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422509909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422550917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422564030 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422593117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422633886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422647953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422679901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422723055 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422763109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422764063 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422805071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422828913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422847033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422888041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422903061 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.422930002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422971010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.422983885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423013926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423055887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423069000 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423099041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423141003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423152924 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423187017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423226118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423242092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423268080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423307896 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423322916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423350096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423392057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423403978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423432112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423475027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423485994 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423516035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423557043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423573017 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423599005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423644066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423654079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423685074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423727989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423743963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423768044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423810959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423823118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423851967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423892975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423917055 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.423933983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423974991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.423989058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424016953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424060106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424069881 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424101114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424141884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424174070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424185038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424226046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424240112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424267054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424324036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424405098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424447060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424489021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424504042 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424531937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424572945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424585104 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424612999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424657106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424679995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424699068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424762964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424763918 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424806118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424845934 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424861908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424890995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424931049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.424946070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.424973011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425014019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425026894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.425055027 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425076962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.425096035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425113916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.425137043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425178051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425194025 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.425221920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425261974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425275087 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.425307035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425348043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425367117 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.425389051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425429106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.425441027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.426033020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.426062107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.426084995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.426109076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.426131964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.426156044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.426179886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.426203966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.426239967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.426306963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.688143969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.688205004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.688361883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.695003986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695101023 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695214987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.695220947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695341110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695439100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695466995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.695523977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695574045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695619106 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.695667028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695749044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.695759058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695888996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.695971012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.695997953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696120024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696196079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.696243048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696362019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696420908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696474075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.696532965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696611881 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.696611881 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696700096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696775913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.696851015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696930885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.696997881 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.697010994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697086096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697144032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697150946 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.697240114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697314978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.697346926 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697413921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697484016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.697570086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697613955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697674036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.697711945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697789907 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697845936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.697880983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.697949886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698016882 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.698076963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698151112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698215961 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.698244095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698328018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698388100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698402882 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.698471069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698534012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.698542118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698642969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698713064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.698765039 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698807955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.698868990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.698883057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699002981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699062109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699080944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.699170113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699237108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.699264050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699330091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699395895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.699405909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699498892 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699558020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699568033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.699629068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699697971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.699702978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699800014 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699853897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.699872971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.699930906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700014114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700040102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700105906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700179100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700193882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700237989 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700278997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700323105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700329065 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700364113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700370073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700406075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700448990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700450897 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700489998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700531006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700563908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700572968 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700614929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700634003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700658083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700700998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700748920 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700763941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700807095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700833082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700848103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700889111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700901031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.700931072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700973034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.700978041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701014996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701056957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701064110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701098919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701139927 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701165915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701179981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701222897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701232910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701266050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701308012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701339960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701349974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701394081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701406002 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701433897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701464891 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701504946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701545000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701586962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701627016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701662064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701670885 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701689005 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701713085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701715946 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701754093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701793909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701798916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701834917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701875925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701878071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701917887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701957941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.701961040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.701998949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702039003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702040911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702080011 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702121019 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702121019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702162981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702203035 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702205896 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702245951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702286005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702302933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702327013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702332973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702368975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702378035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702409983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702414989 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702451944 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702459097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702492952 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702501059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702534914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702541113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702578068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702586889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702619076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702625990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702661037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702670097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702704906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702708960 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702745914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702759981 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702788115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702790976 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702830076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702836037 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702872038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702881098 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702914000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702918053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702954054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702961922 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.702996016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.702997923 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703037024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.703041077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703077078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.703083038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703119040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.703155041 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703160048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.703187943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703202009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.703216076 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703244925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.703249931 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703286886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.703294039 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703327894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.703339100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.703371048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.911634922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.922446966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.960535049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.960642099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.960748911 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.960751057 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.960752010 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.960797071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.960843086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.960851908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.960851908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.960886002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.960896969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.960928917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.960944891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.960973024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.960985899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.961016893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.961028099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.961059093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.961067915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.961141109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.961150885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.961198092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975024939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975074053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975115061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975159883 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975163937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975163937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975163937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975227118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975387096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975450993 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975467920 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975531101 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975575924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975631952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975698948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975775957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975780964 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975817919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975832939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975872040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975878954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.975935936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.975946903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976001024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976063967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976126909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976160049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976224899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976278067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976335049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976353884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976408958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976414919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976478100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976517916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976574898 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976632118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976692915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976758957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976840973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.976897001 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.976953983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977025032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977075100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977085114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977144957 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977201939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977303028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977332115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977420092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977422953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977503061 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977564096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977621078 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977624893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977685928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977716923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977772951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977797031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977853060 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977896929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.977953911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.977998018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978055000 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978059053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978113890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978135109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978208065 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978254080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978308916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978341103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978383064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978394985 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978437901 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978457928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978511095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978548050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978605032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978669882 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978727102 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978823900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978879929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978899002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.978975058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.978995085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979049921 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979079962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979135036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979161978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979218006 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979269028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979326010 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979334116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979377031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979387045 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979419947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979432106 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979461908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979473114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979504108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979521036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979547024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979557991 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979588985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979599953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979631901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979641914 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979676008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979688883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979721069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979733944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979764938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979794979 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979808092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979820013 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979850054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979880095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979892015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979899883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979934931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979944944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.979978085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.979989052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980021954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980032921 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980063915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980074883 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980106115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980119944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980149031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980160952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980191946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980205059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980235100 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980245113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980277061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980288982 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980319977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980330944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980365038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980377913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980407000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980420113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980451107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980463028 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980494976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980504036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980536938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980566025 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980578899 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980588913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980623007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980634928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980665922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980678082 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980711937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980720043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980766058 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980776072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980819941 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980832100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980863094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980873108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980906010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980915070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980947018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980957985 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.980990887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.980998993 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981031895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981043100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981076002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981086969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981120110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981131077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981162071 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981184959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981204033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981215954 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981246948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981280088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981288910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981297970 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981333017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981343031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981374979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981388092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981419086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981431961 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981462955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981473923 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981504917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981515884 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981584072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981592894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981626987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981637001 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981669903 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981683016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981714964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981726885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981758118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981769085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981801987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981811047 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981846094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981854916 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981888056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981898069 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981931925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.981941938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.981975079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982011080 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982017040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982031107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982059002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982070923 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982101917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982112885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982146025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982156038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982189894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982202053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982232094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982244015 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982275963 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982285023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982317924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982328892 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982359886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982371092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982402086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982412100 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982444048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982458115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982487917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982496977 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982532024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982546091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982573986 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982587099 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982616901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982629061 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982661009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982691050 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982705116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982713938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982748032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982759953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982790947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982800007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982832909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982844114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982877016 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982892990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982918024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982930899 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.982961893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:53.982969046 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:53.983014107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.120553970 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.120697975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.193161964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.193336010 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.229868889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.229935884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.229979038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.230020046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.230062962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.230082035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.230082035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.230104923 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.230130911 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.230149031 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.230181932 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.230191946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.230254889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.251517057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.251638889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.251677036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.251686096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.251725912 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.251777887 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.251795053 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.251836061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.251868010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.251899004 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252024889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252048969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252115011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252165079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252211094 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252226114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252253056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252265930 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252295971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252306938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252357006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252367020 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252417088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252434015 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252476931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252487898 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252537012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252556086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252614975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252635956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252677917 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252702951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252815008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.252876043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252892971 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.252979040 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253024101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253051043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253068924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253088951 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253122091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253124952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253165007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253179073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253209114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253222942 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253251076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253266096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253293037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253305912 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253336906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253348112 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253379107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253391027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253421068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253433943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253464937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253477097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253509045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253520012 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253551960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253566027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253595114 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253606081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253638983 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253654003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253683090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253696918 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253729105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253747940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253771067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253783941 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253813028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253825903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.253856897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253900051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253941059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.253982067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.254023075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.254045010 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.254064083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.254105091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.254146099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.254187107 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.254230976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.254342079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.389425993 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.389491081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.389575958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.389592886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.389592886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.389620066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.389642000 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.389667988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.389692068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.389712095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.389736891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.389763117 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.389774084 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.389827967 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.523341894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.523606062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.523706913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.523757935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.523890018 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.523941994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.523960114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.524030924 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.524102926 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.524437904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.524676085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.524761915 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.524831057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525109053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525180101 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.525211096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525326014 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525386095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.525438070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525506973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525551081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525568008 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.525593042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525635958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525650978 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.525677919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525721073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525736094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.525768042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525810003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525824070 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.525851965 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525892973 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525904894 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.525934935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525975943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.525986910 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526017904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526062012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526073933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526106119 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526146889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526161909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526190042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526231050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526242018 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526272058 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526314020 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526326895 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526355982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526397943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526410103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526441097 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526477098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526495934 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526520014 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526561975 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526573896 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526603937 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526645899 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526657104 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526689053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526732922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526743889 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526776075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526818991 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526832104 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526861906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526904106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526916027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.526947021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.526988029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527002096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527030945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527072906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527086020 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527116060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527157068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527169943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527199984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527240992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527252913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527282953 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527324915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527335882 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527367115 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527409077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527420998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527452946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527493954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527509928 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527538061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527580976 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527591944 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527621984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527663946 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527677059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527705908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527750969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527759075 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527792931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527834892 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527844906 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527877092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527919054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.527931929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.527960062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528002024 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528014898 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528043985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528085947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528100014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528129101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528171062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528184891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528213978 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528255939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528266907 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528297901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528340101 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528351068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528382063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528424025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528440952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528467894 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528507948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528525114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528551102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528594017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528635025 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528640032 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528677940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528688908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528722048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528786898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528811932 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528831005 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528875113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528887033 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.528917074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528959036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.528970003 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529000998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529042006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529053926 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529084921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529128075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529139042 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529170036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529189110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529213905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529246092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529294014 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529305935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529336929 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529347897 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529380083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529390097 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529422045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529433966 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529464960 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529476881 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529506922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529519081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529551029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529562950 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529593945 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529606104 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529637098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.529650927 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.529690027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.661482096 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.661545992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.661590099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.661664009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.661705971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.661742926 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.661742926 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.661752939 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.661796093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.661822081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.661847115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801239967 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801345110 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801429033 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801435947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801435947 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801461935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801486969 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801516056 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801537037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801594973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801611900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801682949 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801685095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801736116 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801742077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801784992 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801794052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801847935 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801857948 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801893950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801923037 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801949024 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.801956892 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.801999092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802021980 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802061081 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802072048 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802097082 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802119017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802131891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802144051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802166939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802169085 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802190065 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802194118 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802218914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802234888 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802242994 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802267075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802283049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802290916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802314997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802314043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802339077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802350998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802365065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802373886 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802388906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802407980 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802416086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802428007 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802439928 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802458048 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802464962 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802480936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802489996 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802514076 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802514076 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802536964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802548885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802561998 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802567959 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802586079 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802598953 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802611113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802630901 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802638054 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802649975 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802664042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802681923 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802689075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802714109 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802723885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802737951 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802762985 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802786112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802787066 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802809954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802822113 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802834034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802853107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802859068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802871943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802885056 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802901983 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802908897 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802925110 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802933931 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802958965 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802959919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.802977085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.802983046 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803008080 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803019047 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803031921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803040981 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803057909 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803070068 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803081036 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803103924 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803106070 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803122044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803131104 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803153038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803155899 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803177118 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803179979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803204060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803214073 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803227901 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803232908 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803251982 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803275108 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803289890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803298950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803312063 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803324938 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803345919 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803350925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803364038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803375959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803395987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803404093 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803420067 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803427935 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803450108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803452969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803474903 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803478003 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803502083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.803512096 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803566933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.803585052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805370092 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805408955 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805453062 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805469990 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805495977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805515051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805515051 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805552006 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805571079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805591106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805617094 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805638075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805660963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805670977 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805695057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805712938 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805733919 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805737019 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805773973 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805792093 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805795908 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805855989 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805860043 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805902958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805916071 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805953979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.805959940 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.805983067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806009054 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806011915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806034088 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806035042 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806058884 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806066036 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806082964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806088924 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806107044 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806121111 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806132078 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806142092 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806157112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806174040 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806180954 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806205034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806227922 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806229115 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806250095 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806272984 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806282043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806297064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806313992 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806322098 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806334972 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806345940 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806364059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806370974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806396008 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806401014 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806421041 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806442022 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806443930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806468010 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806480885 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806490898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806499004 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806516886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806530952 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806540012 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806551933 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806566000 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.806586027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806602955 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.806637049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.930157900 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.930239916 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.930278063 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.930316925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.930355072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.930392981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.930430889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:54.930449009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.930449009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.930449009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.930449009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.930449009 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:54.930537939 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.072084904 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072223902 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072298050 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072417974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072496891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.072496891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.072496891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.072571993 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072618961 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072630882 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.072663069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072671890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.072705030 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072715998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.072758913 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.072865009 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.072926044 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073013067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073070049 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073143959 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073187113 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073198080 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073230028 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073244095 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073272943 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073301077 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073314905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073323011 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073357105 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073399067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073440075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073481083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073522091 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073523998 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073564053 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073605061 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073646069 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073687077 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073688984 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073729038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073729038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073791981 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073820114 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073842049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073883057 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073924065 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073934078 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.073965073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.073975086 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074008942 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074049950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074090958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074110031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074110031 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074134111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074174881 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074201107 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074215889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074251890 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074260950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074301958 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074336052 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074345112 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074387074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074426889 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074461937 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074469090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074485064 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074511051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074552059 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074594021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074604034 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074635029 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074656963 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074676037 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074717045 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074759007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074775934 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074804068 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074820995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074820995 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.074891090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074933052 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.074985027 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.075007915 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075067997 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075073957 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.075143099 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075243950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075324059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.075334072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075392962 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.075486898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075577974 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075679064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075745106 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075746059 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.075798035 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.075809956 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075850964 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075892925 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075933933 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075947046 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.075975895 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.075985909 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076019049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076059103 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076100111 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076114893 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076142073 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076148987 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076183081 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076224089 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076263905 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076292038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076304913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076327085 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076348066 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076389074 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076428890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076436043 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076469898 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076478958 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076510906 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076551914 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076591969 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076602936 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076633930 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.076639891 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.076678038 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.077821016 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.199532032 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.199724913 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.199826002 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.199872017 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.199913979 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.199954987 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.199995995 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.199994087 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.199994087 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.200038910 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200052023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.200083971 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200102091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.200126886 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200169086 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200208902 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200223923 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.200251102 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200264931 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.200293064 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200334072 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200376034 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.200431108 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.348485947 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.348587990 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.348664999 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.348706007 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.348788023 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.348838091 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.348937988 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.348983049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349050999 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.349098921 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349190950 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349232912 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349272966 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349313021 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349317074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.349356890 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349360943 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.349399090 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349431038 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.349441051 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349483013 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349523067 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349548101 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.349564075 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349584103 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:55.349605083 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349639893 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:34:55.349703074 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:34:56.975539923 CET	49695	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:57.143549919 CET	49696	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:34:57.380222082 CET	80	49696	123.56.161.176	192.168.2.3
Dec 9, 2022 05:35:12.210865974 CET	80	49695	123.56.161.176	192.168.2.3
Dec 9, 2022 05:35:12.211426020 CET	49695	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:35:12.375503063 CET	80	49696	123.56.161.176	192.168.2.3
Dec 9, 2022 05:35:12.375684023 CET	49696	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:35:13.306334019 CET	49695	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:35:13.306431055 CET	49696	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:35:13.547405958 CET	80	49695	123.56.161.176	192.168.2.3
Dec 9, 2022 05:35:14.034969091 CET	49696	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:35:15.411138058 CET	49696	80	192.168.2.3	123.56.161.176
Dec 9, 2022 05:35:15.646430016 CET	80	49696	123.56.161.176	192.168.2.3
Dec 9, 2022 05:35:18.577629089 CET	80	49752	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:18.577833891 CET	49752	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:35:18.770487070 CET	80	49750	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:18.770672083 CET	49750	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:35:19.305021048 CET	49750	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:35:19.305155039 CET	49752	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:35:19.579549074 CET	80	49752	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:19.581554890 CET	80	49750	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:24.806786060 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:24.807004929 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:35:25.306765079 CET	49751	80	192.168.2.3	58.216.14.238
Dec 9, 2022 05:35:25.575716972 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:26.626283884 CET	80	49750	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:26.766436100 CET	80	49752	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:32.878231049 CET	80	49751	58.216.14.238	192.168.2.3
Dec 9, 2022 05:35:47.299808979 CET	49820	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:47.543185949 CET	80	49820	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:47.543593884 CET	49820	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:47.544862032 CET	49820	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:47.788068056 CET	80	49820	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:47.790281057 CET	80	49820	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:47.790457964 CET	49820	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:48.790565014 CET	80	49820	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:48.792386055 CET	49820	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:54.455795050 CET	49820	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:54.456965923 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:54.699304104 CET	80	49820	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:55.458487988 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:55.703860044 CET	80	49830	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:55.707046032 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:55.707808018 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:55.952934027 CET	80	49830	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:55.955765963 CET	80	49830	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:55.955884933 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:56.553384066 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:56.801526070 CET	80	49830	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:56.801666021 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:57.800542116 CET	80	49830	47.117.76.201	192.168.2.3
Dec 9, 2022 05:35:57.802098036 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:35:59.981837988 CET	49836	80	192.168.2.3	117.78.49.231
Dec 9, 2022 05:36:00.190326929 CET	80	49836	117.78.49.231	192.168.2.3
Dec 9, 2022 05:36:00.190828085 CET	49836	80	192.168.2.3	117.78.49.231
Dec 9, 2022 05:36:00.191334963 CET	49836	80	192.168.2.3	117.78.49.231
Dec 9, 2022 05:36:00.397732019 CET	80	49836	117.78.49.231	192.168.2.3
Dec 9, 2022 05:36:00.400109053 CET	80	49836	117.78.49.231	192.168.2.3
Dec 9, 2022 05:36:00.400191069 CET	80	49836	117.78.49.231	192.168.2.3
Dec 9, 2022 05:36:00.400264025 CET	49836	80	192.168.2.3	117.78.49.231
Dec 9, 2022 05:36:00.400350094 CET	49836	80	192.168.2.3	117.78.49.231
Dec 9, 2022 05:36:00.469381094 CET	49830	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:00.470473051 CET	49837	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:00.714520931 CET	80	49830	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:00.739908934 CET	80	49837	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:00.740022898 CET	49837	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:00.740777016 CET	49837	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:01.010094881 CET	80	49837	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:01.013132095 CET	80	49837	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:01.013288975 CET	49837	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:01.117196083 CET	80	49836	117.78.49.231	192.168.2.3
Dec 9, 2022 05:36:01.117448092 CET	49836	80	192.168.2.3	117.78.49.231
Dec 9, 2022 05:36:01.698214054 CET	49841	80	192.168.2.3	47.117.70.170
Dec 9, 2022 05:36:01.730951071 CET	49842	80	192.168.2.3	180.163.247.134
Dec 9, 2022 05:36:01.981261969 CET	80	49841	47.117.70.170	192.168.2.3
Dec 9, 2022 05:36:01.981509924 CET	49841	80	192.168.2.3	47.117.70.170
Dec 9, 2022 05:36:01.982253075 CET	49841	80	192.168.2.3	47.117.70.170
Dec 9, 2022 05:36:02.012958050 CET	80	49837	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:02.013134956 CET	49837	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:02.021749020 CET	80	49842	180.163.247.134	192.168.2.3
Dec 9, 2022 05:36:02.023613930 CET	49842	80	192.168.2.3	180.163.247.134
Dec 9, 2022 05:36:02.027559042 CET	49842	80	192.168.2.3	180.163.247.134
Dec 9, 2022 05:36:02.265274048 CET	80	49841	47.117.70.170	192.168.2.3
Dec 9, 2022 05:36:02.267993927 CET	80	49841	47.117.70.170	192.168.2.3
Dec 9, 2022 05:36:02.268191099 CET	49841	80	192.168.2.3	47.117.70.170
Dec 9, 2022 05:36:02.318315029 CET	80	49842	180.163.247.134	192.168.2.3
Dec 9, 2022 05:36:02.326035023 CET	80	49842	180.163.247.134	192.168.2.3
Dec 9, 2022 05:36:02.326088905 CET	80	49842	180.163.247.134	192.168.2.3
Dec 9, 2022 05:36:02.326134920 CET	80	49842	180.163.247.134	192.168.2.3
Dec 9, 2022 05:36:02.326176882 CET	80	49842	180.163.247.134	192.168.2.3
Dec 9, 2022 05:36:02.326253891 CET	49842	80	192.168.2.3	180.163.247.134
Dec 9, 2022 05:36:02.326255083 CET	49842	80	192.168.2.3	180.163.247.134
Dec 9, 2022 05:36:02.326255083 CET	49842	80	192.168.2.3	180.163.247.134
Dec 9, 2022 05:36:02.364814997 CET	49837	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:02.366436958 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:02.634180069 CET	80	49837	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:02.640309095 CET	80	49844	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:02.640913010 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:02.642762899 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:02.921664953 CET	80	49841	47.117.70.170	192.168.2.3
Dec 9, 2022 05:36:02.922550917 CET	49841	80	192.168.2.3	47.117.70.170
Dec 9, 2022 05:36:03.245434999 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:03.267874002 CET	80	49841	47.117.70.170	192.168.2.3
Dec 9, 2022 05:36:03.269249916 CET	49841	80	192.168.2.3	47.117.70.170
Dec 9, 2022 05:36:03.519480944 CET	80	49844	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:03.521765947 CET	80	49844	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:03.521859884 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:03.714694977 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:03.818862915 CET	80	49841	47.117.70.170	192.168.2.3
Dec 9, 2022 05:36:03.818974972 CET	49841	80	192.168.2.3	47.117.70.170
Dec 9, 2022 05:36:04.521837950 CET	80	49844	47.117.76.201	192.168.2.3
Dec 9, 2022 05:36:04.521930933 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:04.716383934 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:04.876199007 CET	49841	80	192.168.2.3	47.117.70.170
Dec 9, 2022 05:36:04.958694935 CET	80	49845	139.129.76.177	192.168.2.3
Dec 9, 2022 05:36:04.958818913 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:04.974258900 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:04.974402905 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:06.996409893 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:10.690788984 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:13.528958082 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:13.766300917 CET	80	49845	139.129.76.177	192.168.2.3
Dec 9, 2022 05:36:13.766465902 CET	49845	80	192.168.2.3	139.129.76.177
Dec 9, 2022 05:36:14.780322075 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:15.400386095 CET	80	49836	117.78.49.231	192.168.2.3
Dec 9, 2022 05:36:15.401101112 CET	49836	80	192.168.2.3	117.78.49.231
Dec 9, 2022 05:36:15.626173019 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:17.238326073 CET	49844	80	192.168.2.3	47.117.76.201
Dec 9, 2022 05:36:20.455609083 CET	49844	80	192.168.2.3	47.117.76.201

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 9, 2022 05:34:11.429244041 CET	62285	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:34:11.429477930 CET	54628	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:34:11.429533005 CET	55745	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:34:11.447427034 CET	53	54628	1.1.1.1	192.168.2.3
Dec 9, 2022 05:34:11.447478056 CET	53	55745	1.1.1.1	192.168.2.3
Dec 9, 2022 05:34:11.601995945 CET	53	62285	1.1.1.1	192.168.2.3
Dec 9, 2022 05:34:15.395236015 CET	55934	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:34:15.412847996 CET	53	55934	1.1.1.1	192.168.2.3
Dec 9, 2022 05:34:15.417210102 CET	52322	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:34:15.434956074 CET	53	52322	1.1.1.1	192.168.2.3
Dec 9, 2022 05:34:46.700392008 CET	55746	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:34:46.718053102 CET	53	55746	1.1.1.1	192.168.2.3
Dec 9, 2022 05:34:47.480283022 CET	55931	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:34:47.894509077 CET	53	55931	1.1.1.1	192.168.2.3
Dec 9, 2022 05:35:47.261523962 CET	61377	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:35:47.280131102 CET	53	61377	1.1.1.1	192.168.2.3
Dec 9, 2022 05:35:59.665659904 CET	54066	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:35:59.979623079 CET	53	54066	1.1.1.1	192.168.2.3
Dec 9, 2022 05:36:01.057491064 CET	57294	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:36:01.351572990 CET	49218	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:36:01.567837000 CET	53	49218	1.1.1.1	192.168.2.3
Dec 9, 2022 05:36:01.705986977 CET	53	57294	1.1.1.1	192.168.2.3
Dec 9, 2022 05:36:03.597203970 CET	49944	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:36:03.712110043 CET	53	49944	1.1.1.1	192.168.2.3
Dec 9, 2022 05:36:13.535500050 CET	62002	53	192.168.2.3	1.1.1.1
Dec 9, 2022 05:36:14.068679094 CET	53	62002	1.1.1.1	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 9, 2022 05:34:11.429244041 CET	192.168.2.3	1.1.1.1	0x8f50	Standard query (0)	api.pdfxd.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:11.429477930 CET	192.168.2.3	1.1.1.1	0x23a5	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:11.429533005 CET	192.168.2.3	1.1.1.1	0xb04c	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:15.395236015 CET	192.168.2.3	1.1.1.1	0x570f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:15.417210102 CET	192.168.2.3	1.1.1.1	0xbc39	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:46.700392008 CET	192.168.2.3	1.1.1.1	0xe478	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.480283022 CET	192.168.2.3	1.1.1.1	0x7bdf	Standard query (0)	cdn-file-ssl-pc.ludashi.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:35:47.261523962 CET	192.168.2.3	1.1.1.1	0x552b	Standard query (0)	s.ludashi.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:35:59.665659904 CET	192.168.2.3	1.1.1.1	0xd031	Standard query (0)	media.ludashi.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:01.057491064 CET	192.168.2.3	1.1.1.1	0xdbea	Standard query (0)	show.g.mediav.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:01.351572990 CET	192.168.2.3	1.1.1.1	0x7b91	Standard query (0)	s.ludashi.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:03.597203970 CET	192.168.2.3	1.1.1.1	0x3400	Standard query (0)	www1.ludashi.com	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:13.535500050 CET	192.168.2.3	1.1.1.1	0xbd10	Standard query (0)	s3m7.nzwgs.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 9, 2022 05:34:11.447427034 CET	1.1.1.1	192.168.2.3	0x23a5	No error (0)	accounts.google.com		142.250.186.45	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:11.447478056 CET	1.1.1.1	192.168.2.3	0xb04c	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2022 05:34:11.447478056 CET	1.1.1.1	192.168.2.3	0xb04c	No error (0)	clients.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:11.601995945 CET	1.1.1.1	192.168.2.3	0x8f50	No error (0)	api.pdfxd.com		123.56.161.176	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:15.412847996 CET	1.1.1.1	192.168.2.3	0x570f	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:15.434956074 CET	1.1.1.1	192.168.2.3	0xbc39	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:46.718053102 CET	1.1.1.1	192.168.2.3	0xe478	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2022 05:34:46.718053102 CET	1.1.1.1	192.168.2.3	0xe478	No error (0)	plus.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		58.216.14.238	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		58.216.14.240	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		58.216.14.242	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		58.216.14.241	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		58.216.14.243	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		58.216.14.244	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		58.216.14.248	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:34:47.894509077 CET	1.1.1.1	192.168.2.3	0x7bdf	No error (0)	cdn-file-ssl-pc.ludashi.com.m.alikunlun.com		58.216.14.239	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:35:47.280131102 CET	1.1.1.1	192.168.2.3	0x552b	No error (0)	s.ludashi.com		47.117.76.201	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:35:59.979623079 CET	1.1.1.1	192.168.2.3	0xd031	No error (0)	media.ludashi.com		117.78.49.231	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:01.567837000 CET	1.1.1.1	192.168.2.3	0x7b91	No error (0)	s.ludashi.com		47.117.70.170	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:01.705986977 CET	1.1.1.1	192.168.2.3	0xdbea	No error (0)	show.g.mediav.com	max-dr.mdvdns.qihucdn.cn		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2022 05:36:01.705986977 CET	1.1.1.1	192.168.2.3	0xdbea	No error (0)	max-dr.mdvdns.qihucdn.cn		180.163.247.134	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:03.712110043 CET	1.1.1.1	192.168.2.3	0x3400	No error (0)	www1.ludashi.com		139.129.76.177	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:14.068679094 CET	1.1.1.1	192.168.2.3	0xbd10	No error (0)	s3m7.nzwgs.com	s3m7.nzwgs.com.qh-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2022 05:36:14.068679094 CET	1.1.1.1	192.168.2.3	0xbd10	No error (0)	s3m7.nzwgs.com.qh-cdn.com	s3m7.nzwgs.com.webcdn.360qhcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2022 05:36:14.068679094 CET	1.1.1.1	192.168.2.3	0xbd10	No error (0)	s3m7.nzwgs.com.webcdn.360qhcdn.com		101.198.192.7	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:14.068679094 CET	1.1.1.1	192.168.2.3	0xbd10	No error (0)	s3m7.nzwgs.com.webcdn.360qhcdn.com		101.198.192.8	A (IP address)	IN (0x0001)	false
Dec 9, 2022 05:36:14.068679094 CET	1.1.1.1	192.168.2.3	0xbd10	No error (0)	s3m7.nzwgs.com.webcdn.360qhcdn.com		104.192.110.245	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

www.google.com

apis.google.com

api.pdfxd.com

cdn-file-ssl-pc.ludashi.com

s.ludashi.com

media.ludashi.com

show.g.mediav.com

www1.ludashi.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49693	142.250.186.110	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49692	142.250.186.45	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49695	123.56.161.176	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:34:56.975539923 CET	5985	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49696	123.56.161.176	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:34:57.143549919 CET	5991	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49820	47.117.76.201	80	C:\Users\user\Downloads\Utils\MiniNews.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:35:47.544862032 CET	13224	OUT	GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage&action=manually&ex_ary[ex3]=noset&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.ludashi.com Connection: Keep-Alive
Dec 9, 2022 05:35:47.790281057 CET	13225	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:35:47 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT ETag: "5e06b3b7-0" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49830	47.117.76.201	80	C:\Users\user\Downloads\Utils\MiniNews.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:35:55.707808018 CET	13232	OUT	GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage&action=run&ex_ary[ex3]=noset&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.ludashi.com Connection: Keep-Alive
Dec 9, 2022 05:35:55.955765963 CET	13233	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:35:55 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT ETag: "5e06b3b7-0" Accept-Ranges: bytes
Dec 9, 2022 05:35:56.553384066 CET	13233	OUT	GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=1.5019.1030.826&type=minipage&action=screen_resolution_change&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.ludashi.com Connection: Keep-Alive
Dec 9, 2022 05:35:56.801526070 CET	13234	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:35:56 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT ETag: "5e06b3b7-0" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49836	117.78.49.231	80	C:\Users\user\Downloads\Utils\MiniNews.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:36:00.191334963 CET	13302	OUT	GET /n/mini?pid=&appver=2.0.0.1010&modver=1.5019.1030.826&from=xundu&iever=ie11&os=win10&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&manual=1&showpro=&awake=0&screentype=0&screesize=1280_1024&atr=1&source=&instdate=&atdate=&m_ver=3.0.0.1085 HTTP/1.1 Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) Host: media.ludashi.com Connection: Keep-Alive Cache-Control: no-cache
Dec 9, 2022 05:36:00.400109053 CET	13303	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:36:00 GMT Content-Type: application/json; charset=utf-8; Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/7.1.8 Server: elb Data Raw: 32 37 64 0d 0a 7b 22 6d 69 6e 69 6e 65 77 73 22 3a 7b 22 6f 70 74 69 6f 6e 73 22 3a 7b 22 61 77 61 6b 65 22 3a 22 31 22 2c 22 63 6c 6f 73 65 5f 69 6e 74 65 72 76 61 6c 5f 73 65 63 22 3a 22 35 22 2c 22 73 65 5f 6f 70 65 6e 22 3a 22 31 22 2c 22 73 63 72 65 65 6e 5f 74 79 70 65 22 3a 22 32 22 2c 22 73 63 72 65 65 6e 5f 6d 61 72 6b 65 64 22 3a 22 30 22 2c 22 63 6f 75 6e 74 5f 75 72 6c 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 65 64 69 61 2e 6c 75 64 61 73 68 69 2e 63 6f 6d 5c 2f 6e 5c 2f 6d 69 6e 69 5c 2f 61 64 64 3f 74 6f 6b 65 6e 3d 31 34 36 32 32 35 33 32 39 30 33 39 39 31 66 34 34 38 33 61 65 34 64 31 35 61 62 32 63 63 32 66 26 73 63 72 65 65 6e 74 79 70 65 3d 32 22 7d 2c 22 61 64 22 3a 7b 22 33 36 30 73 6b 69 6e 22 3a 7b 22 72 65 66 65 72 22 3a 22 77 77 77 2e 6c 75 64 61 73 68 69 2e 63 6f 6d 22 2c 22 75 73 65 72 61 67 65 6e 74 22 3a 22 4c 75 44 61 53 68 69 22 2c 22 70 65 72 63 65 6e 74 22 3a 22 38 30 22 2c 22 73 68 6f 77 69 64 22 3a 22 4b 66 34 63 68 6d 22 7d 2c 22 33 36 30 69 6e 74 65 72 61 63 74 69 76 65 22 3a 7b 22 70 65 72 63 65 6e 74 22 3a 22 31 30 30 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 77 77 77 2e 6c 75 64 61 73 68 69 2e 63 6f 6d 5c 2f 63 6d 73 5c 2f 61 70 69 5c 2f 6e 65 77 73 6d 69 6e 69 5c 2f 73 68 6f 77 2e 68 74 6d 6c 22 7d 2c 22 33 36 30 73 6b 69 6e 5f 70 72 69 6f 72 22 3a 22 31 22 2c 22 6d 69 6e 69 73 6b 69 6e 22 3a 5b 5d 7d 2c 22 74 61 62 22 3a 5b 5d 7d 2c 22 6c 61 75 6e 63 68 65 72 22 3a 7b 22 6f 70 74 69 6f 6e 73 22 3a 7b 22 70 72 6f 64 75 63 74 5f 69 6e 74 65 72 76 61 6c 5f 6d 69 6e 22 3a 22 35 22 2c 22 6c 64 73 6c 69 74 65 5f 73 6c 69 65 6e 74 5f 68 6f 75 72 22 3a 22 34 38 22 7d 2c 22 6d 75 6c 74 69 22 3a 5b 7b 22 69 64 73 22 3a 22 73 65 63 6f 6e 64 5f 70 6f 70 75 70 22 2c 22 73 74 61 72 74 5f 74 69 6d 65 22 3a 22 31 35 3a 30 30 22 2c 22 65 6e 64 5f 74 69 6d 65 22 3a 22 32 33 3a 30 30 22 2c 22 69 6e 74 65 72 76 61 6c 5f 68 6f 75 72 73 22 3a 22 33 22 7d 5d 7d 7d 0d 0a Data Ascii: 27d{"mininews":{"options":{"awake":"1","close_interval_sec":"5","se_open":"1","screen_type":"2","screen_marked":"0","count_url":"http:\/\/media.ludashi.com\/n\/mini\/add?token=14622532903991f4483ae4d15ab2cc2f&screentype=2"},"ad":{"360skin":{"refer":"www.ludashi.com","useragent":"LuDaShi","percent":"80","showid":"Kf4chm"},"360interactive":{"percent":"100","url":"http:\/\/www.ludashi.com\/cms\/api\/newsmini\/show.html"},"360skin_prior":"1","miniskin":[]},"tab":[]},"launcher":{"options":{"product_interval_min":"5","ldslite_slient_hour":"48"},"multi":[{"ids":"second_popup","start_time":"15:00","end_time":"23:00","interval_hours":"3"}]}}
Dec 9, 2022 05:36:00.400191069 CET	13303	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 9, 2022 05:36:01.117196083 CET	13304	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49837	47.117.76.201	80	C:\Users\user\Downloads\Utils\MiniNews.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:36:00.740777016 CET	13304	OUT	GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage_skin&action=request&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.ludashi.com Connection: Keep-Alive
Dec 9, 2022 05:36:01.013132095 CET	13304	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:36:00 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT ETag: "5e06b3b7-0" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49841	47.117.70.170	80	C:\Users\user\Downloads\Utils\MiniNews.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:36:01.982253075 CET	13305	OUT	GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage&action=manually&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.ludashi.com Connection: Keep-Alive
Dec 9, 2022 05:36:02.267993927 CET	13306	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:36:02 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT ETag: "5e06b3b7-0" Accept-Ranges: bytes
Dec 9, 2022 05:36:02.921664953 CET	13313	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:36:02 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT ETag: "5e06b3b7-0" Accept-Ranges: bytes
Dec 9, 2022 05:36:03.818862915 CET	13315	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:36:02 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT ETag: "5e06b3b7-0" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49842	180.163.247.134	80	C:\Users\user\Downloads\Utils\MiniNews.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:36:02.027559042 CET	13306	OUT	GET /s?type=1&of=4&newf=2&showids=Kf4chm&mid=0ee28fbdc66209b6fd4684a055d0db85&uid=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&ref=%77%77%77%2e%6c%75%64%61%73%68%69%2e%63%6f%6d&ua=%4c%75%44%61%53%68%69%2f%33%2e%30%2e%30%2e%31%30%38%35%20%28%57%69%6e%64%6f%77%73%29 HTTP/1.1 Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) Host: show.g.mediav.com Connection: Keep-Alive Cache-Control: no-cache
Dec 9, 2022 05:36:02.326035023 CET	13308	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Fri, 09 Dec 2022 04:36:02 GMT Content-Type: text/html; charset=utf-8 Content-Length: 4322 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache, must-revalidate Pragma: no-cache P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Expires: -1 Set-Cookie: v=#a+y(-N!@O9UO3/smg_#; expires=Monday, 02-Nov-2099 00:00:00 GMT; path=/; domain=.mediav.com Set-Cookie: ckmts=PUUpSXCB,L64pSXCB; expires=Sunday, 08-Jan-2023 12:36:02 GMT; path=/; domain=.mediav.com; Data Raw: 7b 22 61 64 73 70 61 63 65 73 22 3a 7b 22 4b 66 34 63 68 6d 22 3a 7b 22 61 64 73 22 3a 5b 7b 22 69 6d 67 22 3a 22 68 74 74 70 3a 2f 2f 73 33 6d 37 2e 6e 7a 77 67 73 2e 63 6f 6d 2f 67 61 6c 69 6c 65 6f 2f 35 63 39 39 31 39 64 65 64 63 39 64 64 37 30 33 31 31 38 37 66 32 62 33 65 37 65 61 61 34 63 34 2e 70 6e 67 22 2c 22 64 65 73 63 22 3a 22 22 2c 22 69 6d 67 77 22 3a 39 30 30 2c 22 69 6d 67 68 22 3a 32 32 33 2c 22 69 6d 70 61 72 67 22 3a 22 61 48 52 30 63 44 6f 76 4c 33 4d 7a 62 54 63 75 62 6e 70 33 5a 33 4d 75 59 32 39 74 4c 32 64 68 62 47 6c 73 5a 57 38 76 4e 57 4d 35 4f 54 45 35 5a 47 56 6b 59 7a 6c 6b 5a 44 63 77 4d 7a 45 78 4f 44 64 6d 4d 6d 49 7a 5a 54 64 6c 59 57 45 30 59 7a 51 75 63 47 35 6e 22 2c 22 74 69 74 6c 65 22 3a 22 e9 bb 98 e8 ae a4 22 2c 22 73 72 63 22 3a 22 e7 83 ad e9 97 a8 e6 8e a8 e8 8d 90 22 2c 22 63 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 73 73 78 64 2e 6d 65 64 69 61 76 2e 63 6f 6d 2f 73 3f 74 79 70 65 3d 32 26 72 3d 32 30 26 6d 76 5f 72 65 66 3d 77 77 77 2e 6c 75 64 61 73 68 69 2e 63 6f 6d 26 65 6e 75 70 3d 43 41 41 42 56 42 45 30 4c 51 67 41 41 69 30 30 45 56 51 41 26 6d 76 69 64 3d 4d 54 6b 79 4d 7a 67 7a 4e 44 55 77 4d 44 49 7a 4e 6a 45 79 4d 44 6b 78 4d 6a 41 77 4d 6a 49 26 6d 69 64 3d 4d 47 56 6c 4d 6a 68 6d 59 6d 52 6a 4e 6a 59 79 4d 44 6c 69 4e 6d 5a 6b 4e 44 59 34 4e 47 45 77 4e 54 56 6b 4d 47 52 69 4f 44 55 26 62 69 64 3d 31 36 63 34 61 63 34 63 61 64 63 39 64 31 63 32 26 75 67 69 3d 46 66 44 4e 6a 41 45 56 39 4d 68 74 54 42 58 73 42 68 55 41 46 51 41 56 41 41 41 56 72 2b 4b 65 39 77 6b 6c 79 41 45 57 67 4d 4c 39 6a 62 62 58 39 77 55 63 46 72 71 48 2b 64 71 79 39 4a 71 30 49 42 55 41 41 43 57 66 36 75 53 6d 43 78 49 41 26 75 61 69 3d 46 64 62 32 6b 67 49 6c 41 68 55 43 46 71 44 64 69 66 71 33 78 70 71 57 4e 78 58 79 43 43 57 62 6b 75 71 4c 43 53 55 41 46 51 49 55 41 42 77 57 34 76 65 2f 39 5a 76 43 73 36 45 34 46 51 41 41 41 41 26 75 62 69 3d 46 64 72 43 69 67 45 56 34 6f 48 33 41 78 57 53 6b 75 63 64 46 66 54 6c 2b 32 49 56 42 42 55 63 46 74 44 79 2b 2b 67 59 46 71 44 64 6e 75 48 42 6a 4a 2b 57 4e 7a 51 43 46 71 41 4b 4a 51 49 56 67 4b 61 2f 72 67 73 56 74 67 4d 56 42 42 Data Ascii: {"adspaces":{"Kf4chm":{"ads":[{"img":"http://s3m7.nzwgs.com/galileo/5c9919dedc9dd7031187f2b3e7eaa4c4.png","desc":"","imgw":900,"imgh":223,"imparg":"aHR0cDovL3MzbTcubnp3Z3MuY29tL2dhbGlsZW8vNWM5OTE5ZGVkYzlkZDcwMzExODdmMmIzZTdlYWE0YzQucG5n","title":"","src":"","curl":"http://ssxd.mediav.com/s?type=2&r=20&mv_ref=www.ludashi.com&enup=CAABVBE0LQgAAi00EVQA&mvid=MTkyMzgzNDUwMDIzNjEyMDkxMjAwMjI&mid=MGVlMjhmYmRjNjYyMDliNmZkNDY4NGEwNTVkMGRiODU&bid=16c4ac4cadc9d1c2&ugi=FfDNjAEV9MhtTBXsBhUAFQAVAAAVr+Ke9wklyAEWgML9jbbX9wUcFrqH+dqy9Jq0IBUAACWf6uSmCxIA&uai=Fdb2kgIlAhUCFqDdifq3xpqWNxXyCCWbkuqLCSUAFQIUABwW4ve/9ZvCs6E4FQAAAA&ubi=FdrCigEV4oH3AxWSkucdFfTl+2IVBBUcFtDy++gYFqDdnuHBjJ+WNzQCFqAKJQIVgKa/rgsVtgMVBB
Dec 9, 2022 05:36:02.326088905 CET	13309	IN	Data Raw: 58 43 4d 68 51 55 46 75 75 43 35 4f 66 6c 6d 74 54 4d 33 77 45 56 41 45 55 43 41 41 26 63 6c 69 63 6b 69 64 3d 30 26 63 70 78 3d 5f 5f 4f 46 46 53 45 54 5f 58 5f 5f 26 63 70 79 3d 5f 5f 4f 46 46 53 45 54 5f 59 5f 5f 26 63 73 3d 5f 5f 45 56 45 4e Data Ascii: XCMhQUFuuC5OflmtTM3wEVAEUCAA&clickid=0&cpx=__OFFSET_X__&cpy=__OFFSET_Y__&cs=__EVENT_TIME_START__&ce=__EVENT_TIME_END__&adsw=__ADSPACE_W__&adsh=__ADSPACE_H__&csign2=JUcl0W0t95o=&url=http%3A%2F%2Fwww.zhenhuisz.cn%2F","flagv":0,"slot":1,"showid":
Dec 9, 2022 05:36:02.326134920 CET	13311	IN	Data Raw: 69 4f 44 55 26 62 69 64 3d 31 36 63 34 61 63 34 63 61 64 63 39 64 31 63 32 26 75 67 69 3d 46 66 44 4e 6a 41 45 56 39 4d 68 74 54 42 58 73 42 68 55 41 46 51 41 56 41 41 41 56 72 2b 4b 65 39 77 6b 6c 79 41 45 57 67 4d 4c 39 6a 62 62 58 39 77 55 63 Data Ascii: iODU&bid=16c4ac4cadc9d1c2&ugi=FfDNjAEV9MhtTBXsBhUAFQAVAAAVr+Ke9wklyAEWgML9jbbX9wUcFrqH+dqy9Jq0IBUAACWf6uSmCxIA&uai=Fdb2kgIlAhUCFqDdifq3xpqWNxXyCCWbkuqLCSUAFQIUABwW4ve/9ZvCs6E4FQAAAA&ubi=FdrCigEV4oH3AxWSkucdFfTl+2IVBBUcFtDy++gYFqDdnuHBjJ+WNzQCF
Dec 9, 2022 05:36:02.326176882 CET	13312	IN	Data Raw: 69 64 3d 31 36 63 34 61 63 34 63 61 64 63 39 64 31 63 32 26 75 67 69 3d 46 66 44 4e 6a 41 45 56 39 4d 68 74 54 42 58 73 42 68 55 41 46 51 41 56 41 41 41 56 72 2b 4b 65 39 77 6b 6c 79 41 45 57 67 4d 4c 39 6a 62 62 58 39 77 55 63 46 72 71 48 2b 64 Data Ascii: id=16c4ac4cadc9d1c2&ugi=FfDNjAEV9MhtTBXsBhUAFQAVAAAVr+Ke9wklyAEWgML9jbbX9wUcFrqH+dqy9Jq0IBUAACWf6uSmCxIA&uai=Fdb2kgIlAhUCFqDdifq3xpqWNxXyCCWbkuqLCSUAFQIUABwW4ve/9ZvCs6E4FQAAAA&ubi=FdrCigEV4oH3AxWSkucdFfTl+2IVBBUcFtDy++gYFqDdnuHBjJ+WNzQCFqAKJQI

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49844	47.117.76.201	80	C:\Users\user\Downloads\Utils\MiniNews.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:36:02.642762899 CET	13313	OUT	GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage_skin&action=parse_360skin_cfg_succ&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.ludashi.com Connection: Keep-Alive
Dec 9, 2022 05:36:03.245434999 CET	13314	OUT	GET /url4?pid=&mid=0ee28fbdc66209b6fd4684a055d0db85&mid2=eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4&appver=2.0.0.1010&modver=3.0.0.1085&type=minipage_skin&action=parse_360skin_cfg_succ&ex_ary[ex3]=larger&ex4=202aef4654876fae2ab7d3efa1473511&ex5=1 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.ludashi.com Connection: Keep-Alive
Dec 9, 2022 05:36:03.521765947 CET	13314	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:36:03 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT ETag: "5e06b3b7-0" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49845	139.129.76.177	80	C:\Users\user\Downloads\Utils\MiniNews.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:36:04.974258900 CET	13360	OUT	POST /api/minipage.php HTTP/1.1 Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) Content-Type: application/x-www-form-urlencoded Host: www1.ludashi.com Content-Length: 1036 Connection: Keep-Alive Cache-Control: no-cache
Dec 9, 2022 05:36:04.974402905 CET	13361	OUT	Data Raw: 72 7a 35 57 2b 6d 44 4c 79 45 31 70 32 77 65 6e 4d 52 43 41 44 35 54 78 47 76 31 65 6e 44 58 56 56 4c 75 69 65 76 34 76 69 52 63 49 4b 69 2b 4a 61 65 31 42 76 62 6a 79 2f 57 72 48 7a 33 7a 37 56 57 45 48 55 71 33 59 56 36 34 6a 63 46 32 58 2f 45 Data Ascii: rz5W+mDLyE1p2wenMRCAD5TxGv1enDXVVLuiev4viRcIKi+Jae1Bvbjy/WrHz3z7VWEHUq3YV64jcF2X/EeaK4dM1GpJUd9SfX6btASyBAziL1vjz/66lxG2fISvgJ/3u8IsTZYF6o49v5/q/wvJg1S7onr+L4kXERHONaFPLh1f5Jq0PGJ4G87LPH16miW7+x6q9WzqrJJsRvv0s2bKHTr7fCaSeRhdpDr2cl66922uR7sP6tU
Dec 9, 2022 05:36:06.996409893 CET	13362	OUT	Data Raw: 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 61 74 69 62 6c 65 3b 20 4d 53 49 45 20 37 2e 30 3b 20 57 69 6e 64 6f 77 73 20 4e 54 20 35 2e 31 3b Data Ascii: P/1.1Accept: /User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)Content-Type: application/x-www-form-urlencodedHost: www1.ludashi.comContent-Length: 1036Connection: Keep-AliveCache-Control: no-ca
Dec 9, 2022 05:36:10.690788984 CET	13369	OUT	POST /api/minipage.php HTTP/1.1 Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) Content-Type: application/x-www-form-urlencoded Host: www1.ludashi.com Content-Length: 1036 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 72 7a 35 57 2b 6d 44 4c 79 45 31 70 32 77 65 6e 4d 52 43 41 44 35 54 78 47 76 31 65 6e 44 58 56 56 4c 75 69 65 76 34 76 69 52 63 49 4b 69 2b 4a 61 65 31 42 76 62 6a 79 2f 57 72 48 7a 33 7a 37 56 57 45 48 55 71 33 59 56 36 34 6a 63 46 32 58 2f 45 65 61 4b 34 64 4d 31 47 70 4a 55 64 39 53 66 58 36 62 74 41 53 79 42 41 7a 69 4c 31 76 6a 7a 2f 36 36 6c 78 47 32 66 49 53 76 67 4a 2f 33 75 38 49 73 54 5a 59 46 36 6f 34 39 76 35 2f 71 2f 77 76 4a 67 31 53 37 6f 6e 72 2b 4c 34 6b 58 45 52 48 4f 4e 61 46 50 4c 68 31 66 35 4a 71 30 50 47 4a 34 47 38 37 4c 50 48 31 36 6d 69 57 37 2b 78 36 71 39 57 7a 71 72 4a 4a 73 52 76 76 30 73 32 62 4b 48 54 72 37 66 43 61 53 65 52 68 64 70 44 72 32 63 6c 36 36 39 32 32 75 52 37 73 50 36 74 55 57 30 79 30 5a 5a 38 2f 4b 44 67 34 65 36 6a 5a 4d 73 53 4b 32 32 74 61 63 70 63 33 50 68 78 58 7a 50 64 48 4c 4e 46 62 6b 42 6b 72 48 58 76 72 44 79 42 70 49 6c 6b 36 6a 72 79 63 53 45 36 4e 56 37 4a 53 5a 33 68 4f 64 45 77 7a 41 4c 35 39 71 46 4d 5a 7a 4c 33 6d 72 46 4c 46 5a 4b 77 4d 59 44 7a 6a 6b 6b 63 52 36 64 76 4f 66 53 78 44 33 39 4c 39 76 2b 51 79 56 72 64 47 49 45 36 62 6d 34 42 76 6a 67 53 6d 42 4d 6a 47 46 6e 77 4d 54 36 5a 4b 6a 65 4c 36 50 2f 64 45 64 69 51 56 57 7a 68 34 52 6c 62 51 75 55 74 6a 58 54 68 68 6a 75 36 64 63 2b 2f 2b 4c 6f 59 66 39 5a 5a 57 38 6e 56 35 37 78 51 4c 53 39 7a 56 38 38 69 75 46 6c 42 55 66 77 46 5a 41 6e 4b 2f 6f 37 77 58 63 68 54 37 2b 4b 65 66 31 62 6d 78 79 64 71 57 74 4e 34 37 4c 34 4e 74 4d 31 52 4f 6e 69 42 73 70 49 73 41 47 4d 79 5a 56 45 63 50 79 44 73 51 78 35 44 6d 48 70 71 67 61 63 63 2b 74 48 73 55 6e 4c 63 47 67 78 38 4b 76 67 69 46 36 71 72 4d 74 77 50 70 2f 31 46 52 45 71 36 2f 67 4e 49 41 46 6b 31 66 6f 75 38 67 37 77 2b 6c 4d 52 54 57 76 52 68 47 35 48 71 56 41 31 36 75 73 64 74 59 66 61 70 4b 6c 79 57 4a 77 57 79 6a 31 30 69 47 4c 79 4d 68 4a 6a 6b 7a 37 51 4a 45 48 2b 52 6a 48 2b 54 79 76 74 39 4e 51 42 43 58 2f 58 74 6e 73 44 51 4e 45 58 75 69 41 75 6c 2f 33 70 5a 53 7a 45 78 52 42 52 57 43 69 47 47 38 73 36 6d 71 33 72 54 55 63 59 75 54 73 43 4b 76 48 34 76 39 32 67 38 69 51 74 6b 34 4f 41 67 6d 73 42 75 50 56 6a 75 6a 31 75 72 66 4d 52 52 4e 30 46 76 6b 34 47 5a 69 6a 6c 32 37 73 76 74 71 56 46 51 70 5a 66 62 6e 5a 63 39 4e 47 72 6e 77 38 57 57 45 44 4e 34 54 51 69 2b 67 6e 43 35 54 4e 66 4c 61 75 2b 31 6d 66 47 74 56 76 36 54 47 48 73 6a 72 41 4f 78 56 45 37 63 67 46 30 4b 44 59 45 6e 35 6b 75 38 76 45 61 57 6c 6a 31 68 53 53 77 7a 42 37 42 75 7a 4f 52 75 59 43 6d 35 62 38 53 64 53 44 36 64 32 65 41 55 65 57 38 2b 42 38 45 53 6c 72 2b 31 41 63 57 64 63 31 2b 6c 34 67 53 64 53 44 36 64 32 65 41 55 65 64 37 6a 33 54 66 46 2f 6a 72 78 6e 4a 55 50 35 31 57 49 30 73 66 72 65 4d 4e 52 64 69 71 38 50 6e 6a 65 61 66 7a 34 69 41 54 4e 73 52 35 77 6b 2f 66 63 36 61 67 5a 69 44 6f 45 37 56 4f 41 64 52 2f 54 63 59 61 4b 42 7a 32 4a 48 44 4d 46 62 37 4f 4b 6d 57 47 2b 39 2f 36 6b 64 7a 59 2b 56 4c 4a 2f 66 38 2b 4f 33 55 45 66 6b 36 77 57 35 44 4c 47 4e 73 4c 30 6d 70 41 2f 7a 6d 62 5a 32 4c 70 64 4e 4b 73 36 Data Ascii: rz5W+mDLyE1p2wenMRCAD5TxGv1enDXVVLuiev4viRcIKi+Jae1Bvbjy/WrHz3z7VWEHUq3YV64jcF2X/EeaK4dM1GpJUd9SfX6btASyBAziL1vjz/66lxG2fISvgJ/3u8IsTZYF6o49v5/q/wvJg1S7onr+L4kXERHONaFPLh1f5Jq0PGJ4G87LPH16miW7+x6q9WzqrJJsRvv0s2bKHTr7fCaSeRhdpDr2cl66922uR7sP6tUW0y0ZZ8/KDg4e6jZMsSK22tacpc3PhxXzPdHLNFbkBkrHXvrDyBpIlk6jrycSE6NV7JSZ3hOdEwzAL59qFMZzL3mrFLFZKwMYDzjkkcR6dvOfSxD39L9v+QyVrdGIE6bm4BvjgSmBMjGFnwMT6ZKjeL6P/dEdiQVWzh4RlbQuUtjXThhju6dc+/+LoYf9ZZW8nV57xQLS9zV88iuFlBUfwFZAnK/o7wXchT7+Kef1bmxydqWtN47L4NtM1ROniBspIsAGMyZVEcPyDsQx5DmHpqgacc+tHsUnLcGgx8KvgiF6qrMtwPp/1FREq6/gNIAFk1fou8g7w+lMRTWvRhG5HqVA16usdtYfapKlyWJwWyj10iGLyMhJjkz7QJEH+RjH+Tyvt9NQBCX/XtnsDQNEXuiAul/3pZSzExRBRWCiGG8s6mq3rTUcYuTsCKvH4v92g8iQtk4OAgmsBuPVjuj1urfMRRN0Fvk4GZijl27svtqVFQpZfbnZc9NGrnw8WWEDN4TQi+gnC5TNfLau+1mfGtVv6TGHsjrAOxVE7cgF0KDYEn5ku8vEaWlj1hSSwzB7BuzORuYCm5b8SdSD6d2eAUeW8+B8ESlr+1AcWdc1+l4gSdSD6d2eAUed7j3TfF/jrxnJUP51WI0sfreMNRdiq8Pnjeafz4iATNsR5wk/fc6agZiDoE7VOAdR/TcYaKBz2JHDMFb7OKmWG+9/6kdzY+VLJ/f8+O3UEfk6wW5DLGNsL0mpA/zmbZ2LpdNKs6

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49738	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49739	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49740	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49741	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49742	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49745	216.58.212.174	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49694	123.56.161.176	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:34:11.964885950 CET	76	OUT	GET /pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700 HTTP/1.1 Host: api.pdfxd.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 9, 2022 05:34:12.508800030 CET	387	OUT	GET /pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700 HTTP/1.1 Host: api.pdfxd.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 9, 2022 05:34:12.747083902 CET	389	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:34:12 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1101 Connection: keep-alive X-Request-Id: 1360681b-886d-4f26-b658-ef5eced9ad41 Data Raw: 7b 22 65 72 72 6e 6f 22 3a 22 4f 4b 22 2c 22 70 72 6f 64 75 63 74 22 3a 22 78 75 6e 64 75 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 53 75 63 63 65 73 73 22 2c 22 64 61 74 61 22 3a 7b 22 63 68 65 63 6b 5f 61 73 73 6f 63 22 3a 74 72 75 65 2c 22 63 68 65 63 6b 5f 73 68 65 6c 6c 65 78 74 22 3a 66 61 6c 73 65 2c 22 63 6f 6e 76 4d 6f 64 65 6c 22 3a 30 2c 22 69 6f 73 72 65 63 6f 76 65 72 79 22 3a 7b 22 63 74 72 6c 22 3a 74 72 75 65 2c 22 64 6f 77 6e 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 72 63 68 69 76 65 2e 70 64 66 78 64 2e 63 6f 6d 2f 78 75 6e 64 75 2f 72 65 63 6f 76 65 72 79 2f 69 6f 73 2f 6d 69 6e 69 2e 37 7a 22 2c 22 76 65 72 22 3a 32 7d 2c 22 6b 7a 78 5f 73 77 69 74 63 68 65 72 22 3a 66 61 6c 73 65 2c 22 6d 69 6e 69 63 6f 6e 76 22 3a 7b 22 63 74 72 6c 22 3a 74 72 75 65 2c 22 64 6f 77 6e 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 64 6c 2e 78 75 6e 64 75 70 64 66 2e 63 6f 6d 2f 63 6f 6e 76 2f 6d 69 6e 69 22 2c 22 76 65 72 22 3a 39 7d 2c 22 6d 69 6e 69 64 72 65 63 6f 76 65 72 79 22 3a 7b 22 63 74 72 6c 22 3a 74 72 75 65 2c 22 64 6f 77 6e 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 64 6c 2e 78 75 6e 64 75 70 64 66 2e 63 6f 6d 2f 72 65 63 6f 76 65 72 79 2f 6d 69 6e 69 22 2c 22 76 65 72 22 3a 31 30 7d 2c 22 6d 69 6e 69 6e 65 77 73 22 3a 7b 22 63 74 72 6c 22 3a 74 72 75 65 2c 22 64 6f 77 6e 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 63 64 6e 2d 66 69 6c 65 2d 73 73 6c 2d 70 63 2e 6c 75 64 61 73 68 69 2e 63 6f 6d 2f 70 63 2f 70 64 66 2f 6d 69 6e 69 5f 32 30 31 39 30 39 30 32 2e 37 7a 22 2c 22 76 65 72 22 3a 33 7d 2c 22 6d 69 6e 69 6e 65 77 73 32 22 3a 7b 22 63 74 72 6c 22 3a 74 72 75 65 2c 22 64 6f 77 6e 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 72 63 68 69 76 65 2e 70 64 66 78 64 2e 63 6f 6d 2f 78 75 6e 64 75 2f 6d 69 6e 69 2e 37 7a 22 2c 22 76 65 72 22 3a 32 7d 2c 22 6d 69 6e 69 6e 65 77 73 33 22 3a 7b 22 63 74 72 6c 22 3a 74 72 75 65 2c 22 64 6f 77 6e 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 72 63 68 69 76 65 2e 70 64 66 78 64 2e 63 6f 6d 2f 78 75 6e 64 75 2f 70 64 66 2f 6d 69 6e 69 2e 37 7a 22 2c 22 76 65 72 22 3a 32 7d 2c 22 6d 6f 64 75 6c 65 73 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6f 66 66 69 63 65 74 6f 6f 6c 73 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 30 32 31 30 36 32 34 22 2c 22 66 6f 72 63 65 75 70 64 61 74 65 22 3a 31 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 72 63 68 69 76 65 2e 70 64 66 78 64 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2f 74 6f 6f 6c 2f 50 44 46 45 78 70 6f 72 74 2e 37 7a 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 70 64 66 32 68 74 6d 6c 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 30 32 31 30 37 30 38 22 2c 22 66 6f 72 63 65 75 70 64 61 74 65 22 3a 31 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 72 63 68 69 76 65 2e 70 64 66 78 64 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2f 74 6f 6f 6c 2f 70 64 66 32 68 74 6d 6c 2e 37 7a 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 66 66 6d 65 67 67 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 30 32 31 31 31 31 35 22 2c 22 66 6f 72 63 65 75 70 64 61 74 65 22 3a 31 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 70 64 66 78 64 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2f 74 6f 6f 6c 2f 66 66 6d 70 65 67 2e 37 7a 22 7d 5d 2c 22 72 65 63 6f 76 65 72 79 5f 6d 69 6e 69 22 3a 74 72 75 65 2c 22 73 65 72 76 65 72 5f 70 64 66 5f 61 73 73 6f 63 22 3a 31 2c 22 73 68 65 6c Data Ascii: {"errno":"OK","product":"xundu","message":"Success","data":{"check_assoc":true,"check_shellext":false,"convModel":0,"iosrecovery":{"ctrl":true,"downurl":"http://archive.pdfxd.com/xundu/recovery/ios/mini.7z","ver":2},"kzx_switcher":false,"miniconv":{"ctrl":true,"downurl":"http://dl.xundupdf.com/conv/mini","ver":9},"minidrecovery":{"ctrl":true,"downurl":"http://dl.xundupdf.com/recovery/mini","ver":10},"mininews":{"ctrl":true,"downurl":"http://cdn-file-ssl-pc.ludashi.com/pc/pdf/mini_20190902.7z","ver":3},"mininews2":{"ctrl":true,"downurl":"http://archive.pdfxd.com/xundu/mini.7z","ver":2},"mininews3":{"ctrl":true,"downurl":"http://archive.pdfxd.com/xundu/pdf/mini.7z","ver":2},"modules":[{"name":"officetools","version":"20210624","forceupdate":1,"url":"http://archive.pdfxd.com/download/tool/PDFExport.7z"},{"name":"pdf2html","version":"20210708","forceupdate":1,"url":"http://archive.pdfxd.com/download/tool/pdf2html.7z"},{"name":"ffmegg","version":"20211115","forceupdate":1,"url":"https://cdn.pdfxd.com/download/tool/ffmpeg.7z"}],"recovery_mini":true,"server_pdf_assoc":1,"shel
Dec 9, 2022 05:34:12.755105019 CET	389	IN	Data Raw: 6c 5f 70 64 66 5f 61 73 73 6f 63 22 3a 31 7d 7d Data Ascii: l_pdf_assoc":1}}
Dec 9, 2022 05:34:12.952687979 CET	389	OUT	GET /favicon.ico HTTP/1.1 Host: api.pdfxd.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 9, 2022 05:34:13.192528963 CET	390	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:34:13 GMT Content-Type: image/x-icon Content-Length: 17088 Connection: keep-alive Last-Modified: Wed, 31 Oct 2018 08:12:26 GMT ETag: "5bd963ea-42c0" Accept-Ranges: bytes
Dec 9, 2022 05:34:13.193746090 CET	391	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 23 00 00 00 20 08 06 00 00 00 98 4d c1 f7 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 3b 8a 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 Data Ascii: PNGIHDR# MpHYs;iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01
Dec 9, 2022 05:34:13.201749086 CET	392	IN	Data Raw: 74 61 6e 63 65 49 44 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3e 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 68 6f 74 6f 73 68 6f 70 3a 34 30 64 64 63 35 31 37 2d 31 65 64 66 2d 31 31 37 62 2d 62 61 Data Ascii: tanceID> <stRef:documentID>adobe:docid:photoshop:40ddc517-1edf-117b-ba51-f04f09dcfbc0</stRef:documentID> </xmpMM:DerivedFrom> <xmpMM:History> <rdf:Seq> <rdf:li rdf:parseType="Resource">
Dec 9, 2022 05:34:13.209676027 CET	393	IN	Data Raw: 20 20 3c 78 6d 70 3a 4d 6f 64 69 66 79 44 61 74 65 3e 32 30 31 37 2d 31 32 2d 31 34 54 31 36 3a 33 30 3a 30 32 2b 30 38 3a 30 30 3c 2f 78 6d 70 3a 4d 6f 64 69 66 79 44 61 74 65 3e 0a 20 20 20 20 20 20 20 20 20 3c 78 6d 70 3a 4d 65 74 61 64 61 74 Data Ascii: <xmp:ModifyDate>2017-12-14T16:30:02+08:00</xmp:ModifyDate> <xmp:MetadataDate>2017-12-14T16:30:02+08:00</xmp:MetadataDate> <dc:format>image/png</dc:format> <photoshop:ColorMode>3</photoshop:ColorMode> <tiff
Dec 9, 2022 05:34:13.217689037 CET	395	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
Dec 9, 2022 05:34:13.225828886 CET	396	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
Dec 9, 2022 05:34:13.233676910 CET	398	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
Dec 9, 2022 05:34:13.241739988 CET	399	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
Dec 9, 2022 05:34:13.249672890 CET	400	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
Dec 9, 2022 05:34:13.257663965 CET	402	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49751	58.216.14.238	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Dec 9, 2022 05:34:48.167572021 CET	1153	OUT	GET /pc/pdf/mini_20190902.7z HTTP/1.1 Host: cdn-file-ssl-pc.ludashi.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 9, 2022 05:34:48.446038961 CET	1155	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/x-7z-compressed Content-Length: 4598938 Connection: keep-alive Date: Sun, 13 Nov 2022 08:42:53 GMT x-oss-request-id: 6370AE0D64996D3234CF282F x-oss-cdn-auth: success Accept-Ranges: bytes ETag: "62B51D9E656AF3B6DE2B634B00EEB1D7" Last-Modified: Mon, 02 Sep 2019 09:00:08 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 17009406554984372102 x-oss-storage-class: Standard Content-MD5: YrUdnmVq87beK2NLAO6x1w== x-oss-server-time: 46 Ali-Swift-Global-Savetime: 1668328973 Via: cache63.l2cn3047[0,0,304-0,H], cache1.l2cn3047[0,0], cache1.l2cn3047[1,0], vcache26.cn3842[0,1,200-0,H], vcache3.cn3842[7,0] Age: 2231515 X-Cache: HIT TCP_HIT dirn:10:405984064 X-Swift-SaveTime: Sat, 19 Nov 2022 16:18:15 GMT X-Swift-CacheTime: 2046278 Timing-Allow-Origin: * EagleId: 3ad80e9716705604883167130e Data Raw: 37 7a bc af 27 1c 00 04 59 3e 0b 6c 55 2c 46 00 00 00 00 00 25 00 00 00 00 00 00 00 93 d4 02 48 e1 e3 d6 c0 09 5d 00 26 96 8e 70 00 17 f7 ec 05 bb ea f4 ff 94 01 2f 44 ee 4e bd 08 9b 42 54 4a e0 75 c6 04 61 14 73 27 fc c2 4e 2f 3a f5 6c 7a e0 84 c5 11 bd 81 1a e5 d5 be c4 71 2a 1f 2b e5 0e fb f4 19 53 99 d8 55 ee 5e 64 71 00 11 7e 40 03 f1 39 65 6e 11 ea c0 40 0e 93 e1 33 f5 78 7e 89 95 ee 82 e0 38 04 ff 47 3f da f3 32 f8 24 19 c4 aa cc d2 d4 f0 ad 73 a3 f7 68 59 49 1b 7e 50 74 6a 13 44 5f c9 f5 24 f0 a0 d0 ea b5 bf 27 14 c9 87 14 23 8f 12 d9 46 b9 7f 9b cb 40 c6 f7 92 3b d5 3d 54 a5 a2 f3 02 d6 81 f7 6d c2 99 59 24 49 e3 66 e4 76 84 a3 01 a9 88 45 78 80 40 ce 99 c0 23 86 71 5d 2e 33 2a 38 bf 87 72 ae 44 65 dc 4e ac ab cc ad f0 23 6c ce 2c a8 89 6c 93 ec 1d 6f 12 7c af 78 f5 d3 bd 07 eb 1f 61 de 1c 83 29 18 77 e9 c4 a8 c8 35 40 db 0e f1 06 0d 8c ad 98 2e 2a 81 84 34 2f a7 29 3f ca 8b ea 44 cd 78 a9 fb b4 06 48 e6 66 29 c5 a4 3a 2f 84 e4 7a ac c5 f2 2a d0 3d 00 f6 47 90 c6 7b 15 0c 42 1c 8b e3 b1 15 61 ac ee 1c 85 e4 f9 1b 7c 2e b9 d1 7f c3 c1 be 1b d2 50 f3 58 66 8f c1 a3 21 c3 14 69 1f 7a 26 80 2f 9e a0 ce 56 9c 0e 58 54 8b 76 74 e3 81 3d 77 e0 0d 9a ba 23 57 71 7b 7a 97 9f 2f f6 ee e6 0e 83 af 70 bc 2f 14 12 96 75 0f 0e 1c 5c Data Ascii: 7z'Y>lU,F%H]&p/DNBTJuas'N/:lzq+SU^dq~@9en@3x~8G?2$shYI~PtjD_$'#F@;=TmY$IfvEx@#q].38rDeN#l,lo\|xa)w5@.4/)?DxHf):/z=G{Ba\|.PXf!iz&/VXTvt=w#Wq{z/p/u\
Dec 9, 2022 05:34:48.446204901 CET	1156	IN	Data Raw: d5 bd 9f b6 71 bd d0 24 fc d5 ff 5c 5c 64 a9 a2 d2 76 ea 10 ac 45 b0 11 94 ff 13 28 96 3c f2 42 bc 19 d6 1a 0e f5 18 c5 f5 c8 f7 59 6d 85 90 8c 0a 4a e4 d0 39 70 de 65 57 73 60 af 04 c8 00 a1 59 3d b7 a6 a3 fc 3a 67 c3 25 62 70 d2 2d 4e ba 6b 27 Data Ascii: q$\\dvE(<BYmJ9peWs`Y=:g%bp-Nk'!#W4}hp#>ibb~SP A8r+1?9 /EYvBmI;9\%1qXBOPO~\|.?SwcTt&JzK7i=YB'[B]Wj
Dec 9, 2022 05:34:48.446227074 CET	1158	IN	Data Raw: b1 6f 2b 91 2a 20 83 ed f4 01 69 c6 65 2d 9d ce 66 78 b9 79 e4 9d 5c 37 ab 80 bd 83 13 a2 2b cd 16 23 51 66 2a 51 bc cb 85 97 ef 6c 1f eb 38 1d d1 71 65 75 e2 3c 3f de f4 76 48 59 76 ab 4d 4a ef e6 d6 12 28 c3 60 07 cb 1f 55 0f a5 bd 5d b2 15 41 Data Ascii: o+* ie-fxy\7+#QfQl8qeu<?vHYvMJ(`U]A^DpH3Er=0"lda~4^'7xn090tf9}av=2Akr]<`KC(r@gb,hKax4I1Fkl]SxEKr`'J)l7<B
Dec 9, 2022 05:34:48.446245909 CET	1159	IN	Data Raw: 64 04 04 87 3b 3f 66 47 d4 1f 5e e3 af 17 c2 a1 8d 33 fc b2 d5 d3 c6 2b f2 57 92 de 54 b3 c7 90 16 2d ab 33 04 c7 b7 a6 73 9b e2 46 cf f7 5c fd 5d db 95 05 a3 f6 93 54 7f 00 08 69 23 12 96 26 ad 01 41 13 6c 0e 70 bc 2c cd 9d 94 fe d6 2c a4 75 27 Data Ascii: d;?fG^3+WT-3sF\]Ti#&Alp,,u'^kr/\|[!9}X1\|"{cr~TL4--!~#Sb^OIYZlibl5}3iW1pvSV=y4lG]~9Si0[XAGPY<
Dec 9, 2022 05:34:48.446264029 CET	1160	IN	Data Raw: 05 5a 6c e4 a1 28 fc 31 6c 26 0b d0 41 c0 37 f5 de 24 df 9d a6 f0 28 bf 4a 1f 29 6c a0 b6 99 59 3b 20 55 43 4c d6 b3 85 86 8a 42 6d fe d0 be 35 d2 d1 f0 1f 12 a5 cb 33 ba 5b a7 a8 14 d0 f3 e0 27 70 98 3c b2 68 6c 2d f9 07 6f 07 f4 a8 2c 13 0a 82 Data Ascii: Zl(1l&A7$(J)lY; UCLBm53['p<hl-o,PWj2cWg^<G&GJBdxc h8N2Fcj(b}U\|~DWu_'1/[W~7DA&6p)2{Mv%1<;%j}arj
Dec 9, 2022 05:34:48.446279049 CET	1162	IN	Data Raw: 22 55 de 8a 0a 66 e2 fe 31 72 e9 fe d0 c1 44 bf 2e 29 ab 4f 85 80 70 e3 76 d6 71 b8 fc 5c ff a8 18 bd a3 a5 5f 89 84 5b de be 3e 7a e0 50 18 24 ca 97 42 1e 2f d1 b9 9e 71 a6 1b 2c ce 0e aa 6e b5 58 3d 10 cb da 89 52 90 bb ff 90 93 15 15 54 3a 4f Data Ascii: "Uf1rD.)Opvq\_[>zP$B/q,nX=RT:O<i5Rz'9zzpkCfA3\T\|.^\_5X7KZ2x5&uIZG[!e,\#LV!)l3=!nnqGx/a%bpRvTdUx
Dec 9, 2022 05:34:48.446296930 CET	1163	IN	Data Raw: 68 25 bf a7 ac 95 4a 96 50 01 b7 78 fb 86 37 d7 1f 2f 65 6b 22 9c bf 9b 63 3a c4 1a 5c 93 3b 07 c1 53 9a 6a 6a 6e 49 09 ae c5 10 ab 6b 12 eb d6 a8 59 1e f6 c1 06 90 bf 9b 51 76 fd 90 f8 45 60 98 69 22 32 db 4c cf 0d 27 52 21 be 46 bf 99 32 fa a0 Data Ascii: h%JPx7/ek"c:\;SjjnIkYQvE`i"2L'R!F2lh#?f^3J[F$G T4wei497{puc-9PW]CMB#d-~DSi4t4r\B\|ZOv,"`-Yi!@rewc2)
Dec 9, 2022 05:34:48.446316004 CET	1164	IN	Data Raw: 4d 78 ec 5c 33 99 b7 f1 3c 6a 9a 78 62 3e 7a 95 6e 8e 0c 3f bc 47 c8 f1 e9 63 b3 17 ec 4e cd c7 17 eb 82 49 61 24 83 5b 80 bc 0c 16 fa 90 6b b7 0f 8c 7b e2 c4 65 ac 0f 71 bc be 21 77 17 f6 59 11 82 00 85 7f 49 73 77 10 fc e8 f3 70 e5 54 bd 39 f9 Data Ascii: Mx\3<jxb>zn?GcNIa$[k{eq!wYIswpT9if1*8{$$~2x+zV1s"Qw^fmyyXtTMSdj{ZApW=32&WIkC/#o1k)--7%4dW["Iy?RoIv(`!f9(c
Dec 9, 2022 05:34:48.446335077 CET	1166	IN	Data Raw: df ef 29 2d 48 cc 3f 9f f5 00 a4 d1 dd ad 71 2e 05 ef 3f 02 a3 fc e9 ee 0f b1 e4 fa 7c b8 2a d9 89 c7 22 bf ce f6 0a da 7b 85 dc 0c 55 44 23 d2 a3 87 04 4a c8 a7 a6 14 ae c0 51 e4 41 67 2e 8c 69 b7 40 14 46 0f 4b 8a 25 d4 1c 1e 7f fe af 90 f5 d6 Data Ascii: )-H?q.?\|"{UD#JQAg.i@FK%jK^_cAq}B4Km,kHG,oj~1+?#BA[-]Q# ;MIUFf9#FGm(UTe(59y@jvmZ
Dec 9, 2022 05:34:48.446352005 CET	1167	IN	Data Raw: d7 fb df 4f e8 78 bf fc 10 b9 2f a6 3f 82 6d 89 58 9a d2 9d 54 0e 40 7a ed 7c ad 8f 80 82 df 62 31 e1 38 a3 e0 7b 45 6c 36 52 99 fa dc 61 3e ec 5b d1 da 1d bc bd 2b 05 58 34 8b fa 31 22 a0 31 52 a0 a5 f9 c2 26 8e 87 67 67 ac a1 e9 f8 f4 37 e0 72 Data Ascii: Ox/?mXT@z\|b18{El6Ra>[+X41"1R&gg7rA9jeKxeodx5Zm~WaoF>[{%uQvx'\FbE\/YB681JSi88,_q*O{?B"_`?Wf\M
Dec 9, 2022 05:34:48.446371078 CET	1168	IN	Data Raw: 37 1b 0a 67 dc 02 8d ca 1a 37 a8 01 86 37 4e 23 8a 2b 87 ca 0e 77 67 31 94 63 fc f5 83 f1 e0 29 44 6e cd f9 2f 28 34 22 93 9a 3b 3c b8 8c a8 e4 ed 6d 65 25 9e 5b 93 e7 96 95 bd 39 d3 e0 1f bb a1 9b e0 76 5d f8 29 7c 8e 0e 87 27 88 c1 8c c9 d0 a5 Data Ascii: 7g77N#+wg1c)Dn/(4";<me%[9v])\|'qlq(sDr&2TFtM_1^R,7OS8gigA-7AVnM-g$~0&g'(EBe_`Ic`+\Sc(9W.

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49693	142.250.186.110	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-09 04:34:11 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.102 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-12-09 04:34:11 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-OduPUfaQozikF6qg3lzAig' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 09 Dec 2022 04:34:11 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5820 X-Daystart: 74051 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-12-09 04:34:11 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 38 32 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 37 34 30 35 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5820" elapsed_seconds="74051"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2022-12-09 04:34:11 UTC	2	IN	Data Raw: 6d 78 76 59 6e 4d 76 4e 7a 49 30 51 55 46 58 4e 56 39 7a 54 32 52 76 64 55 77 79 4d 45 52 45 53 45 5a 47 56 6d 4a 6e 51 51 2f 31 2e 30 2e 30 2e 36 5f 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 Data Ascii: mxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" si
2022-12-09 04:34:11 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49692	142.250.186.45	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-09 04:34:11 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
2022-12-09 04:34:11 UTC	1	OUT	Data Raw: 20 Data Ascii:
2022-12-09 04:34:11 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 09 Dec 2022 04:34:11 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-rmxPbrOJWAEP2eJFoeRL0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-platform=, ch-ua-platform-version= Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-12-09 04:34:11 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2022-12-09 04:34:11 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49738	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-09 04:34:44 UTC	4	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJKhywEIi6vMAQj7u8wBCPq8zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
2022-12-09 04:34:44 UTC	5	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:34:44 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Kyk59wFBO4M4NFdSxuVNCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 BFCache-Opt-In: unload Permissions-Policy: unload=() Origin-Trial: AqRrpS1jM/HOs1rGR0CnXerKEP/QFz7qj9ApDSZqAO+0U+KcT/h/lxA6akW4ar0kT0V1bw5MD4t8O7L7OFwM5gUAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY3ODIzMzU5OX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-12-09 04:34:44 UTC	6	IN	Data Raw: 37 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: 79)]}'["",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:verbatimrelevance":851}]
2022-12-09 04:34:44 UTC	7	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49739	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-09 04:34:44 UTC	7	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-12-09 04:34:44 UTC	7	IN	HTTP/1.1 200 OK Version: 492505354 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 BFCache-Opt-In: unload Permissions-Policy: unload=() Origin-Trial: AqRrpS1jM/HOs1rGR0CnXerKEP/QFz7qj9ApDSZqAO+0U+KcT/h/lxA6akW4ar0kT0V1bw5MD4t8O7L7OFwM5gUAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY3ODIzMzU5OX0= Content-Disposition: attachment; filename="f.txt" Date: Fri, 09 Dec 2022 04:34:44 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: CONSENT=PENDING+885; expires=Sun, 08-Dec-2024 04:34:44 GMT; path=/; domain=.google.com; Secure P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 09 Dec 2022 04:34:44 GMT Connection: close Transfer-Encoding: chunked
2022-12-09 04:34:44 UTC	8	IN	Data Raw: 31 36 61 31 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 22 61 6c 74 5f 74 65 78 74 22 3a 22 32 30 32 32 20 57 6f 72 6c 64 20 43 75 70 20 51 75 61 72 74 65 72 20 46 69 6e 61 6c 73 22 2c 22 64 61 72 6b 5f 64 61 74 61 5f 75 72 69 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 68 6f 41 41 41 44 4e 43 41 49 41 41 41 42 78 66 30 37 50 41 41 42 45 52 45 6c 45 51 56 52 34 41 65 7a 5a 41 34 34 67 41 51 41 41 77 66 76 6a 32 62 5a 74 32 37 59 5a 35 37 79 32 62 64 74 36 78 64 71 32 4b 71 6c 77 7a 42 34 73 2b 5a 6a 55 41 67 43 54 4a 43 63 41 79 41 6b 41 63 67 4b 41 6e 41 43 41 6e 41 41 67 4a 77 44 49 43 51 42 79 41 67 42 7a 4c 69 63 41 79 41 6b 38 6a 36 Data Ascii: 16a1)]}'{"ddljson":{"alt_text":"2022 World Cup Quarter Finals","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAhoAAADNCAIAAABxf07PAABERElEQVR4AezZA44gAQAAwfvj2bZt27YZ57y2bdt6xdq2KqlwzB4s+ZjUAgCTJCcAyAkAcgKAnACAnAAgJwDICQByAgBzLicAyAk8j6
2022-12-09 04:34:44 UTC	10	IN	Data Raw: 57 56 69 69 35 6b 37 6e 6f 32 78 34 6e 4c 68 4b 48 4c 31 51 76 43 67 2b 4f 49 45 66 51 67 67 56 44 53 58 36 73 35 4d 32 48 66 39 6d 63 41 70 38 4d 30 69 63 79 41 48 71 76 61 6f 34 42 74 4b 6b 76 4e 65 45 41 37 78 46 6b 4b 66 69 52 79 78 2b 34 7a 41 4f 68 6a 6f 65 4a 33 46 57 39 38 58 62 57 6b 39 66 45 6c 30 44 56 75 35 4c 46 55 34 55 48 6a 72 6a 4a 47 75 69 38 31 47 50 6b 30 53 45 57 36 65 4f 69 4e 68 66 4e 6a 44 54 49 59 2b 76 33 68 4f 76 52 6c 65 4c 62 67 75 53 37 35 33 67 71 38 72 6e 35 33 2b 54 4f 69 4c 42 54 45 46 2f 59 77 67 78 2f 61 68 78 54 4a 66 48 57 38 32 61 75 44 53 6b 63 63 76 33 75 56 38 66 51 47 4b 6e 69 4c 31 42 42 33 2b 46 4e 2f 45 34 69 61 46 75 47 64 43 72 30 48 32 56 6f 77 75 69 70 41 6f 6e 59 75 58 55 46 4a 43 4b 54 7a 77 50 37 33 47 Data Ascii: WVii5k7no2x4nLhKHL1QvCg+OIEfQggVDSX6s5M2Hf9mcAp8M0icyAHqvao4BtKkvNeEA7xFkKfiRyx+4zAOhjoeJ3FW98XbWk9fEl0DVu5LFU4UHjrjJGui81GPk0SEW6eOiNhfNjDTIY+v3hOvRleLbguS753gq8rn53+TOiLBTEF/Ywgx/ahxTJfHW82auDSkccv3uV8fQGKniL1BB3+FN/E4iaFuGdCr0H2VowuipAonYuXUFJCKTzwP73G
2022-12-09 04:34:44 UTC	11	IN	Data Raw: 46 47 69 34 41 77 56 55 42 36 6c 32 71 67 6d 31 59 63 31 35 2f 38 38 34 59 54 36 4e 38 72 6b 6f 6c 39 6b 6a 6e 7a 6a 32 63 37 78 78 45 6d 6f 48 42 54 54 59 63 54 4d 34 34 75 54 66 2f 37 75 70 41 6d 4c 33 77 6b 52 52 53 4e 61 70 6a 68 4e 70 74 64 35 59 34 6e 48 69 62 71 72 51 68 52 74 4c 41 2b 6d 35 54 75 38 73 6a 55 2b 71 66 69 32 4d 2f 64 44 6b 53 42 4c 7a 46 5a 48 2f 6d 63 37 75 76 34 32 35 36 53 67 6a 73 79 76 2b 76 71 53 74 70 50 57 62 6e 5a 63 71 73 74 53 49 75 7a 4f 4a 33 64 68 65 52 64 33 47 2b 79 45 45 45 50 4d 73 6b 50 58 59 65 32 6b 2b 73 6e 42 43 59 70 79 6b 62 75 2b 74 76 50 42 67 63 76 71 76 7a 6a 7a 79 73 64 47 6d 47 4b 38 61 5a 2b 46 37 56 37 5a 4e 47 54 56 45 66 30 52 6a 72 2f 75 79 54 46 36 7a 4f 57 74 2b 31 63 64 65 36 38 64 4a 35 4b 4f Data Ascii: FGi4AwVUB6l2qgm1Yc15/884YT6N8rkol9kjnzj2c7xxEmoHBTTYcTM44uTf/7upAmL3wkRRSNapjhNptd5Y4nHibqrQhRtLA+m5Tu8sjU+qfi2M/dDkSBLzFZH/mc7uv4256Sgjsyv+vqStpPWbnZcqstSIuzOJ3dheRd3G+yEEEPMskPXYe2k+snBCYpykbu+tvPBgcvqvzjzysdGmGK8aZ+F7V7ZNGTVEf0Rjr/uyTF6zOWt+1cde68dJ5KO
2022-12-09 04:34:44 UTC	12	IN	Data Raw: 52 6b 58 6c 37 38 59 4a 6c 68 63 39 2f 4d 4b 4a 77 4d 47 62 56 38 59 71 74 75 61 4e 4a 74 54 53 5a 66 57 77 2f 56 62 39 67 62 34 78 35 52 76 53 61 2b 51 5a 68 72 78 33 76 68 4a 56 55 65 66 57 47 57 6d 6c 31 4b 68 4f 4f 4a 45 34 75 6d 76 48 45 4d 56 30 4d 38 6a 35 43 6d 54 70 37 4c 53 65 33 63 76 6f 64 74 55 7a 43 47 76 64 39 73 62 67 6c 4f 39 73 36 39 4d 6c 2f 57 66 33 52 38 45 6c 63 53 55 76 45 52 43 31 55 4a 76 31 68 73 58 34 39 6d 4c 2b 6c 76 6f 59 54 58 6b 6a 38 58 44 4e 67 56 70 55 6d 65 59 30 78 64 39 64 69 6f 75 4f 45 45 78 34 37 30 55 6c 42 77 49 76 71 53 4e 69 6e 50 7a 41 63 66 41 4b 45 4f 69 6f 7a 76 6e 6a 70 37 54 65 58 71 38 63 47 4a 52 58 61 63 4d 43 68 75 6a 59 71 58 45 45 56 77 4d 6d 6a 4a 49 42 6c 55 4d 51 4a 55 53 74 31 7a 45 6b 52 4a 65 Data Ascii: RkXl78YJlhc9/MKJwMGbV8YqtuaNJtTSZfWw/Vb9gb4x5RvSa+QZhrx3vhJVUefWGWml1KhOOJE4umvHEMV0M8j5CmTp7LSe3cvodtUzCGvd9sbglO9s69Ml/Wf3R8ElcSUvERC1UJv1hsX49mL+lvoYTXkj8XDNgVpUmeY0xd9diouOEEx470UlBwIvqSNinPzAcfAKEOiozvnjp7TeXq8cGJRXacMChujYqXEEVwMmjJIBlUMQJUSt1zEkRJe
2022-12-09 04:34:44 UTC	14	IN	Data Raw: 63 6f 41 45 72 33 30 6b 6e 6e 50 54 72 4d 55 32 79 49 35 2f 2b 66 30 43 47 69 62 5a 5a 42 59 76 31 31 45 69 4f 75 64 64 30 55 45 69 72 51 42 53 55 65 54 69 52 6b 4a 66 5a 79 53 69 4c 74 63 41 4d 76 4a 44 51 4c 6b 61 6b 52 44 69 76 4f 47 45 52 2b 44 67 38 38 73 52 65 73 6f 7a 49 6c 68 63 6f 54 72 34 64 56 53 47 55 4c 58 65 48 53 76 53 48 61 78 46 59 61 39 74 39 41 4d 66 55 66 6d 71 61 4d 73 44 6d 6c 78 67 2b 69 69 74 4f 6a 42 6f 35 38 76 42 63 34 63 52 41 77 6e 56 32 72 4f 6d 61 30 6e 33 63 73 6f 72 56 31 4f 49 54 6a 46 4b 5a 50 4a 44 78 31 79 2b 37 4f 67 47 63 71 4e 49 52 4a 33 2b 62 4d 4e 48 75 66 39 68 39 6c 33 49 64 79 67 6c 4f 6e 68 30 33 4f 70 31 77 4d 72 54 4b 6a 62 43 45 72 4c 73 39 6b 32 79 76 67 71 58 64 33 51 36 47 54 4d 4b 4a 46 67 32 54 6d 52 Data Ascii: coAEr30knnPTrMU2yI5/+f0CGibZZBYv11EiOudd0UEirQBSUeTiRkJfZySiLtcAMvJDQLkakRDivOGER+Dg88sResozIlhcoTr4dVSGULXeHSvSHaxFYa9t9AMfUfmqaMsDmlxg+iitOjBo58vBc4cRAwnV2rOma0n3csorV1OITjFKZPJDx1y+7OgGcqNIRJ3+bMNHuf9h9l3IdyglOnh03Op1wMrTKjbCErLs9k2yvgqXd3Q6GTMKJFg2TmR
2022-12-09 04:34:44 UTC	14	IN	Data Raw: 61 34 0d 0a 35 30 65 63 63 38 6e 52 72 48 4f 2b 49 45 52 79 54 6c 49 46 47 2f 52 4d 7a 33 57 30 31 62 34 44 6f 49 44 44 51 71 78 57 41 6f 56 4b 56 69 6c 52 54 6f 6b 6a 30 34 49 58 64 69 4e 68 56 49 52 45 65 76 69 5a 6b 37 6f 51 4e 61 63 79 63 69 4f 75 66 54 42 69 65 6a 58 33 73 62 6c 69 68 4f 45 71 36 43 7a 51 71 63 4f 43 77 42 61 65 4c 45 50 57 6d 68 53 34 43 6b 4e 67 6c 50 59 67 4e 72 6c 57 53 63 49 4b 63 6b 76 4a 47 47 69 62 49 6f 70 4f 4b 45 39 52 7a 7a 64 47 6f 63 37 34 67 54 4b 58 36 6a 39 6a 0d 0a Data Ascii: a450ecc8nRrHO+IERyTlIFG/RMz3W01b4DoIDDQqxWAoVKVilRTokj04IXdiNhVIREeviZk7oQNacyciOufTBiejX3sblihOEq6CzQqcOCwBaeLEPWmhS4CkNglPYgNrlWScIKckvJGGibIopOKE9RzzdGoc74gTKX6j9j
2022-12-09 04:34:44 UTC	14	IN	Data Raw: 38 30 30 30 0d 0a 71 46 49 4a 46 38 75 2f 67 6c 67 41 47 44 49 42 4e 51 53 62 4a 69 4f 68 55 4d 55 70 70 6c 43 76 79 51 42 63 6b 53 6e 45 67 6a 50 64 63 6e 56 4e 6e 46 53 44 44 50 57 75 2f 4f 68 30 49 73 51 63 33 48 4e 6b 39 4c 6e 41 78 37 36 52 58 42 79 61 49 72 62 37 4c 37 48 33 62 66 5a 65 61 69 74 37 4d 54 4a 78 66 58 61 59 64 4d 6e 50 52 39 71 47 6a 74 36 69 57 57 64 6a 2f 4e 6a 68 4e 33 61 34 37 63 48 78 33 6f 30 76 6e 34 36 74 30 74 37 55 57 6f 37 71 6e 34 76 30 32 38 77 44 54 78 6d 74 56 77 46 2b 75 79 52 4d 63 4a 71 36 30 6b 63 43 58 35 4b 52 65 63 70 42 77 6b 6f 67 57 33 2f 42 58 44 44 52 4a 77 52 47 51 78 49 62 4f 54 56 36 53 35 41 55 33 42 38 6c 4a 38 6c 43 7a 42 43 61 4c 57 79 36 78 73 30 72 34 54 58 42 42 7a 72 33 51 79 51 70 47 30 78 41 6c Data Ascii: 8000qFIJF8u/glgAGDIBNQSbJiOhUMUpplCvyQBckSnEgjPdcnVNnFSDDPWu/Oh0IsQc3HNk9LnAx76RXByaIrb7L7H3bfZeait7MTJxfXaYdMnPR9qGjt6iWWdj/NjhN3a47cHx3o0vn46t0t7UWo7qn4v028wDTxmtVwF+uyRMcJq60kcCX5KRecpBwkogW3/BXDDRJwRGQxIbOTV6S5AU3B8lJ8lCzBCaLWy6xs0r4TXBBzr3QyQpG0xAl
2022-12-09 04:34:44 UTC	15	IN	Data Raw: 62 59 52 33 49 69 7a 4a 57 4a 7a 30 50 72 4d 55 35 31 6b 30 35 34 49 57 70 35 64 52 6e 41 68 4c 54 6a 33 72 63 6e 61 64 63 32 6d 48 4f 4f 4e 6b 36 5a 34 76 33 76 33 6f 37 38 6e 58 66 7a 35 5a 46 55 56 48 44 68 6b 50 4d 33 42 65 77 73 75 4d 52 4f 46 71 52 50 64 2b 37 50 45 30 79 38 4f 37 71 4f 44 43 53 4e 6c 6c 47 6a 35 65 53 71 4f 4a 58 64 38 4d 71 68 44 46 31 68 64 6f 70 41 74 69 68 52 61 6f 76 36 66 37 33 44 7a 64 4f 49 35 33 78 34 6b 64 4a 43 61 6e 4c 62 58 46 2b 43 67 75 4f 4e 45 75 52 62 50 76 52 49 44 42 32 76 4a 61 33 34 57 62 67 74 69 51 50 6b 64 63 6b 36 7a 46 69 52 44 6c 35 74 2b 64 70 34 6a 46 4b 66 6c 74 6c 62 4e 2f 63 75 2f 50 4d 6a 5a 33 6f 71 70 65 70 4c 79 63 38 35 57 6e 6c 4d 4e 4e 41 53 65 77 35 50 54 69 4e 7a 4a 79 78 6e 6d 33 78 39 77 Data Ascii: bYR3IizJWJz0PrMU51k054IWp5dRnAhLTj3rcnadc2mHOONk6Z4v3v3o78nXfz5ZFUVHDhkPM3BewsuMROFqRPd+7PE0y8O7qODCSNllGj5eSqOJXd8MqhDF1hdopAtihRaov6f73DzdOI53x4kdJCanLbXF+CguONEuRbPvRIDB2vJa34WbgtiQPkdck6zFiRDl5t+dp4jFKfltlbN/cu/PMjZ3oqpepLyc85WnlMNNASew5PTiNzJyxnm3x9w
2022-12-09 04:34:44 UTC	17	IN	Data Raw: 4d 53 49 73 69 54 64 4f 79 4c 50 32 78 57 53 72 75 6e 55 39 51 37 56 75 64 33 4d 5a 6e 44 72 33 47 68 30 63 4e 37 6b 47 49 78 48 56 70 39 2b 66 39 41 65 58 76 74 6c 41 42 74 6e 51 51 51 35 67 78 50 77 74 51 30 64 65 49 49 50 7a 64 38 78 49 4a 55 35 38 42 5a 52 4b 50 41 50 4d 76 57 6e 66 43 54 72 5a 33 51 57 71 6e 67 69 32 68 49 52 31 4d 77 6d 68 41 54 52 31 52 4d 77 30 43 51 67 78 63 79 33 78 6a 33 72 5a 59 31 77 46 34 61 4f 59 62 59 39 55 70 6a 6e 47 72 42 4a 65 51 56 49 53 52 61 52 41 55 6f 4b 54 57 6c 4d 61 75 61 78 4c 62 39 59 57 75 36 2f 2f 61 42 48 52 4c 5a 49 6f 64 63 34 73 54 33 51 4c 34 61 41 77 77 6e 69 63 63 57 49 50 6a 42 4f 30 73 4b 52 46 45 77 68 6a 73 47 33 50 70 36 72 31 45 49 6c 64 79 6d 64 35 6e 44 69 4b 76 41 67 67 51 63 48 62 77 37 59 Data Ascii: MSIsiTdOyLP2xWSrunU9Q7Vud3MZnDr3Gh0cN7kGIxHVp9+f9AeXvtlABtnQQQ5gxPwtQ0deIIPzd8xIJU58BZRKPAPMvWnfCTrZ3QWqngi2hIR1MwmhATR1RMw0CQgxcy3xj3rZY1wF4aOYbY9UpjnGrBJeQVISRaRAUoKTWlMauaxLb9YWu6//aBHRLZIodc4sT3QL4aAwwniccWIPjBO0sKRFEwhjsG3Pp6r1EIldymd5nDiKvAggQcHbw7Y
2022-12-09 04:34:44 UTC	18	IN	Data Raw: 59 2b 69 76 68 69 67 78 4e 4d 64 4d 6b 54 43 52 6f 49 4c 76 76 53 6e 47 5a 52 6f 56 63 31 74 6d 58 37 43 53 6b 4b 4e 37 34 6f 51 41 46 39 59 68 54 34 73 45 74 33 74 6c 6b 79 56 46 44 32 39 49 74 77 41 53 4f 54 37 64 63 54 4a 67 35 54 37 73 64 55 69 6e 56 36 68 31 30 76 6b 56 52 45 30 48 54 5a 44 42 42 6a 32 47 36 43 41 48 36 4d 48 6e 31 4c 70 4f 78 2b 74 30 37 4d 6d 49 4b 63 62 31 47 49 37 58 38 53 75 61 50 36 58 6a 4e 52 71 32 59 4d 51 55 6e 7a 42 70 56 30 4e 42 51 70 4a 31 77 74 6a 4f 57 6e 52 75 4a 76 61 77 47 33 7a 4e 31 4f 6e 50 55 70 7a 67 66 4a 69 75 67 33 70 74 68 59 74 55 4f 72 64 38 6e 55 73 61 39 62 2f 36 33 68 63 65 65 72 54 4a 4a 56 66 65 72 44 67 70 66 30 4e 62 42 63 6d 6c 44 62 6f 2f 32 4f 72 68 50 35 35 66 37 66 69 75 30 36 75 56 72 50 51 Data Ascii: Y+ivhigxNMdMkTCRoILvvSnGZRoVc1tmX7CSkKN74oQAF9YhT4sEt3tlkyVFD29ItwASOT7dcTJg5T7sdUinV6h10vkVRE0HTZDBBj2G6CAH6MHn1LpOx+t07MmIKcb1GI7X8SuaP6XjNRq2YMQUnzBpV0NBQpJ1wtjOWnRuJvawG3zN1OnPUpzgfJiug3pthYtUOrd8nUsa9b/63hceerTJJVferDgpf0NbBcmlDbo/2OrhP55f7fiu06uVrPQ
2022-12-09 04:34:44 UTC	19	IN	Data Raw: 51 6e 30 4c 2f 4a 5a 55 2b 62 74 47 63 4d 49 4a 4a 32 6f 6c 73 68 51 6e 75 6f 5a 48 50 68 5a 42 70 62 41 4f 79 6f 79 77 51 30 71 51 67 46 4d 53 2f 64 46 2b 75 72 59 35 50 32 6a 69 78 38 65 37 4d 68 34 6e 69 41 4d 30 36 70 56 41 46 37 30 47 7a 54 4a 50 72 55 65 73 75 36 4c 5a 69 4b 61 74 32 6b 37 71 65 56 6b 6f 68 7a 72 6a 35 52 71 4d 6b 32 52 46 62 50 44 53 50 4f 44 35 39 6f 33 59 2b 39 6a 41 6c 58 45 34 46 35 4a 74 39 67 34 6e 4d 78 56 76 54 35 38 59 44 7a 62 4e 45 70 77 59 6a 57 50 32 78 49 6c 59 56 61 34 70 56 7a 5a 4b 2b 78 6a 33 4b 59 56 7a 44 66 6c 2b 6b 43 43 52 61 70 38 45 78 4a 6d 61 49 44 46 49 6d 61 37 79 6f 75 62 4b 7a 67 4e 42 41 74 69 77 50 7a 34 72 48 55 75 45 33 59 4d 5a 64 75 4e 72 6e 35 35 4b 35 6a 4c 6c 63 57 4d 31 46 35 61 79 48 62 4e Data Ascii: Qn0L/JZU+btGcMIJJ2olshQnuoZHPhZBpbAOyoywQ0qQgFMS/dF+urY5P2jix8e7Mh4niAM06pVAF70GzTJPrUesu6LZiKat2k7qeVkohzrj5RqMk2RFbPDSPOD59o3Y+9jAlXE4F5Jt9g4nMxVvT58YDzbNEpwYjWP2xIlYVa4pVzZK+xj3KYVzDfl+kCCRap8ExJmaIDFIma7youbKzgNBAtiwPz4rHUuE3YMZduNrn55K5jLlcWM1F5ayHbN
2022-12-09 04:34:44 UTC	20	IN	Data Raw: 31 59 65 31 30 32 4c 48 30 57 39 44 42 33 7a 36 7a 62 2f 74 76 4c 47 63 6c 30 75 38 79 78 4c 70 34 74 75 76 33 34 2f 73 6b 65 65 4b 2b 66 69 73 72 4b 43 49 6b 54 69 52 47 6b 37 33 31 6d 42 4e 70 61 6a 5a 42 53 72 4a 6e 38 67 7a 4c 78 53 76 77 72 35 57 69 6f 75 35 79 4c 72 4b 4c 73 37 5a 38 6f 51 50 78 37 6d 38 76 61 62 32 36 33 2f 38 4a 78 6a 4c 73 6b 54 44 53 4b 4c 6b 64 52 56 49 73 4a 47 72 64 78 4a 78 50 70 56 72 75 49 79 66 46 54 70 36 65 57 57 56 6c 41 46 32 4b 2b 47 53 5a 75 43 50 4b 38 6b 34 34 64 63 4a 43 52 77 4e 49 46 66 47 45 70 76 4a 49 70 78 77 74 75 72 75 6d 59 36 46 49 35 79 52 66 52 47 46 4e 2f 5a 2f 48 57 54 47 30 6a 31 66 36 43 36 63 6c 65 41 75 36 4a 4b 41 34 79 55 65 71 4d 6b 53 2f 6d 66 62 2f 73 51 43 49 59 71 4f 41 46 30 75 56 47 6f Data Ascii: 1Ye102LH0W9DB3z6zb/tvLGcl0u8yxLp4tuv34/skeeK+fisrKCIkTiRGk731mBNpajZBSrJn8gzLxSvwr5Wiou5yLrKLs7Z8oQPx7m8vab263/8JxjLskTDSKLkdRVIsJGrdxJxPpVruIyfFTp6eWWVlAF2K+GSZuCPK8k44dcJCRwNIFfGEpvJIpxwturumY6FI5yRfRGFN/Z/HWTG0j1f6C6cleAu6JKA4yUeqMkS/mfb/sQCIYqOAF0uVGo
2022-12-09 04:34:45 UTC	21	IN	Data Raw: 6d 5a 6d 78 63 59 38 54 63 66 6f 55 30 56 79 70 36 48 42 32 79 56 72 62 53 2f 33 63 35 53 58 4a 54 50 73 2f 65 77 44 61 79 30 75 66 46 52 2b 53 6a 53 55 47 55 54 67 34 56 42 30 61 63 55 5a 76 4f 69 4b 6d 79 35 4b 2f 4e 70 43 50 52 77 7a 63 54 43 45 72 53 44 68 41 59 76 75 68 78 49 2f 48 53 54 67 57 70 49 6c 72 68 59 72 35 2f 65 42 61 35 32 50 57 6d 75 6c 47 75 73 79 4f 50 55 36 6d 62 2f 6c 34 36 34 48 50 33 7a 76 36 78 65 35 44 6e 30 2f 61 70 48 6c 52 72 2f 78 58 69 56 76 36 46 53 72 78 56 48 51 6c 4d 38 6c 71 7a 75 4c 74 52 48 46 63 61 51 4b 45 42 43 75 34 43 47 42 59 36 6f 50 64 67 33 73 45 77 43 6c 66 4e 68 47 6f 46 4d 46 64 2b 30 47 53 31 65 4f 6b 2f 35 4a 39 66 52 62 73 7a 56 56 64 5a 75 79 34 76 39 66 4b 75 7a 6f 73 4e 48 74 35 78 4d 4f 74 32 33 37 Data Ascii: mZmxcY8TcfoU0Vyp6HB2yVrbS/3c5SXJTPs/ewDay0ufFR+SjSUGUTg4VB0acUZvOiKmy5K/NpCPRwzcTCErSDhAYvuhxI/HSTgWpIlrhYr5/eBa52PWmulGusyOPU6mb/l464HP3zv6xe5Dn0/apHlRr/xXiVv6FSrxVHQlM8lqzuLtRHFcaQKEBCu4CGBY6oPdg3sEwClfNhGoFMFd+0GS1eOk/5J9fRbszVVdZuy4v9fKuzosNHt5xMOt237
2022-12-09 04:34:45 UTC	23	IN	Data Raw: 44 72 5a 59 4a 75 2b 4d 68 46 70 71 56 76 59 62 64 61 68 68 6e 65 69 61 4f 57 31 4e 79 6e 47 69 47 58 6a 2b 74 34 76 62 36 6f 6e 69 63 65 49 56 58 34 6c 4a 34 6e 38 6b 70 6c 62 2b 44 2f 36 70 78 78 4d 6e 36 30 76 55 4d 74 76 66 78 4f 6a 77 73 57 47 4a 6e 4a 51 4b 2b 79 73 32 43 39 4b 6b 31 7a 33 69 64 44 52 38 78 34 6b 49 54 74 67 49 75 70 4b 69 4a 55 39 33 32 6c 75 71 61 48 52 4e 47 7a 30 76 4a 62 6d 54 37 71 75 32 6d 30 32 4c 65 6f 36 4d 4d 4b 30 52 63 69 68 4e 75 57 76 4b 49 53 2b 50 45 36 2f 34 65 69 64 69 59 62 55 61 43 75 6c 45 57 43 78 58 44 48 47 43 5a 6e 59 61 70 54 38 75 6e 31 38 73 72 30 58 70 61 49 38 6b 35 63 4f 70 71 62 57 56 6d 36 49 33 69 4a 75 59 58 6a 68 35 65 4f 48 73 34 46 30 44 48 68 72 6a 6b 6e 4d 78 34 37 47 61 47 34 76 31 7a 66 4c Data Ascii: DrZYJu+MhFpqVvYbdahhneiaOW1NynGiGXj+t4vb6oniceIVX4lJ4n8kplb+D/6pxxMn60vUMtvfxOjwsWGJnJQK+ys2C9Kk1z3idDR8x4kITtgIupKiJU932luqaHRNGz0vJbmT7qu2m02Leo6MMK0RcihNuWvKIS+PE6/4eidiYbUaCulEWCxXDHGCZnYapT8un18sr0XpaI8k5cOpqbWVm6I3iJuYXjh5eOHs4F0DHhrjknMx47GaG4v1zfL
2022-12-09 04:34:45 UTC	24	IN	Data Raw: 6c 6d 78 4b 72 4c 4c 30 65 4a 44 61 53 51 37 34 74 65 48 30 69 30 4f 48 44 7a 33 2b 55 46 72 30 6e 55 54 48 43 61 36 4d 70 4f 35 44 77 74 47 35 65 56 62 56 66 78 32 75 2f 64 56 6e 42 38 32 39 6a 45 4f 55 77 57 74 37 35 63 38 31 39 2f 49 34 38 52 6f 2f 36 32 32 70 57 65 6f 7a 66 46 6e 72 55 57 73 69 36 73 57 70 6d 36 55 2b 71 6d 47 6e 56 34 76 55 61 4b 5a 73 77 44 56 52 6f 6c 41 66 6e 45 59 34 77 66 6b 41 44 2b 63 57 71 77 55 71 56 4c 7a 63 75 58 32 50 48 47 2f 75 72 56 57 6a 7a 75 48 6a 39 57 4d 6b 2f 46 74 42 46 4a 4c 7a 4d 61 77 65 31 68 62 4f 74 53 32 66 67 69 56 79 4c 6f 63 37 74 73 6b 6b 6e 42 41 63 45 39 67 2f 33 37 47 50 53 4f 63 42 68 7a 37 63 4a 52 75 39 65 34 33 51 69 59 4c 73 68 54 46 34 4c 5a 2f 74 2f 64 6e 45 4e 32 59 6e 65 46 4a 65 48 69 64 Data Ascii: lmxKrLL0eJDaSQ74teH0i0OHDz3+UFr0nUTHCa6MpO5DwtG5eVbVfx2u/dVnB829jEOUwWt75c819/I48Ro/622pWeozfFnrUWsi6sWpm6U+qmGnV4vUaKZswDVRolAfnEY4wfkAD+cWqwUqVLzcuX2PHG/urVWjzuHj9WMk/FtBFJLzMawe1hbOtS2fgiVyLoc7tskknBAcE9g/37GPSOcBhz7cJRu9e43QiYLshTF4LZ/t/dnEN2YneFJeHid
2022-12-09 04:34:45 UTC	25	IN	Data Raw: 6a 43 4d 69 30 44 49 74 6f 34 71 62 68 55 45 4d 33 54 75 38 6c 75 7a 45 69 63 53 37 68 42 6c 61 43 6d 77 57 43 73 4d 50 33 53 75 45 70 6c 42 59 38 76 41 65 4a 78 34 6e 58 6c 45 31 39 37 4c 76 54 52 35 2f 51 69 37 31 53 78 6d 50 45 31 32 4e 6d 4e 34 55 45 53 74 49 73 76 4b 4b 72 74 6d 31 76 63 61 4e 2b 43 49 34 65 59 68 79 42 6b 57 49 4f 30 34 75 4b 4e 63 46 6e 44 52 2f 59 70 37 5a 34 4b 4a 45 74 39 51 70 59 54 33 70 4b 51 6c 68 41 4a 41 67 38 69 73 5a 6a 78 4e 61 34 75 6c 59 4e 4a 30 32 2b 6c 46 6f 59 36 51 48 33 74 7a 31 7a 53 64 72 61 44 6f 52 6b 48 69 63 65 4a 78 34 52 52 55 32 7a 75 50 45 55 59 49 54 6d 78 78 77 30 72 37 4c 41 6b 6d 32 7a 31 32 34 53 78 78 45 53 39 6d 72 47 64 58 52 54 49 43 64 48 42 6d 4d 45 32 31 41 77 55 31 52 73 65 59 4b 6d 4a 46 Data Ascii: jCMi0DIto4qbhUEM3Tu8luzEicS7hBlaCmwWCsMP3SuEplBY8vAeJx4nXlE197LvTR5/Qi71SxmPE12NmN4UEStIsvKKrtm1vcaN+CI4eYhyBkWIO04uKNcFnDR/Yp7Z4KJEt9QpYT3pKQlhAJAg8isZjxNa4ulYNJ02+lFoY6QH3tz1zSdraDoRkHiceJx4RRU2zuPEUYITmxxw0r7LAkm2z124SxxES9mrGdXRTICdHBmME21AwU1RseYKmJF
2022-12-09 04:34:45 UTC	26	IN	Data Raw: 2f 4a 5a 38 78 4d 6b 76 69 6a 79 63 6b 33 4d 38 70 63 7a 2f 76 79 70 38 76 2b 42 6b 57 50 45 2f 6e 6c 4f 34 50 4d 4a 42 53 54 4f 63 33 4e 4b 76 55 49 6d 6e 59 71 74 62 57 73 39 4d 2f 4f 79 38 50 45 34 38 54 74 52 4e 36 5a 4a 54 53 72 77 54 45 69 66 78 54 63 55 62 71 6e 4a 4a 51 36 56 67 6f 39 61 44 5a 62 44 64 30 4d 55 36 65 48 62 52 6d 74 48 66 72 66 4f 45 31 34 4d 2f 4f 48 44 4a 50 68 6d 2f 39 6f 34 6e 64 5a 78 74 2b 32 2f 50 52 35 77 67 67 6c 31 43 6c 4b 42 67 79 61 74 2f 4b 6d 35 6e 67 4d 65 4a 78 34 6e 48 69 5a 65 76 37 49 71 71 6e 72 4f 32 42 6f 31 73 72 74 62 2f 31 6b 62 50 4d 52 4a 64 35 53 72 66 72 6a 2f 62 6f 74 50 34 58 44 47 6a 42 33 4f 41 6a 76 4f 44 42 59 45 54 39 4a 4d 69 6e 58 35 62 2b 4d 36 54 63 79 36 54 58 31 54 74 31 4c 4c 69 6c 36 51 Data Ascii: /JZ8xMkvijyck3M8pcz/vyp8v+BkWPE/nlO4PMJBSTOc3NKvUImnYqtbWs9M/Oy8PE48TtRN6ZJTSrwTEifxTcUbqnJJQ6Vgo9aDZbDd0MU6eHbRmtHfrfOE14M/OHDJPhm/9o4ndZxt+2/PR5wggl1ClKBgyat/Km5ngMeJx4nHiZev7IqqnrO2Bo1srtb/1kbPMRJd5Srfrj/botP4XDGjB3OAjvODBYET9JMinX5b+M6Tcy6TX1Tt1LLil6Q
2022-12-09 04:34:45 UTC	28	IN	Data Raw: 30 48 36 37 37 65 38 57 42 2b 46 6e 79 46 51 67 52 48 72 49 51 55 42 53 57 51 49 2f 75 45 33 6d 41 64 77 31 37 36 5a 34 6e 48 67 6c 53 5a 4b 66 4e 43 75 67 31 4f 34 55 4c 6c 7a 78 2f 75 36 7a 72 32 30 78 42 47 79 55 75 4c 69 46 34 75 53 38 36 6b 30 5a 43 52 4c 6c 6e 41 76 2b 48 7a 61 6e 56 73 47 44 4d 63 6b 6b 70 69 6f 6c 66 73 6e 45 45 55 39 69 58 79 7a 43 48 6d 47 77 37 4d 64 41 46 45 4c 7a 4c 68 2f 47 76 65 45 66 2f 38 4f 43 6d 66 35 4c 39 6c 31 36 79 32 4d 35 70 31 7a 30 2b 39 4f 71 6f 4d 76 71 74 6d 2f 34 2f 48 52 52 30 32 35 7a 32 34 35 5a 33 33 48 63 75 74 41 73 77 63 78 34 69 61 38 54 45 2b 46 65 61 50 6a 52 6c 49 59 72 39 66 36 61 42 2b 44 51 34 4b 62 67 33 2f 69 2f 64 49 38 54 72 32 54 4d 66 79 56 70 47 63 70 71 59 46 59 4b 35 31 53 41 44 57 65 Data Ascii: 0H677e8WB+FnyFQgRHrIQUBSWQI/uE3mAdw176Z4nHglSZKfNCug1O4ULlzx/u6zr20xBGyUuLiF4uS86k0ZCRLlnAv+HzanVsGDMckkpiolfsnEEU9iXyzCHmGw7MdAFELzLh/GveEf/8OCmf5L9l16y2M5p1z0+9OqoMvqtm/4/HRR025z245Z33HcutAswcx4ia8TE+FeaPjRlIYr9f6aB+DQ4Kbg3/i/dI8Tr2TMfyVpGcpqYFYK51SADWe
2022-12-09 04:34:45 UTC	29	IN	Data Raw: 36 44 43 71 41 54 74 66 55 48 41 46 43 73 61 66 46 4c 78 64 32 57 72 50 6f 6d 6f 73 69 4a 77 45 5a 4b 6d 36 36 38 77 73 66 33 74 2f 51 73 30 51 64 49 2b 71 2b 46 46 4a 76 36 45 6c 46 38 52 41 58 66 51 42 64 4d 69 72 72 4b 2b 4c 6a 4a 6b 41 44 63 69 4a 31 2f 76 43 41 51 72 6c 41 54 54 6b 75 65 72 55 65 50 65 51 58 58 6e 30 78 41 70 57 47 6b 52 4f 55 70 72 49 74 76 61 35 6f 58 65 75 64 66 38 76 37 6a 65 51 61 4f 38 34 70 61 30 77 42 71 44 4b 68 6c 2f 43 38 72 57 63 32 68 67 70 51 45 62 79 46 52 70 7a 70 4e 48 37 57 71 65 4c 4a 41 41 6f 61 32 6c 56 77 55 4d 66 37 30 55 38 64 33 72 6b 4a 46 6a 42 77 6d 31 57 62 72 54 42 4f 39 64 74 67 72 7a 59 74 6c 62 37 70 30 4f 64 49 31 71 79 2b 7a 30 6b 79 2f 78 6c 53 5a 4a 4c 2b 57 67 43 4a 4d 6b 58 38 35 6f 4b 55 69 72 Data Ascii: 6DCqATtfUHAFCsafFLxd2WrPomosiJwEZKm668wsf3t/Qs0QdI+q+FFJv6ElF8RAXfQBdMirrK+LjJkADciJ1/vCAQrlATTkuerUePeQXXn0xApWGkROUprItva5oXeudf8v7jeQaO84pa0wBqDKhl/C8rWc2hgpQEbyFRpzpNH7WqeLJAAoa2lVwUMf70U8d3rkJFjBwm1WbrTBO9dtgrzYtlb7p0OdI1qy+z0ky/xlSZJL+WgCJMkX85oKUir
2022-12-09 04:34:45 UTC	30	IN	Data Raw: 72 79 68 43 38 55 34 6e 39 76 46 4d 6e 37 62 37 76 6f 4a 33 49 31 66 47 71 78 56 4f 56 5a 61 37 69 4f 67 56 4c 44 31 77 42 5a 34 71 43 6a 34 68 70 63 6d 69 62 51 57 43 79 45 6b 41 56 33 71 2f 61 38 62 70 4f 6c 4b 56 37 39 38 79 61 63 70 66 33 76 2f 2b 78 6e 56 39 4c 35 52 63 46 2f 6e 55 31 32 52 36 79 71 39 32 6d 78 4e 39 77 38 4e 74 61 74 2f 6f 5a 75 63 30 63 77 49 4c 34 74 56 75 36 4d 4c 35 6f 41 48 43 70 69 57 74 7a 50 68 74 6d 44 6c 79 79 79 48 4b 39 68 51 49 49 69 66 5a 4f 77 73 58 61 4c 6a 66 77 47 64 37 4c 56 42 2f 4d 2f 63 53 32 32 4d 4b 50 4c 61 35 70 4f 2b 78 58 33 6e 51 51 62 6c 74 62 58 2f 4c 4e 41 61 47 6e 53 35 70 70 39 2f 31 5a 45 32 38 56 46 6c 71 54 30 62 42 57 35 52 65 58 4e 57 33 43 79 49 6e 77 64 4b 48 47 30 36 31 78 4a 73 4d 70 69 66 Data Ascii: ryhC8U4n9vFMn7b7voJ3I1fGqxVOVZa7iOgVLD1wBZ4qCj4hpcmibQWCyEkAV3q/a8bpOlKV798yacpf3v/+xnV9L5RcF/nU12R6yq92mxN9w8Ntat/oZuc0cwIL4tVu6ML5oAHCpiWtzPhtmDlyyyHK9hQIIifZOwsXaLjfwGd7LVB/M/cS22MKPLa5pO+xX3nQQbltbX/LNAaGnS5pp9/1ZE28VFlqT0bBW5ReXNW3CyInwdKHG061xJsMpif
2022-12-09 04:34:45 UTC	31	IN	Data Raw: 30 30 33 64 5c 75 30 30 33 64 22 2c 22 64 61 72 6b 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3a 7b 22 61 6c 74 65 72 6e 61 74 65 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 68 33 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 36 64 4f 61 37 54 51 77 59 58 55 4c 71 47 44 47 4e 73 77 63 67 57 44 31 59 48 61 6e 58 58 52 61 44 77 76 43 6f 74 53 50 53 43 6d 4b 4e 64 53 64 59 69 76 7a 54 69 43 38 71 4e 76 6d 30 31 38 36 72 49 46 67 6d 30 5a 58 43 72 54 38 5a 64 59 37 41 6d 6a 46 71 2d 43 64 43 68 71 58 36 42 61 33 67 63 75 58 75 7a 54 75 5a 4d 5f 5a 5a 69 78 77 4c 79 70 75 76 51 22 2c 22 62 61 63 6b 67 72 6f 75 6e 64 5f 63 6f 6c 6f 72 22 3a 22 23 39 66 63 38 65 61 22 2c 22 62 72 69 67 68 74 6e 65 73 73 22 3a 22 4c 49 47 48 54 22 2c 22 68 Data Ascii: 003d\u003d","dark_large_image":{"alternate_url":"https://lh3.googleusercontent.com/6dOa7TQwYXULqGDGNswcgWD1YHanXXRaDwvCotSPSCmKNdSdYivzTiC8qNvm0186rIFgm0ZXCrT8ZdY7AmjFq-CdChqX6Ba3gcuXuzTuZM_ZZixwLypuvQ","background_color":"#9fc8ea","brightness":"LIGHT","h
2022-12-09 04:34:45 UTC	32	IN	Data Raw: 43 43 22 2c 22 6f 66 66 73 65 74 5f 78 22 3a 35 30 34 2c 22 6f 66 66 73 65 74 5f 79 22 3a 31 36 37 2c 22 6f 70 61 63 69 74 79 22 3a 30 2e 38 7d 2c 22 64 61 74 61 5f 75 72 69 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 68 6f 41 41 41 44 4e 43 41 49 41 41 41 42 78 66 30 37 50 41 41 42 45 52 45 6c 45 51 56 52 34 41 65 7a 5a 41 34 34 67 41 51 41 41 77 66 76 6a 32 62 5a 74 32 37 59 5a 35 37 79 32 62 64 74 36 78 64 71 32 4b 71 6c 77 7a 42 34 73 2b 5a 6a 55 41 67 43 54 4a 43 63 41 79 41 6b 41 63 67 4b 41 6e 41 43 41 6e 41 41 67 4a 77 44 49 43 51 42 79 41 67 42 7a 4c 69 63 41 79 41 6b 38 6a 36 69 37 39 37 39 69 73 45 66 42 31 63 4e 4f 42 63 67 4a 76 49 6c 74 Data Ascii: CC","offset_x":504,"offset_y":167,"opacity":0.8},"data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAhoAAADNCAIAAABxf07PAABERElEQVR4AezZA44gAQAAwfvj2bZt27YZ57y2bdt6xdq2KqlwzB4s+ZjUAgCTJCcAyAkAcgKAnACAnAAgJwDICQByAgBzLicAyAk8j6i7979isEfB1cNOBcgJvIlt
2022-12-09 04:34:45 UTC	34	IN	Data Raw: 51 36 78 44 59 2b 54 2f 42 48 5a 42 58 48 33 5a 44 6f 66 4e 35 77 73 32 76 72 68 31 76 63 2f 44 57 72 6a 75 7a 39 49 68 35 42 73 35 38 50 7a 68 64 42 74 53 5a 6e 45 73 36 43 4c 59 2b 52 67 4c 38 6a 48 31 63 43 52 79 6c 57 55 72 6f 56 7a 50 78 34 6e 48 69 65 56 61 6e 78 58 71 46 42 30 57 56 69 69 35 6b 37 6e 6f 32 78 34 6e 4c 68 4b 48 4c 31 51 76 43 67 2b 4f 49 45 66 51 67 67 56 44 53 58 36 73 35 4d 32 48 66 39 6d 63 41 70 38 4d 30 69 63 79 41 48 71 76 61 6f 34 42 74 4b 6b 76 4e 65 45 41 37 78 46 6b 4b 66 69 52 79 78 2b 34 7a 41 4f 68 6a 6f 65 4a 33 46 57 39 38 58 62 57 6b 39 66 45 6c 30 44 56 75 35 4c 46 55 34 55 48 6a 72 6a 4a 47 75 69 38 31 47 50 6b 30 53 45 57 36 65 4f 69 4e 68 66 4e 6a 44 54 49 59 2b 76 33 68 4f 76 52 6c 65 4c 62 67 75 53 37 35 33 67 Data Ascii: Q6xDY+T/BHZBXH3ZDofN5ws2vrh1vc/DWrjuz9Ih5Bs58PzhdBtSZnEs6CLY+RgL8jH1cCRylWUroVzPx4nHieVanxXqFB0WVii5k7no2x4nLhKHL1QvCg+OIEfQggVDSX6s5M2Hf9mcAp8M0icyAHqvao4BtKkvNeEA7xFkKfiRyx+4zAOhjoeJ3FW98XbWk9fEl0DVu5LFU4UHjrjJGui81GPk0SEW6eOiNhfNjDTIY+v3hOvRleLbguS753g
2022-12-09 04:34:45 UTC	35	IN	Data Raw: 67 74 45 35 66 74 44 35 6b 47 4c 4a 74 37 46 4c 33 45 55 62 38 4a 62 6d 51 74 54 43 6b 73 73 4d 48 44 48 43 56 6f 38 6f 62 48 36 4b 50 48 45 43 52 65 48 75 6a 69 67 53 33 59 71 56 30 6e 56 58 47 7a 44 47 46 68 56 72 44 42 63 6b 56 6d 38 7a 6a 76 56 35 73 59 63 4a 31 75 61 50 48 6b 69 52 6f 70 54 45 70 4c 77 4a 6d 70 79 33 75 4e 45 55 61 47 56 58 5a 70 68 43 32 46 6d 7a 4a 6f 6a 73 51 70 32 7a 64 37 38 67 58 77 50 38 45 37 77 55 59 4b 5a 2b 59 6b 62 50 75 54 62 50 32 58 54 52 7a 54 4d 52 39 65 63 31 62 4e 46 37 74 65 54 7a 48 43 2b 50 33 66 45 6b 53 56 32 50 32 6c 58 6b 38 62 43 41 33 66 78 56 73 47 50 54 55 70 44 57 56 4c 51 4f 46 47 69 34 41 77 56 55 42 36 6c 32 71 67 6d 31 59 63 31 35 2f 38 38 34 59 54 36 4e 38 72 6b 6f 6c 39 6b 6a 6e 7a 6a 32 63 37 78 Data Ascii: gtE5ftD5kGLJt7FL3EUb8JbmQtTCkssMHDHCVo8obH6KPHECReHujigS3YqV0nVXGzDGFhVrDBckVm8zjvV5sYcJ1uaPHkiRopTEpLwJmpy3uNEUaGVXZphC2FmzJojsQp2zd78gXwP8E7wUYKZ+YkbPuTbP2XTRzTMR9ec1bNF7teTzHC+P3fEkSV2P2lXk8bCA3fxVsGPTUpDWVLQOFGi4AwVUB6l2qgm1Yc15/884YT6N8rkol9kjnzj2c7x
2022-12-09 04:34:45 UTC	36	IN	Data Raw: 64 45 79 49 32 59 58 42 31 68 73 48 7a 47 30 34 47 2b 4a 37 6c 75 59 6f 67 30 6c 59 76 59 46 39 6f 52 2b 39 73 55 5a 65 2b 70 30 6e 4b 49 41 53 47 75 63 61 48 4e 50 79 6b 4e 65 30 6c 71 67 64 42 47 75 61 4b 48 74 6b 70 70 58 78 51 63 6e 2b 43 4a 66 48 54 6a 49 78 2f 74 37 6c 36 34 6e 61 6e 55 6b 70 38 4a 32 52 43 30 2f 73 31 43 68 5a 6a 2f 51 79 66 63 55 71 74 6a 35 65 68 74 58 2f 4f 4f 7a 42 69 30 2f 66 47 2b 58 52 63 4b 47 62 73 4f 57 79 58 55 2f 66 4f 54 6a 36 35 71 4f 54 45 65 63 45 4f 5a 69 63 4f 54 77 53 59 49 4b 56 61 30 61 64 5a 51 6c 35 6c 35 34 49 37 75 2b 58 56 77 61 6f 73 78 59 50 73 73 64 4a 79 52 43 48 4a 5a 73 53 52 35 4f 78 43 6d 78 69 41 50 73 74 71 2f 5a 45 31 4e 35 66 30 73 57 78 41 78 77 57 63 51 42 50 39 71 32 41 6e 6a 43 50 2f 6a 73 Data Ascii: dEyI2YXB1hsHzG04G+J7luYog0lYvYF9oR+9sUZe+p0nKIASGucaHNPykNe0lqgdBGuaKHtkppXxQcn+CJfHTjIx/t7l64nanUkp8J2RC0/s1ChZj/QyfcUqtj5ehtX/OOzBi0/fG+XRcKGbsOWyXU/fOTj65qOTEecEOZicOTwSYIKVa0adZQl5l54I7u+XVwaosxYPssdJyRCHJZsSR5OxCmxiAPstq/ZE1N5f0sWxAxwWcQBP9q2AnjCP/js
2022-12-09 04:34:45 UTC	37	IN	Data Raw: 4b 6c 68 45 38 79 39 6b 6d 63 39 65 4f 79 67 70 46 55 47 6a 5a 32 52 66 6a 67 68 78 6a 57 73 37 47 55 77 34 39 31 70 72 2b 58 71 66 78 31 5a 2f 2b 62 41 72 68 4e 6b 32 31 53 37 33 67 75 79 42 43 66 6f 34 4c 48 50 49 51 65 45 4d 4c 38 45 2b 69 30 4a 45 67 58 32 66 45 2b 61 77 36 38 44 45 74 48 2b 68 56 65 6e 31 77 4c 31 39 6d 63 4d 50 39 5a 79 6e 42 6d 51 79 65 75 76 77 4c 70 46 4b 52 64 57 6d 55 36 4a 75 33 54 70 2b 31 77 39 6c 57 74 61 6a 51 75 31 6b 74 43 47 59 6a 6b 6a 39 6e 4b 4d 4f 30 37 55 2b 72 75 44 78 4f 53 39 69 37 44 67 38 2b 35 36 51 45 71 77 45 70 62 5a 6f 6d 67 53 68 61 68 58 50 48 46 69 5a 34 78 55 35 5a 67 53 42 34 57 49 68 59 36 59 45 31 4d 79 38 2b 44 6b 32 70 59 31 30 67 38 6e 51 79 36 76 42 30 76 65 65 72 45 6e 70 78 45 69 4b 6e 59 7a Data Ascii: KlhE8y9kmc9eOygpFUGjZ2RfjghxjWs7GUw491pr+Xqfx1Z/+bArhNk21S73guyBCfo4LHPIQeEML8E+i0JEgX2fE+aw68DEtH+hVen1wL19mcMP9ZynBmQyeuvwLpFKRdWmU6Ju3Tp+1w9lWtajQu1ktCGYjkj9nKMO07U+ruDxOS9i7Dg8+56QEqwEpbZomgShahXPHFiZ4xU5ZgSB4WIhY6YE1My8+Dk2pY10g8nQy6vB0veerEnpxEiKnYz
2022-12-09 04:34:45 UTC	39	IN	Data Raw: 6b 57 36 44 47 6e 71 32 4c 31 51 57 47 79 36 51 37 7a 4c 49 64 4a 6c 34 49 54 56 35 68 4f 34 6b 76 79 55 43 30 35 53 44 68 4b 70 34 78 4c 44 76 62 4e 39 4a 7a 50 30 4c 36 5a 41 70 39 36 67 35 55 52 4a 35 6c 44 49 53 35 4d 72 6d 59 63 54 57 54 74 53 31 79 48 57 72 6e 67 77 51 31 64 38 73 64 62 46 35 6d 37 36 41 59 43 33 37 64 74 57 66 30 68 39 45 4a 49 4a 4f 4e 6e 34 64 45 64 4f 4b 55 51 55 66 44 46 31 59 38 56 42 43 56 56 32 4d 55 4c 33 43 65 73 45 5a 79 64 4f 48 68 36 37 2f 66 7a 79 74 33 49 70 34 4d 71 56 44 62 73 38 56 61 2f 34 42 65 65 58 6b 59 76 54 2b 62 35 7a 58 49 4e 64 39 76 6f 75 39 35 43 58 75 32 50 55 37 43 58 33 6c 57 76 74 44 35 6e 2f 2b 50 61 4c 4c 49 74 72 4a 53 48 53 68 52 61 4e 62 38 53 52 4e 7a 78 35 33 4d 4f 67 70 79 53 42 69 38 6c 50 Data Ascii: kW6DGnq2L1QWGy6Q7zLIdJl4ITV5hO4kvyUC05SDhKp4xLDvbN9JzP0L6ZAp96g5URJ5lDIS5MrmYcTWTtS1yHWrngwQ1d8sdbF5m76AYC37dtWf0h9EJIJONn4dEdOKUQUfDF1Y8VBCVV2MUL3CesEZydOHh67/fzyt3Ip4MqVDbs8Va/4BeeXkYvT+b5zXINd9vou95CXu2PU7CX3lWvtD5n/+PaLLItrJSHShRaNb8SRNzx53MOgpySBi8lP
2022-12-09 04:34:45 UTC	40	IN	Data Raw: 74 64 49 46 2f 56 6a 74 37 64 64 48 47 4c 41 55 32 4f 69 72 70 2f 49 6b 65 36 4c 72 4a 68 4c 43 78 50 46 4f 68 46 49 38 42 66 74 6c 78 66 53 4f 4f 4a 45 43 6e 7a 46 52 31 48 78 38 74 33 42 77 2f 42 64 6b 4e 6e 4a 43 47 4f 30 47 6a 6a 4c 55 2f 46 72 66 76 36 37 2f 71 66 2f 6a 71 78 4a 35 71 66 69 56 65 50 50 4c 6e 6e 54 71 65 58 4d 41 43 68 45 77 64 44 48 48 43 65 72 33 2f 30 53 6b 36 31 36 63 2f 50 4f 4e 61 73 33 69 6e 62 73 50 53 69 44 2b 34 35 38 70 6f 4f 49 45 62 76 73 37 34 5a 43 37 32 62 35 4c 54 75 4f 66 6c 74 41 42 56 63 57 66 79 4c 36 49 30 7a 73 34 6a 4e 45 65 55 43 76 75 2b 69 33 70 33 59 72 6f 76 64 51 51 4a 45 75 31 67 66 54 6a 68 4f 54 4b 4f 34 73 63 63 79 64 4b 4a 35 46 30 62 73 64 33 58 47 69 65 52 52 53 36 34 69 4e 45 43 31 34 71 58 74 31 Data Ascii: tdIF/Vjt7ddHGLAU2Oirp/Ike6LrJhLCxPFOhFI8BftlxfSOOJECnzFR1Hx8t3Bw/BdkNnJCGO0GjjLU/Frfv67/qf/jqxJ5qfiVePPLnnTqeXMAChEwdDHHCer3/0Sk616c/PONas3inbsPSiD+458poOIEbvs74ZC72b5LTuOfltABVcWfyL6I0zs4jNEeUCvu+i3p3YrovdQQJEu1gfTjhOTKO4sccydKJ5F0bsd3XGieRRS64iNEC14qXt1
2022-12-09 04:34:45 UTC	41	IN	Data Raw: 31 77 49 50 65 33 4a 78 30 6d 44 75 62 32 43 50 54 71 4a 51 5a 71 72 71 6b 30 71 37 6a 68 78 56 35 78 78 59 67 59 74 37 4b 45 49 39 7a 43 47 35 6c 4d 74 6b 66 6c 30 77 73 6d 55 7a 5a 2f 4d 33 2f 46 35 55 42 4f 57 37 62 37 35 78 73 59 71 48 58 2b 2b 7a 79 51 64 62 50 50 43 43 42 6d 63 76 75 47 51 65 62 43 70 65 78 71 33 31 57 50 36 76 37 70 43 42 74 6e 51 51 51 35 67 78 4e 53 73 72 5a 38 57 74 44 6b 32 51 51 49 77 58 68 77 34 30 6d 4a 6f 69 4c 51 51 4b 67 45 71 30 74 4b 52 63 74 45 46 6b 6e 44 56 72 39 32 65 4a 76 77 73 65 75 79 58 57 65 74 6c 72 2b 50 69 52 78 4b 49 37 48 45 76 4c 4d 42 49 75 47 65 46 63 35 63 6d 55 43 55 4b 72 59 6a 4a 78 4d 6e 31 4d 78 34 66 76 47 36 2f 75 57 49 4b 46 79 72 69 39 59 51 69 45 64 4d 6b 48 69 66 32 48 4b 63 5a 77 58 62 4a Data Ascii: 1wIPe3Jx0mDub2CPTqJQZqrqk0q7jhxV5xxYgYt7KEI9zCG5lMtkfl0wsmUzZ/M3/F5UBOW7b75xsYqHX++zyQdbPPCCBmcvuGQebCpexq31WP6v7pCBtnQQQ5gxNSsrZ8WtDk2QQIwXhw40mJoiLQQKgEq0tKRctEFknDVr92eJvwseuyXWetlr+PiRxKI7HEvLMBIuGeFc5cmUCUKrYjJxMn1Mx4fvG6/uWIKFyri9YQiEdMkHif2HKcZwXbJ
2022-12-09 04:34:45 UTC	42	IN	Data Raw: 67 56 72 68 6e 47 4d 5a 74 36 49 75 56 4c 7a 47 48 75 43 4e 67 58 53 42 77 4c 78 2f 64 48 76 47 78 75 51 67 30 47 56 57 67 77 4e 59 48 41 41 58 31 64 73 54 6a 62 69 52 50 32 37 55 4f 72 70 36 59 48 7a 71 39 37 77 79 48 6e 56 6d 39 37 30 31 30 64 37 74 4c 74 32 64 4f 65 71 61 4e 43 7a 56 53 2b 73 58 4f 32 73 6b 72 65 63 55 37 47 2b 73 75 54 32 70 73 2f 30 61 33 38 46 65 2b 76 64 58 49 32 39 71 4f 77 31 54 39 5a 74 2b 2b 71 41 70 66 73 6c 32 43 58 78 51 63 6d 6d 70 45 54 63 58 61 30 30 64 63 65 4a 66 4a 39 34 7a 32 54 4f 51 62 7a 67 4e 7a 35 57 63 44 37 49 33 7a 6d 33 4c 46 63 52 33 65 4b 41 55 4d 57 42 42 4c 6a 74 6a 6f 69 46 45 78 46 6c 57 58 4e 46 50 4a 68 30 46 4a 62 64 6a 49 71 62 6d 4c 48 58 38 74 69 4c 67 4d 77 69 71 4e 53 79 42 43 38 57 62 7a 6a 58 Data Ascii: gVrhnGMZt6IuVLzGHuCNgXSBwLx/dHvGxuQg0GVWgwNYHAAX1dsTjbiRP27UOrp6YHzq97wyHnVm97010d7tLt2dOeqaNCzVS+sXO2skrecU7G+suT2ps/0a38Fe+vdXI29qOw1T9Zt++qApfsl2CXxQcmmpETcXa00dceJfJ94z2TOQbzgNz5WcD7I3zm3LFcR3eKAUMWBBLjtjoiFExFlWXNFPJh0FJbdjIqbmLHX8tiLgMwiqNSyBC8WbzjX
2022-12-09 04:34:45 UTC	43	IN	Data Raw: 59 45 6c 65 50 2f 32 43 53 57 4b 47 4f 31 67 78 70 62 61 6d 5a 6b 32 7a 49 72 62 59 53 76 59 4d 57 53 57 67 32 70 73 52 6b 55 65 4e 34 74 77 77 74 6c 61 53 70 76 4d 70 52 4a 44 6b 2f 64 63 38 61 4d 32 4e 79 55 5a 46 43 70 38 41 49 42 6c 31 75 44 79 67 46 6a 43 58 31 77 69 54 74 79 58 43 32 65 47 71 50 46 31 57 61 54 4c 49 6d 6c 68 79 54 42 4a 4e 61 31 77 77 68 30 6e 6b 72 55 47 54 74 49 62 6c 42 4c 78 49 59 30 38 71 37 56 67 78 31 43 49 72 50 6f 6a 61 67 43 7a 41 69 63 6d 6e 4d 32 6d 50 36 35 55 78 42 79 44 5a 64 32 39 6d 4f 41 45 6d 62 4d 4d 69 79 7a 75 47 75 2b 66 42 54 6a 78 39 56 30 57 5a 57 6d 59 53 7a 72 47 4e 52 33 74 6a 68 4e 64 6c 7a 4d 4f 6b 32 6e 31 55 5a 67 79 59 73 66 73 35 73 49 4d 31 58 42 4e 7a 4a 67 59 39 4d 30 69 6e 48 43 32 35 71 58 68 Data Ascii: YEleP/2CSWKGO1gxpbamZk2zIrbYSvYMWSWg2psRkUeN4twwtlaSpvMpRJDk/dc8aM2NyUZFCp8AIBl1uDygFjCX1wiTtyXC2eGqPF1WaTLImlhyTBJNa1wwh0nkrUGTtIblBLxIY08q7Vgx1CIrPojagCzAicmnM2mP65UxByDZd29mOAEmbMMiyzuGu+fBTjx9V0WZWmYSzrGNR3tjhNdlzMOk2n1UZgyYsfs5sIM1XBNzJgY9M0inHC25qXh
2022-12-09 04:34:45 UTC	45	IN	Data Raw: 2b 4f 57 52 48 33 45 42 68 53 6f 77 48 64 55 70 55 74 59 57 6c 67 53 49 6b 70 49 76 74 33 45 79 2b 50 45 38 69 69 67 78 50 78 2b 4f 30 34 77 43 31 67 41 46 55 61 44 51 56 50 7a 64 33 77 65 50 49 78 55 61 38 51 77 68 74 31 38 4f 5a 61 41 4d 76 76 4d 49 70 78 77 74 76 61 30 73 77 75 63 6d 59 62 59 6c 30 38 77 53 34 46 4a 6b 4a 68 70 46 56 36 36 50 2f 68 45 5a 48 39 45 6d 4c 30 47 7a 49 65 35 76 4c 4a 57 2b 4f 58 69 36 37 74 58 67 5a 71 54 4f 58 32 66 58 46 74 50 41 45 50 51 47 68 44 53 6b 48 47 54 4f 73 48 44 6f 45 76 45 65 4a 64 6c 66 6f 6b 42 54 4e 6a 5a 59 6c 77 69 58 56 6d 45 45 34 6c 33 57 61 35 49 77 6e 44 6d 44 6b 56 5a 4c 68 52 2b 6d 4f 56 62 77 61 49 76 38 69 73 75 7a 69 78 6e 46 2b 58 54 32 6c 31 64 37 64 72 31 38 73 70 4f 53 56 54 63 76 51 72 55 Data Ascii: +OWRH3EBhSowHdUpUtYWlgSIkpIvt3Ey+PE8iigxPx+O04wC1gAFUaDQVPzd3wePIxUa8Qwht18OZaAMvvMIpxwtva0swucmYbYl08wS4FJkJhpFV66P/hEZH9EmL0GzIe5vLJW+OXi67tXgZqTOX2fXFtPAEPQGhDSkHGTOsHDoEvEeJdlfokBTNjZYlwiXVmEE4l3Wa5IwnDmDkVZLhR+mOVbwaIv8isuzixnF+XT2l1d7dr18spOSVTcvQrU
2022-12-09 04:34:45 UTC	46	IN	Data Raw: 33 47 31 46 39 39 48 57 5a 45 6c 79 70 4a 57 6c 70 56 68 51 77 30 47 42 5a 6f 33 34 71 79 44 79 6e 33 32 37 48 48 79 35 4e 41 6c 44 33 53 66 5a 6c 65 7a 6c 36 59 33 37 6a 49 72 71 4b 62 64 5a 73 67 75 75 2b 4a 7a 69 57 47 62 66 71 72 6f 34 75 4a 6b 68 6b 6d 61 76 65 37 41 56 36 76 58 52 39 66 36 74 53 65 4d 57 79 37 62 64 5a 77 6c 6e 33 7a 36 4a 52 75 38 5a 42 73 66 4a 56 32 75 67 38 63 4a 37 4e 64 35 41 44 63 52 74 43 52 47 46 48 79 55 36 50 30 5a 75 73 4a 75 6b 43 57 4a 78 63 61 70 30 45 6e 76 38 4b 7a 48 69 56 30 65 4a 2f 48 58 35 4b 45 4c 4e 75 65 63 46 31 33 7a 48 75 70 69 59 63 6e 42 44 37 37 41 44 4f 6c 4c 6f 6c 35 73 78 31 38 65 4a 39 77 70 37 74 65 0d 0a Data Ascii: 3G1F99HWZElypJWlpVhQw0GBZo34qyDyn327HHy5NAlD3SfZlezl6Y37jIrqKbdZsguu+JziWGbfqro4uJkhkmave7AV6vXR9f6tSeMWy7bdZwln3z6JRu8ZBsfJV2ug8cJ7Nd5ADcRtCRGFHyU6P0ZusJukCWJxcap0Env8KzHiV0eJ/HX5KELNuecF13zHupiYcnBD77ADOlLol5sx18eJ9wp7te
2022-12-09 04:34:45 UTC	46	IN	Data Raw: 33 30 36 38 0d 0a 78 6a 34 39 50 42 57 51 62 42 38 56 39 42 53 4e 74 4b 4c 46 4c 31 39 45 41 52 51 6b 6e 47 30 49 42 4c 72 4d 54 78 53 75 6d 77 53 35 33 2b 56 75 62 57 4f 6f 6f 69 70 4b 50 6b 77 58 62 50 77 6c 4f 61 63 64 76 2b 49 68 74 75 30 6c 79 6c 31 65 4a 69 63 30 4b 44 61 73 52 58 58 61 57 34 4a 31 77 34 33 69 4a 54 38 6c 4c 63 6d 43 4f 33 51 55 6b 35 36 56 6b 69 79 53 72 4a 57 76 43 58 67 31 77 4f 55 61 4b 4a 50 31 75 72 77 2f 32 4f 50 48 4b 61 70 6c 65 76 50 31 66 6b 6e 45 43 51 68 51 65 77 68 4a 38 46 46 35 4b 79 43 76 6d 38 6a 67 52 6c 6f 41 51 6e 52 6d 49 6d 35 4a 66 4c 57 76 53 41 30 67 5a 73 64 6b 64 4c 45 34 4a 48 6b 6c 2b 4a 61 36 6c 4f 4e 67 73 47 73 34 76 6b 54 45 6c 4c 4a 46 58 70 53 44 50 36 6e 48 69 68 52 57 57 41 42 45 57 4f 59 31 77 Data Ascii: 3068xj49PBWQbB8V9BSNtKLFL19EARQknG0IBLrMTxSumwS53+VubWOooipKPkwXbPwlOacdv+Ihtu0lyl1eJic0KDasRXXaW4J1w43iJT8lLcmCO3QUk56VkiySrJWvCXg1wOUaKJP1urw/2OPHKaplevP1fknECQhQewhJ8FF5KyCvm8jgRloAQnRmIm5JfLWvSA0gZsdkdLE4JHkl+Ja6lONgsGs4vkTElLJFXpSDP6nHihRWWABEWOY1w
2022-12-09 04:34:45 UTC	47	IN	Data Raw: 59 2b 4f 48 67 2b 6f 76 72 6b 2f 30 32 36 57 6c 38 65 4a 6c 32 5a 4e 49 49 6f 36 4a 54 41 6d 6c 4f 6e 39 54 59 55 47 4b 63 2b 64 37 4c 6d 7a 79 65 63 48 6a 34 69 74 70 48 70 59 78 31 64 64 63 73 65 43 66 74 4d 6b 36 38 35 62 35 56 45 4c 30 5a 67 6c 37 38 55 38 47 30 39 6f 4b 39 54 30 78 33 51 2b 76 58 42 53 65 2b 37 6a 77 68 4a 55 66 31 47 48 75 2b 61 4d 38 48 39 39 47 53 75 50 45 30 38 55 4b 49 4c 42 30 6a 59 4f 58 54 53 70 2b 2b 78 64 45 43 4c 6c 4f 44 6b 36 65 56 61 49 4a 57 61 72 6f 34 35 45 30 2f 6d 62 63 2f 36 73 57 6c 2f 69 6b 69 56 33 50 41 70 64 34 6e 5a 33 35 48 59 45 4d 2f 41 77 68 67 33 46 44 4e 72 55 6f 30 2b 63 67 31 33 4e 56 37 77 6b 4e 77 69 69 31 4a 72 35 67 4f 5a 52 79 4d 77 50 57 50 75 2b 2f 78 76 4d 51 48 6d 63 65 4b 4c 77 50 77 72 31 Data Ascii: Y+OHg+ovrk/026Wl8eJl2ZNIIo6JTAmlOn9TYUGKc+d7LmzyecHj4itpHpYx1ddcseCftMk685b5VEL0Zgl78U8G09oK9T0x3Q+vXBSe+7jwhJUf1GHu+aM8H99GSuPE08UKILB0jYOXTSp++xdECLlODk6eVaIJWaro45E0/mbc/6sWl/ikiV3PApd4nZ35HYEM/Awhg3FDNrUo0+cg13NV7wkNwii1Jr5gOZRyMwPWPu+/xvMQHmceKLwPwr1
2022-12-09 04:34:45 UTC	49	IN	Data Raw: 67 51 50 30 72 77 31 75 4a 4a 79 6d 6f 73 57 72 4d 78 31 72 33 69 57 6b 6b 53 5a 76 72 46 64 48 73 37 46 79 2b 50 45 71 32 76 39 74 70 67 38 55 73 66 76 74 65 71 41 42 52 51 64 37 44 56 34 7a 35 31 4e 46 53 65 31 6d 37 36 41 56 36 45 4e 37 56 30 48 54 53 31 32 36 66 33 52 63 57 49 71 59 33 41 53 69 6e 53 4a 79 4b 38 45 63 62 4c 71 6b 72 72 75 74 2b 6d 5a 50 6d 75 41 52 36 46 54 75 6f 56 55 35 63 79 48 38 35 54 7a 4d 46 73 55 6c 53 67 66 7a 5a 72 42 72 67 50 33 4e 30 77 4c 6e 4e 68 46 31 70 33 6f 56 71 37 33 44 70 42 77 6d 76 61 39 2f 7a 35 55 43 35 78 38 73 4b 64 77 31 42 50 78 38 6a 6a 78 65 71 6e 4c 4a 4f 77 64 68 61 33 53 4c 68 37 53 2f 6f 34 39 77 41 6b 67 59 64 73 55 6a 4d 6c 73 6e 43 44 4f 68 63 69 56 32 68 6f 7a 5a 6d 4a 61 4a 54 56 4a 58 44 33 42 Data Ascii: gQP0rw1uJJymosWrMx1r3iWkkSZvrFdHs7Fy+PEq2v9tpg8UsfvteqABRQd7DV4z51NFSe1m76AV6EN7V0HTS126f3RcWIqY3ASinSJyK8EcbLqkrrut+mZPmuAR6FTuoVU5cyH85TzMFsUlSgfzZrBrgP3N0wLnNhF1p3oVq73DpBwmva9/z5UC5x8sKdw1BPx8jjxeqnLJOwdha3SLh7S/o49wAkgYdsUjMlsnCDOhciV2hozZmJaJTVJXD3B
2022-12-09 04:34:45 UTC	50	IN	Data Raw: 58 4c 4b 4b 30 74 57 35 57 75 77 53 31 69 69 75 52 4d 53 78 65 44 42 7a 49 36 59 52 55 70 42 39 31 46 79 4a 78 34 6e 67 49 51 4c 6b 6e 4e 6d 68 5a 38 39 56 30 31 78 38 76 6e 57 6e 2f 33 31 74 75 4b 4d 6f 39 56 54 66 75 64 78 34 6e 47 53 44 2f 49 34 79 62 56 43 53 66 71 36 6d 35 65 36 58 70 62 62 55 68 6d 4c 4f 57 59 58 54 76 42 4c 68 43 68 42 50 5a 5a 54 78 6b 42 49 76 75 47 45 79 69 34 36 54 6f 54 6f 57 73 77 4e 57 70 51 6c 32 76 34 53 35 41 30 76 74 59 4c 4c 34 77 54 39 36 76 34 71 51 68 51 32 4c 6e 79 68 37 49 51 2b 68 53 75 55 4c 73 30 49 61 76 50 67 32 55 37 65 69 5a 66 48 69 63 64 4a 53 4b 79 71 45 6c 78 6b 68 57 6f 6c 58 57 53 46 35 62 61 43 69 36 7a 77 4f 43 7a 31 53 37 49 7a 46 64 38 76 70 34 52 34 4a 2f 31 79 53 6c 6d 63 45 6e 65 63 61 44 4f 38 Data Ascii: XLKK0tW5WuwS1iiuRMSxeDBzI6YRUpB91FyJx4ngIQLknNmhZ89V01x8vnWn/31tuKMo9VTfudx4nGSD/I4ybVCSfq6m5e6XpbbUhmLOWYXTvBLhChBPZZTxkBIvuGEyi46ToToWswNWpQl2v4S5A0vtYLL4wT96v4qQhQ2Lnyh7IQ+hSuULs0IavPg2U7eiZfHicdJSKyqElxkhWolXWSF5baCi6zwOCz1S7IzFd8vp4R4J/1ySlmcEnecaDO8
2022-12-09 04:34:45 UTC	51	IN	Data Raw: 67 32 46 78 34 6c 58 6e 6b 75 68 7a 4a 49 6b 48 61 51 32 4b 65 45 71 4b 5a 63 4b 71 34 52 50 44 64 4f 41 36 55 64 71 49 39 52 42 59 64 44 4d 6a 63 4f 4d 2b 31 35 61 57 36 66 64 30 68 4f 70 32 63 76 72 32 30 2f 63 43 52 58 6b 62 64 57 69 71 51 47 43 54 79 61 69 33 42 56 7a 33 6a 4d 6a 79 64 2f 7a 35 64 62 59 41 31 42 77 78 54 45 66 49 34 36 70 66 58 34 41 63 68 79 38 57 43 2b 50 45 79 38 6a 6f 49 7a 52 74 4d 2f 58 2b 47 4f 7a 31 53 38 5a 47 56 51 39 52 74 39 51 4d 39 69 70 45 76 34 48 71 41 41 59 7a 77 32 63 33 4c 44 6a 6e 42 50 68 70 46 58 58 73 51 39 30 6e 74 4c 67 68 56 56 41 70 65 41 2b 6a 4d 65 4a 66 4b 6e 77 4b 64 57 4f 71 32 66 4a 49 47 4c 44 76 49 4d 50 39 74 76 49 72 54 48 76 47 6c 4f 45 78 77 5a 76 34 70 59 4e 58 58 30 4d 63 73 67 37 42 4c 46 68 Data Ascii: g2Fx4lXnkuhzJIkHaQ2KeEqKZcKq4RPDdOA6UdqI9RBYdDMjcOM+15aW6fd0hOp2cvr20/cCRXkbdWiqQGCTyai3BVz3jMjyd/z5dbYA1BwxTEfI46pfX4Achy8WC+PEy8joIzRtM/X+GOz1S8ZGVQ9Rt9QM9ipEv4HqAAYzw2c3LDjnBPhpFXXsQ90ntLghVVApeA+jMeJfKnwKdWOq2fJIGLDvIMP9tvIrTHvGlOExwZv4pYNXX0Mcsg7BLFh
2022-12-09 04:34:45 UTC	52	IN	Data Raw: 44 30 74 48 6d 33 38 51 42 50 6c 50 66 4d 41 42 6f 50 49 76 37 50 75 62 62 49 4c 33 2b 57 68 72 70 4d 4d 54 39 54 49 75 4b 51 30 38 63 36 6c 46 72 2f 45 45 53 66 69 57 55 4b 55 31 4a 79 4c 6c 38 65 4a 31 7a 31 64 6c 6a 33 55 63 64 43 4f 79 54 55 50 7a 71 68 67 61 75 32 34 47 32 35 36 2f 4c 56 47 37 55 61 66 36 49 43 4e 45 36 39 69 62 37 4f 65 61 31 4b 59 76 39 58 41 65 68 53 54 39 4b 4d 54 59 63 49 6d 32 70 57 53 35 48 4d 68 59 4a 67 72 6a 32 73 33 65 4c 5a 45 72 57 59 56 72 6d 6f 68 76 71 4d 51 76 56 47 64 71 69 58 4b 58 51 6c 4c 54 4f 54 33 65 71 72 71 68 5a 57 72 6f 56 4b 56 72 72 2b 6b 55 58 2f 43 58 78 72 77 4e 41 70 7a 55 79 6b 38 43 55 4b 55 2b 59 67 54 62 6d 34 4b 50 45 73 76 6a 78 4d 76 6d 64 63 7a 57 79 66 30 6e 50 43 4d 2f 76 2f 59 4f 77 50 50 Data Ascii: D0tHm38QBPlPfMABoPIv7PubbIL3+WhrpMMT9TIuKQ08c6lFr/EESfiWUKU1JyLl8eJ1z1dlj3UcdCOyTUPzqhgau24G256/LVG7Uaf6ICNE69ib7Oea1KYv9XAehST9KMTYcIm2pWS5HMhYJgrj2s3eLZErWYVrmohvqMQvVGdqiXKXQlLTOT3eqrqhZWroVKVrr+kUX/CXxrwNApzUyk8CUKU+YgTbm4KPEsvjxMvmdczWyf0nPCM/v/YOwPP
2022-12-09 04:34:45 UTC	53	IN	Data Raw: 34 57 65 68 64 47 6e 30 79 37 6f 64 37 38 39 62 4c 66 34 37 57 33 35 78 39 35 4e 37 57 47 2f 33 6a 7a 79 61 35 48 35 37 74 73 35 48 6a 31 71 34 35 65 51 79 42 65 36 6b 55 52 71 51 75 7a 33 65 34 56 4a 6a 59 34 42 57 68 49 76 49 79 66 6a 66 68 65 4c 69 70 77 55 49 48 49 53 47 41 70 47 47 2b 62 37 44 65 72 36 6e 6d 35 42 32 4f 34 67 32 2b 4f 64 62 33 35 35 30 42 34 47 71 66 6b 65 41 30 52 70 5a 70 65 48 33 52 4a 6c 79 67 7a 73 56 72 6d 52 66 4c 31 55 4a 46 75 62 65 71 79 70 6f 46 2b 79 65 35 66 37 46 61 71 64 6a 35 65 58 54 45 32 73 54 66 70 64 78 4d 35 63 68 41 55 49 49 69 65 52 45 33 68 6e 76 74 2f 67 37 2b 51 48 6a 2f 35 74 71 65 66 54 62 2f 38 59 4f 36 59 64 45 49 49 63 2f 59 50 36 48 6e 35 30 71 71 52 72 6a 5a 79 63 54 76 30 4f 6c 43 6e 49 34 58 44 6d Data Ascii: 4WehdGn0y7od789bLf47W35x95N7WG/3jzya5H57ts5Hj1q45eQyBe6kURqQuz3e4VJjY4BWhIvIyfjfheLipwUIHISGApGG+b7Der6nm5B2O4g2+Odb3550B4GqfkeA0RpZpeH3RJlygzsVrmRfL1UJFubeqypoF+ye5f7Faqdj5eXTE2sTfpdxM5chAUIIieRE3hnvt/g7+QHj/5tqefTb/8YO6YdEIIc/YP6Hn50qqRrjZycTv0OlCnI4XDm
2022-12-09 04:34:45 UTC	55	IN	Data Raw: 64 6b 77 57 58 34 68 4b 6c 76 4f 43 34 31 43 79 69 31 67 5a 4d 53 47 6e 33 4c 61 45 70 4c 62 76 7a 4f 4e 31 35 4a 64 46 61 4b 50 6d 4c 5a 51 51 62 78 73 48 71 41 6c 65 36 4f 79 33 58 59 54 67 63 77 32 57 5a 47 54 34 44 5a 79 6c 70 2b 73 62 53 31 34 55 35 65 4d 54 61 44 36 65 64 4f 5a 74 42 63 48 6a 47 57 32 51 45 65 66 43 77 35 43 37 63 62 6d 43 39 70 58 35 6f 78 76 36 31 73 52 4c 2b 4c 43 71 6c 45 2b 76 57 4e 2f 31 37 33 6a 32 74 73 4d 50 51 37 54 69 75 6f 52 52 45 34 43 39 52 76 4d 71 39 70 4e 43 35 51 50 6a 6e 6e 78 47 6a 59 39 44 71 45 47 5a 6d 64 47 6b 37 59 62 4f 66 46 68 71 6f 71 58 72 31 51 34 59 59 51 66 7a 61 44 2b 61 45 48 52 79 52 56 62 30 43 59 4a 49 69 66 42 51 4c 2f 42 64 31 42 49 6b 4e 58 38 6e 4d 7a 78 63 64 37 46 54 54 52 37 54 2b 64 4e Data Ascii: dkwWX4hKlvOC41Cyi1gZMSGn3LaEpLbvzON15JdFaKPmLZQQbxsHqAle6Oy3XYTgcw2WZGT4DZylp+sbS14U5eMTaD6edOZtBcHjGW2QEefCw5C7cbmC9pX5oxv61sRL+LCqlE+vWN/173j2tsMPQ7TiuoRRE4C9RvMq9pNC5QPjnnxGjY9DqEGZmdGk7YbOfFhqoqXr1Q4YYQfzaD+aEHRyRVb0CYJIifBQL/Bd1BIkNX8nMzxcd7FTTR7T+dN
2022-12-09 04:34:45 UTC	56	IN	Data Raw: 22 73 6c 6f 74 22 3a 32 32 2c 22 75 72 6c 22 3a 22 2f 6c 6f 67 6f 73 2f 64 6f 6f 64 6c 65 73 2f 32 30 32 32 2f 32 30 32 32 2d 77 6f 72 6c 64 2d 63 75 70 2d 71 75 61 72 74 65 72 2d 66 69 6e 61 6c 73 2d 64 65 63 2d 39 2d 31 30 2d 36 37 35 33 36 35 31 38 33 37 31 31 30 30 30 36 2d 6c 2e 70 6e 67 22 2c 22 76 61 72 69 61 6e 74 22 3a 5b 7b 22 6d 69 6d 65 5f 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 77 65 62 70 22 2c 22 75 72 6c 22 3a 22 2f 6c 6f 67 6f 73 2f 64 6f 6f 64 6c 65 73 2f 32 30 32 32 2f 32 30 32 32 2d 77 6f 72 6c 64 2d 63 75 70 2d 71 75 61 72 74 65 72 2d 66 69 6e 61 6c 73 2d 64 65 63 2d 39 2d 31 30 2d 36 37 35 33 36 35 31 38 33 37 31 31 30 30 30 36 2d 6c 2e 77 65 62 70 22 7d 5d 2c 22 77 69 64 74 68 22 3a 35 33 38 7d 2c 22 6c 61 75 6e 63 68 5f 69 6e 74 65 Data Ascii: "slot":22,"url":"/logos/doodles/2022/2022-world-cup-quarter-finals-dec-9-10-6753651837110006-l.png","variant":[{"mime_type":"image/webp","url":"/logos/doodles/2022/2022-world-cup-quarter-finals-dec-9-10-6753651837110006-l.webp"}],"width":538},"launch_inte
2022-12-09 04:34:45 UTC	57	IN	Data Raw: 2c 22 6f 70 61 63 69 74 79 22 3a 31 7d 2c 22 73 68 61 72 65 5f 74 65 78 74 22 3a 22 4c 65 74 20 74 68 65 20 71 75 61 72 74 65 72 2d 66 69 6e 61 6c 73 20 62 65 67 69 6e 20 23 47 6f 6f 67 6c 65 44 6f 6f 64 6c 65 5c 6e 68 74 74 70 73 3a 2f 2f 67 2e 63 6f 2f 64 6f 6f 64 6c 65 2f 72 62 36 63 74 6e 63 22 2c 22 73 68 6f 72 74 5f 6c 69 6e 6b 22 3a 22 2f 2f 67 2e 63 6f 2f 64 6f 6f 64 6c 65 2f 72 62 36 63 74 6e 63 22 2c 22 73 68 6f 77 5f 6e 6f 77 5f 68 65 61 64 65 72 5f 73 65 61 72 63 68 5f 61 66 66 6f 72 64 61 6e 63 65 22 3a 66 61 6c 73 65 2c 22 73 68 6f 77 5f 6e 6f 77 5f 68 65 61 64 65 72 5f 73 68 61 72 65 5f 62 75 74 74 6f 6e 22 3a 74 72 75 65 2c 22 73 6d 61 6c 6c 5f 69 6d 61 67 65 22 3a 7b 22 61 6c 74 65 72 6e 61 74 65 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f Data Ascii: ,"opacity":1},"share_text":"Let the quarter-finals begin #GoogleDoodle\nhttps://g.co/doodle/rb6ctnc","short_link":"//g.co/doodle/rb6ctnc","show_now_header_search_affordance":false,"show_now_header_share_button":true,"small_image":{"alternate_url":"https:/

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49740	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-09 04:34:45 UTC	58	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJKhywEIi6vMAQj7u8wBCPq8zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-12-09 04:34:45 UTC	59	IN	HTTP/1.1 200 OK Version: 492505354 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 BFCache-Opt-In: unload Permissions-Policy: unload=() Origin-Trial: AqRrpS1jM/HOs1rGR0CnXerKEP/QFz7qj9ApDSZqAO+0U+KcT/h/lxA6akW4ar0kT0V1bw5MD4t8O7L7OFwM5gUAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY3ODIzMzU5OX0= Content-Disposition: attachment; filename="f.txt" Date: Fri, 09 Dec 2022 04:34:45 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: CONSENT=PENDING+153; expires=Sun, 08-Dec-2024 04:34:45 GMT; path=/; domain=.google.com; Secure P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 09 Dec 2022 04:34:45 GMT Connection: close Transfer-Encoding: chunked
2022-12-09 04:34:45 UTC	60	IN	Data Raw: 34 34 61 63 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 61 20 67 62 5f 36 61 20 67 62 5f 56 65 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 Data Ascii: 44ac)]}'{"update":{"language_code":"en-GB","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_ua gb_6a gb_Ve\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003c
2022-12-09 04:34:45 UTC	61	IN	Data Raw: 33 63 5c 2f 70 61 74 68 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 63 20 67 62 5f 46 61 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 79 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 6f 65 20 67 62 5f 7a 63 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 63 20 67 62 5f 6c Data Ascii: 3c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xc gb_Fa\"\u003e\u003cdiv class\u003d\"gb_yc\"\u003e\u003ca class\u003d\"gb_oe gb_zc\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Dc gb_l
2022-12-09 04:34:45 UTC	63	IN	Data Raw: 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 20 67 62 5f 6c 64 20 67 62 5f 6c 20 67 62 5f 46 66 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 66 62 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 77 61 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 66 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 20 61 70 70 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 Data Ascii: 003e\u003cdiv class\u003d\"gb_F gb_ld gb_l gb_Ff\" data-ogsr-fb\u003d\"true\" data-ogsr-alt\u003d\"\" id\u003d\"gbwa\"\u003e\u003cdiv class\u003d\"gb_Ef\"\u003e\u003ca class\u003d\"gb_d\" aria-label\u003d\"Google apps\" href\u003d\"https://www.google.co.u
2022-12-09 04:34:45 UTC	64	IN	Data Raw: 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 79 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 6f 65 20 67 62 5f 7a 63 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 63 20 67 62 5f 6c 65 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 Data Ascii: 003e\u003cdiv class\u003d\"gb_yc\"\u003e\u003ca class\u003d\"gb_oe gb_zc\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Dc gb_le\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c
2022-12-09 04:34:45 UTC	65	IN	Data Raw: 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 61 5c 75 30 30 33 64 21 30 7d 7d 29 3b 74 72 79 7b 5f 2e 6e 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 5c 22 74 65 73 74 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 62 29 2c 5f 2e 6e 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 5c 22 74 65 73 74 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 62 29 7d 63 61 74 63 68 28 63 29 7b 7d 72 65 74 75 72 6e 20 61 7d 28 29 3b 5c 6e 5f 2e 76 65 5c 75 30 30 33 64 5f 2e 50 62 3f 5c 22 77 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 5c 22 3a 5c 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 5c 22 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 77 65 5c Data Ascii: t:function(){a\u003d!0}});try{_.n.addEventListener(\"test\",function(){},b),_.n.removeEventListener(\"test\",function(){},b)}catch(c){}return a}();\n_.ve\u003d_.Pb?\"webkitTransitionEnd\":\"transitionend\";\n\n}catch(e){_._DumpException(e)}\ntry{\nvar we\
2022-12-09 04:34:45 UTC	67	IN	Data Raw: 64 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 68 69 73 2e 77 69 64 74 68 29 3b 74 68 69 73 2e 68 65 69 67 68 74 5c 75 30 30 33 64 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 68 69 73 2e 68 65 69 67 68 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 6b 2e 72 6f 75 6e 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 77 69 64 74 68 5c 75 30 30 33 64 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 77 69 64 74 68 29 3b 74 68 69 73 2e 68 65 69 67 68 74 5c 75 30 30 33 64 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 68 65 69 67 68 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5c 6e 76 61 72 20 46 65 2c 49 65 3b 5f 2e 45 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 62 7c 7c 64 6f 63 75 6d 65 6e 74 29 2e 67 65 Data Ascii: dMath.floor(this.width);this.height\u003dMath.floor(this.height);return this};_.k.round\u003dfunction(){this.width\u003dMath.round(this.width);this.height\u003dMath.round(this.height);return this};\nvar Fe,Ie;_.Ee\u003dfunction(a,b){return(b\|\|document).ge
2022-12-09 04:34:45 UTC	68	IN	Data Raw: 75 30 30 33 63 63 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 66 5c 75 30 30 33 64 63 5b 65 5d 3b 69 66 28 21 5f 2e 41 65 28 66 29 7c 7c 5f 2e 77 62 28 66 29 5c 75 30 30 32 36 5c 75 30 30 32 36 30 5c 75 30 30 33 63 66 2e 6e 6f 64 65 54 79 70 65 29 64 28 66 29 3b 65 6c 73 65 7b 61 3a 7b 69 66 28 66 5c 75 30 30 32 36 5c 75 30 30 32 36 5c 22 6e 75 6d 62 65 72 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 66 2e 6c 65 6e 67 74 68 29 7b 69 66 28 5f 2e 77 62 28 66 29 29 7b 76 61 72 20 67 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 66 2e 69 74 65 6d 7c 7c 5c 22 73 74 72 69 6e 67 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 66 2e 69 74 65 6d 3b 62 72 65 61 Data Ascii: u003cc.length;e++){var f\u003dc[e];if(!_.Ae(f)\|\|_.wb(f)\u0026\u00260\u003cf.nodeType)d(f);else{a:{if(f\u0026\u0026\"number\"\u003d\u003dtypeof f.length){if(_.wb(f)){var g\u003d\"function\"\u003d\u003dtypeof f.item\|\|\"string\"\u003d\u003dtypeof f.item;brea
2022-12-09 04:34:45 UTC	69	IN	Data Raw: 69 73 65 6c 65 63 74 61 62 6c 65 5c 75 30 30 33 64 21 31 2c 63 2e 6f 72 69 65 6e 74 61 74 69 6f 6e 5c 75 30 30 33 64 5c 22 76 65 72 74 69 63 61 6c 5c 22 2c 63 2e 72 65 61 64 6f 6e 6c 79 5c 75 30 30 33 64 21 31 2c 63 2e 72 65 6c 65 76 61 6e 74 5c 75 30 30 33 64 5c 22 61 64 64 69 74 69 6f 6e 73 20 74 65 78 74 5c 22 2c 63 2e 72 65 71 75 69 72 65 64 5c 75 30 30 33 64 21 31 2c 63 2e 73 6f 72 74 5c 75 30 30 33 64 5c 22 6e 6f 6e 65 5c 22 2c 63 2e 62 75 73 79 5c 75 30 30 33 64 21 31 2c 63 2e 64 69 73 61 62 6c 65 64 5c 75 30 30 33 64 21 31 2c 63 2e 68 69 64 64 65 6e 5c 75 30 30 33 64 21 31 2c 63 2e 69 6e 76 61 6c 69 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 2c 63 29 29 2c 63 5c 75 30 30 33 64 50 65 2c 62 20 69 6e 20 63 3f 61 2e 73 65 74 41 74 74 72 69 62 75 Data Ascii: iselectable\u003d!1,c.orientation\u003d\"vertical\",c.readonly\u003d!1,c.relevant\u003d\"additions text\",c.required\u003d!1,c.sort\u003d\"none\",c.busy\u003d!1,c.disabled\u003d!1,c.hidden\u003d!1,c.invalid\u003d\"false\",c)),c\u003dPe,b in c?a.setAttribu
2022-12-09 04:34:45 UTC	71	IN	Data Raw: 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 63 6c 61 73 73 4c 69 73 74 3f 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 2e 63 61 6c 6c 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 5f 2e 57 65 28 61 2c 63 29 7d 29 3a 55 65 28 61 2c 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 74 65 72 2e 63 61 6c 6c 28 54 65 28 61 29 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 21 5f 2e 79 65 28 62 2c 63 29 7d 29 2e 6a 6f 69 6e 28 5c 22 20 5c 22 29 29 7d 3b 5c 6e 76 61 72 20 61 66 3b 5f 2e 24 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 69 66 28 5f 2e 51 62 5c 75 30 30 32 36 5c 75 30 30 32 36 65 29 72 65 74 75 72 6e 20 5f 2e 59 65 28 61 29 3b 69 66 28 65 5c 75 30 30 32 36 5c 75 30 30 32 Data Ascii: nction(a,b){a.classList?Array.prototype.forEach.call(b,function(c){_.We(a,c)}):Ue(a,Array.prototype.filter.call(Te(a),function(c){return!_.ye(b,c)}).join(\" \"))};\nvar af;_.$e\u003dfunction(a,b,c,d,e,f){if(_.Qb\u0026\u0026e)return _.Ye(a);if(e\u0026\u002
2022-12-09 04:34:45 UTC	72	IN	Data Raw: 30 30 33 64 61 66 28 61 29 3b 65 6c 73 65 20 69 66 28 5f 2e 51 62 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 50 62 29 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 20 39 33 3a 61 5c 75 30 30 33 64 39 31 7d 72 65 74 75 72 6e 20 61 7d 3b 5c 6e 61 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 20 36 31 3a 72 65 74 75 72 6e 20 31 38 37 3b 63 61 73 65 20 35 39 3a 72 65 74 75 72 6e 20 31 38 36 3b 63 61 73 65 20 31 37 33 3a 72 65 74 75 72 6e 20 31 38 39 3b 63 61 73 65 20 32 32 34 3a 72 65 74 75 72 6e 20 39 31 3b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 20 32 32 34 3b 64 65 66 61 75 6c 74 3a 72 65 74 75 72 6e 20 61 7d 7d 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 Data Ascii: 003daf(a);else if(_.Qb\u0026\u0026_.Pb)switch(a){case 93:a\u003d91}return a};\naf\u003dfunction(a){switch(a){case 61:return 187;case 59:return 186;case 173:return 189;case 224:return 91;case 0:return 224;default:return a}};\n\n}catch(e){_._DumpException(e
2022-12-09 04:34:45 UTC	73	IN	Data Raw: 69 73 2e 63 68 61 72 43 6f 64 65 5c 75 30 30 33 64 74 68 69 73 2e 6b 65 79 43 6f 64 65 5c 75 30 30 33 64 30 3b 74 68 69 73 2e 6d 65 74 61 4b 65 79 5c 75 30 30 33 64 74 68 69 73 2e 73 68 69 66 74 4b 65 79 5c 75 30 30 33 64 74 68 69 73 2e 61 6c 74 4b 65 79 5c 75 30 30 33 64 74 68 69 73 2e 63 74 72 6c 4b 65 79 5c 75 30 30 33 64 21 31 3b 74 68 69 73 2e 73 74 61 74 65 5c 75 30 30 33 64 6e 75 6c 6c 3b 74 68 69 73 2e 70 6f 69 6e 74 65 72 49 64 5c 75 30 30 33 64 30 3b 74 68 69 73 2e 70 6f 69 6e 74 65 72 54 79 70 65 5c 75 30 30 33 64 5c 22 5c 22 3b 74 68 69 73 2e 61 62 5c 75 30 30 33 64 6e 75 6c 6c 3b 61 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 69 6e 69 74 28 61 2c 62 29 7d 3b 5f 2e 42 28 5f 2e 6b 66 2c 5f 2e 6a 66 29 3b 76 61 72 20 6c 66 5c 75 30 30 33 Data Ascii: is.charCode\u003dthis.keyCode\u003d0;this.metaKey\u003dthis.shiftKey\u003dthis.altKey\u003dthis.ctrlKey\u003d!1;this.state\u003dnull;this.pointerId\u003d0;this.pointerType\u003d\"\";this.ab\u003dnull;a\u0026\u0026this.init(a,b)};_.B(_.kf,_.jf);var lf\u003
2022-12-09 04:34:45 UTC	75	IN	Data Raw: 61 72 43 6f 64 65 7c 7c 28 5c 22 6b 65 79 70 72 65 73 73 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 63 3f 61 2e 6b 65 79 43 6f 64 65 3a 30 29 3b 74 68 69 73 2e 63 74 72 6c 4b 65 79 5c 75 30 30 33 64 61 2e 63 74 72 6c 4b 65 79 3b 74 68 69 73 2e 61 6c 74 4b 65 79 5c 75 30 30 33 64 61 2e 61 6c 74 4b 65 79 3b 74 68 69 73 2e 73 68 69 66 74 4b 65 79 5c 75 30 30 33 64 61 2e 73 68 69 66 74 4b 65 79 3b 74 68 69 73 2e 6d 65 74 61 4b 65 79 5c 75 30 30 33 64 61 2e 6d 65 74 61 4b 65 79 3b 74 68 69 73 2e 70 6f 69 6e 74 65 72 49 64 5c 75 30 30 33 64 61 2e 70 6f 69 6e 74 65 72 49 64 7c 7c 30 3b 74 68 69 73 2e 70 6f 69 6e 74 65 72 54 79 70 65 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 6e 74 79 70 65 6f 66 20 61 Data Ascii: arCode\|\|(\"keypress\"\u003d\u003dc?a.keyCode:0);this.ctrlKey\u003da.ctrlKey;this.altKey\u003da.altKey;this.shiftKey\u003da.shiftKey;this.metaKey\u003da.metaKey;this.pointerId\u003da.pointerId\|\|0;this.pointerType\u003d\"string\"\u003d\u003d\u003d\ntypeof a
2022-12-09 04:34:45 UTC	76	IN	Data Raw: 5c 75 30 30 33 63 67 3f 28 62 5c 75 30 30 33 64 61 5b 67 5d 2c 63 7c 7c 28 62 2e 4e 64 5c 75 30 30 33 64 21 31 29 29 3a 28 62 5c 75 30 30 33 64 6e 65 77 20 70 66 28 62 2c 74 68 69 73 2e 73 72 63 2c 66 2c 21 21 64 2c 65 29 2c 62 2e 4e 64 5c 75 30 30 33 64 63 2c 61 2e 70 75 73 68 28 62 29 29 3b 72 65 74 75 72 6e 20 62 7d 3b 5f 2e 72 66 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 6d 6f 76 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 61 5c 75 30 30 33 64 61 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 21 28 61 20 69 6e 20 74 68 69 73 2e 6a 29 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 5c 75 30 30 33 64 74 68 69 73 2e 6a 5b 61 5d 3b 62 5c 75 30 30 33 64 73 66 28 65 2c 62 2c 63 2c 64 29 3b 72 65 74 75 72 6e 2d 31 5c 75 30 30 33 63 62 Data Ascii: \u003cg?(b\u003da[g],c\|\|(b.Nd\u003d!1)):(b\u003dnew pf(b,this.src,f,!!d,e),b.Nd\u003dc,a.push(b));return b};_.rf.prototype.remove\u003dfunction(a,b,c,d){a\u003da.toString();if(!(a in this.j))return!1;var e\u003dthis.j[a];b\u003dsf(e,b,c,d);return-1\u003cb
2022-12-09 04:34:45 UTC	77	IN	Data Raw: 31 64 63 0d 0a 21 5c 75 30 30 33 64 62 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 29 7d 3b 76 61 72 20 73 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 66 6f 72 28 76 61 72 20 65 5c 75 30 30 33 64 30 3b 65 5c 75 30 30 33 63 61 2e 6c 65 6e 67 74 68 3b 2b 2b 65 29 7b 76 61 72 20 66 5c 75 30 30 33 64 61 5b 65 5d 3b 69 66 28 21 66 2e 46 64 5c 75 30 30 32 36 5c 75 30 30 32 36 66 2e 6c 69 73 74 65 6e 65 72 5c 75 30 30 33 64 5c 75 30 30 33 64 62 5c 75 30 30 32 36 5c 75 30 30 32 36 66 2e 63 61 70 74 75 72 65 5c 75 30 30 33 64 5c 75 30 30 33 64 21 21 63 5c 75 30 30 32 36 5c 75 30 30 32 36 66 2e 57 64 5c 75 30 30 33 64 5c 75 30 30 33 64 64 29 72 65 74 75 72 6e 20 65 7d 72 65 74 75 72 6e 2d 31 7d 3b 5c 6e 76 61 72 20 75 Data Ascii: 1dc!\u003db))return!0;return!1})};var sf\u003dfunction(a,b,c,d){for(var e\u003d0;e\u003ca.length;++e){var f\u003da[e];if(!f.Fd\u0026\u0026f.listener\u003d\u003db\u0026\u0026f.capture\u003d\u003d!!c\u0026\u0026f.Wd\u003d\u003dd)return e}return-1};\nvar u
2022-12-09 04:34:45 UTC	78	IN	Data Raw: 38 30 30 30 0d 0a 28 61 2c 62 5b 66 5d 2c 63 2c 64 2c 65 29 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 63 5c 75 30 30 33 64 5f 2e 79 66 28 63 29 3b 72 65 74 75 72 6e 20 5f 2e 6e 66 28 61 29 3f 61 2e 6c 69 73 74 65 6e 28 62 2c 63 2c 5f 2e 77 62 28 64 29 3f 21 21 64 2e 63 61 70 74 75 72 65 3a 21 21 64 2c 65 29 3a 7a 66 28 61 2c 62 2c 63 2c 21 31 2c 64 2c 65 29 7d 3b 5c 6e 7a 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 69 66 28 21 62 29 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 4b 5c 22 29 3b 76 61 72 20 67 5c 75 30 30 33 64 5f 2e 77 62 28 65 29 3f 21 21 65 2e 63 61 70 74 75 72 65 3a 21 21 65 2c 68 5c 75 30 30 33 64 5f 2e 41 66 28 61 29 3b 68 7c 7c 28 61 5b 75 66 5d 5c 75 30 30 33 64 68 5c 75 30 30 33 64 6e 65 77 20 5f Data Ascii: 8000(a,b[f],c,d,e);return null}c\u003d_.yf(c);return _.nf(a)?a.listen(b,c,_.wb(d)?!!d.capture:!!d,e):zf(a,b,c,!1,d,e)};\nzf\u003dfunction(a,b,c,d,e,f){if(!b)throw Error(\"K\");var g\u003d_.wb(e)?!!e.capture:!!e,h\u003d_.Af(a);h\|\|(a[uf]\u003dh\u003dnew _
2022-12-09 04:34:45 UTC	79	IN	Data Raw: 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 7c 7c 21 61 7c 7c 61 2e 46 64 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 62 5c 75 30 30 33 64 61 2e 73 72 63 3b 69 66 28 5f 2e 6e 66 28 62 29 29 72 65 74 75 72 6e 20 62 2e 76 66 28 61 29 3b 76 61 72 20 63 5c 75 30 30 33 64 61 2e 74 79 70 65 2c 64 5c 75 30 30 33 64 61 2e 70 72 6f 78 79 3b 62 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 61 2e 63 61 70 74 75 72 65 29 3a 62 2e 64 65 74 61 63 68 45 76 65 6e 74 3f 62 2e 64 65 74 61 63 68 45 76 65 6e 74 28 43 66 28 63 29 2c 64 29 3a 62 2e 61 64 64 4c 69 73 74 65 6e 65 72 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 72 65 6d 6f 76 65 4c 69 Data Ascii: \"\u003d\u003d\u003dtypeof a\|\|!a\|\|a.Fd)return!1;var b\u003da.src;if(_.nf(b))return b.vf(a);var c\u003da.type,d\u003da.proxy;b.removeEventListener?b.removeEventListener(c,d,a.capture):b.detachEvent?b.detachEvent(Cf(c),d):b.addListener\u0026\u0026b.removeLi
2022-12-09 04:34:45 UTC	80	IN	Data Raw: 64 74 68 69 73 2e 41 28 29 3b 72 65 74 75 72 6e 20 61 7d 3b 76 61 72 20 4b 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 42 28 62 29 3b 31 30 30 5c 75 30 30 33 65 61 2e 6f 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 2e 6f 2b 2b 2c 62 2e 6e 65 78 74 5c 75 30 30 33 64 61 2e 6a 2c 61 2e 6a 5c 75 30 30 33 64 62 29 7d 3b 5c 6e 76 61 72 20 4c 66 2c 4d 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 5c 75 30 30 33 64 5f 2e 6e 2e 4d 65 73 73 61 67 65 43 68 61 6e 6e 65 6c 3b 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 5c 75 30 30 32 36 5c 75 30 30 32 36 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 21 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 Data Ascii: dthis.A();return a};var Kf\u003dfunction(a,b){a.B(b);100\u003ea.o\u0026\u0026(a.o++,b.next\u003da.j,a.j\u003db)};\nvar Lf,Mf\u003dfunction(){var a\u003d_.n.MessageChannel;\"undefined\"\u003d\u003d\u003dtypeof a\u0026\u0026\"undefined\"!\u003d\u003dtypeof
2022-12-09 04:34:45 UTC	81	IN	Data Raw: 65 74 54 69 6d 65 6f 75 74 28 65 2c 30 29 7d 7d 3b 5c 6e 76 61 72 20 4e 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 5c 75 30 30 33 64 74 68 69 73 2e 6a 5c 75 30 30 33 64 6e 75 6c 6c 7d 3b 4e 66 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 4f 66 2e 67 65 74 28 29 3b 63 2e 73 65 74 28 61 2c 62 29 3b 74 68 69 73 2e 6f 3f 74 68 69 73 2e 6f 2e 6e 65 78 74 5c 75 30 30 33 64 63 3a 74 68 69 73 2e 6a 5c 75 30 30 33 64 63 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 63 7d 3b 4e 66 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 6d 6f 76 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 74 68 69 73 2e 6a 5c 75 30 Data Ascii: etTimeout(e,0)}};\nvar Nf\u003dfunction(){this.o\u003dthis.j\u003dnull};Nf.prototype.add\u003dfunction(a,b){var c\u003dOf.get();c.set(a,b);this.o?this.o.next\u003dc:this.j\u003dc;this.o\u003dc};Nf.prototype.remove\u003dfunction(){var a\u003dnull;this.j\u0
2022-12-09 04:34:45 UTC	83	IN	Data Raw: 61 6c 6c 28 61 2e 73 63 6f 70 65 29 7d 63 61 74 63 68 28 62 29 7b 48 66 28 62 29 7d 4b 66 28 4f 66 2c 61 29 7d 52 66 5c 75 30 30 33 64 21 31 7d 3b 5c 6e 5f 2e 57 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 72 65 74 75 72 6e 21 21 61 2e 24 67 6f 6f 67 5f 54 68 65 6e 61 62 6c 65 7d 63 61 74 63 68 28 62 29 7b 72 65 74 75 72 6e 21 31 7d 7d 3b 5c 6e 76 61 72 20 61 67 2c 68 67 2c 6d 67 2c 6c 67 2c 6e 67 3b 5f 2e 24 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6a 5c 75 30 30 33 64 30 3b 74 68 69 73 2e 46 5c 75 30 30 33 64 76 6f 69 64 20 30 3b 74 68 69 73 2e 42 5c 75 30 30 33 64 74 68 69 73 2e 6f 5c 75 30 30 33 64 74 68 69 73 2e 41 5c 75 30 30 33 64 6e 75 6c 6c 3b 74 Data Ascii: all(a.scope)}catch(b){Hf(b)}Kf(Of,a)}Rf\u003d!1};\n_.Wf\u003dfunction(a){if(!a)return!1;try{return!!a.$goog_Thenable}catch(b){return!1}};\nvar ag,hg,mg,lg,ng;_.$f\u003dfunction(a){this.j\u003d0;this.F\u003dvoid 0;this.B\u003dthis.o\u003dthis.A\u003dnull;t
2022-12-09 04:34:45 UTC	84	IN	Data Raw: 63 2e 6f 29 7b 66 6f 72 28 76 61 72 20 64 5c 75 30 30 33 64 30 2c 65 5c 75 30 30 33 64 6e 75 6c 6c 2c 66 5c 75 30 30 33 64 6e 75 6c 6c 2c 67 5c 75 30 30 33 64 63 2e 6f 3b 67 5c 75 30 30 32 36 5c 75 30 30 32 36 28 67 2e 43 7c 7c 28 64 2b 2b 2c 67 2e 6a 5c 75 30 30 33 64 5c 75 30 30 33 64 61 5c 75 30 30 32 36 5c 75 30 30 32 36 28 65 5c 75 30 30 33 64 67 29 2c 21 28 65 5c 75 30 30 32 36 5c 75 30 30 32 36 31 5c 75 30 30 33 63 64 29 29 29 3b 67 5c 75 30 30 33 64 67 2e 6e 65 78 74 29 65 7c 7c 28 66 5c 75 30 30 33 64 67 29 3b 65 5c 75 30 30 32 36 5c 75 30 30 32 36 28 30 5c 75 30 30 33 64 5c 75 30 30 33 64 63 2e 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 31 5c 75 30 30 33 64 5c 75 30 30 33 64 64 3f 66 67 28 63 2c 62 29 3a 28 66 3f 28 64 5c 75 30 30 33 64 66 2c 64 2e Data Ascii: c.o){for(var d\u003d0,e\u003dnull,f\u003dnull,g\u003dc.o;g\u0026\u0026(g.C\|\|(d++,g.j\u003d\u003da\u0026\u0026(e\u003dg),!(e\u0026\u00261\u003cd)));g\u003dg.next)e\|\|(f\u003dg);e\u0026\u0026(0\u003d\u003dc.j\u0026\u00261\u003d\u003dd?fg(c,b):(f?(d\u003df,d.
2022-12-09 04:34:45 UTC	85	IN	Data Raw: 69 66 28 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 68 29 7b 6b 67 28 64 2c 68 2c 65 2c 66 2c 61 29 3b 67 5c 75 30 30 33 64 21 30 3b 62 72 65 61 6b 20 61 7d 7d 63 61 74 63 68 28 6c 29 7b 66 2e 63 61 6c 6c 28 61 2c 6c 29 3b 67 5c 75 30 30 33 64 21 30 3b 62 72 65 61 6b 20 61 7d 67 5c 75 30 30 33 64 21 31 7d 7d 67 7c 7c 28 61 2e 46 5c 75 30 30 33 64 63 2c 61 2e 6a 5c 75 30 30 33 64 62 2c 61 2e 41 5c 75 30 30 33 64 6e 75 6c 6c 2c 69 67 28 61 29 2c 33 21 5c 75 30 30 33 64 62 7c 7c 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 65 67 7c 7c 6c 67 28 61 2c 63 29 29 7d 7d 2c 6b 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 76 61 72 20 66 5c 75 30 30 33 64 21 31 2c Data Ascii: if(\"function\"\u003d\u003d\u003dtypeof h){kg(d,h,e,f,a);g\u003d!0;break a}}catch(l){f.call(a,l);g\u003d!0;break a}g\u003d!1}}g\|\|(a.F\u003dc,a.j\u003db,a.A\u003dnull,ig(a),3!\u003db\|\|c instanceof _.eg\|\|lg(a,c))}},kg\u003dfunction(a,b,c,d,e){var f\u003d!1,
2022-12-09 04:34:45 UTC	86	IN	Data Raw: 63 74 69 6f 6e 28 61 29 7b 61 5c 75 30 30 32 36 5c 75 30 30 32 36 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 2e 74 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 74 61 28 29 7d 3b 5f 2e 70 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 20 69 6e 20 61 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 71 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 5f 2e 42 65 28 5f 2e 6f 67 2c 62 29 3b 61 2e 48 62 3f 62 28 29 3a 28 61 2e 4d 61 7c 7c 28 61 2e 4d 61 5c 75 30 30 33 64 5b 5d 29 2c 61 2e 4d 61 2e 70 75 73 68 28 62 29 29 7d 3b 5f 2e 72 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 Data Ascii: ction(a){a\u0026\u0026\"function\"\u003d\u003dtypeof a.ta\u0026\u0026a.ta()};_.pg\u003dfunction(a){for(var b in a)return!1;return!0};_.qg\u003dfunction(a,b){b\u003d_.Be(_.og,b);a.Hb?b():(a.Ma\|\|(a.Ma\u003d[]),a.Ma.push(b))};_.rg\u003dfunction(a){var b\u003
2022-12-09 04:34:45 UTC	87	IN	Data Raw: 67 74 68 2c 62 2e 6c 65 6e 67 74 68 29 2c 65 5c 75 30 30 33 64 30 3b 30 5c 75 30 30 33 64 5c 75 30 30 33 64 63 5c 75 30 30 32 36 5c 75 30 30 32 36 65 5c 75 30 30 33 63 64 3b 65 2b 2b 29 7b 76 61 72 20 66 5c 75 30 30 33 64 61 5b 65 5d 7c 7c 5c 22 5c 22 2c 67 5c 75 30 30 33 64 62 5b 65 5d 7c 7c 5c 22 5c 22 3b 64 6f 7b 66 5c 75 30 30 33 64 2f 28 5c 5c 64 2a 29 28 5c 5c 44 2a 29 28 2e 2a 29 2f 2e 65 78 65 63 28 66 29 7c 7c 5b 5c 22 5c 22 2c 5c 22 5c 22 2c 5c 22 5c 22 2c 5c 22 5c 22 5d 3b 67 5c 75 30 30 33 64 2f 28 5c 5c 64 2a 29 28 5c 5c 44 2a 29 28 2e 2a 29 2f 2e 65 78 65 63 28 67 29 7c 7c 5b 5c 22 5c 22 2c 5c 22 5c 22 2c 5c 22 5c 22 2c 5c 22 5c 22 5d 3b 69 66 28 30 5c 75 30 30 33 64 5c 75 30 30 33 64 66 5b 30 5d 2e 6c 65 6e 67 74 68 5c 75 30 30 32 36 5c 75 Data Ascii: gth,b.length),e\u003d0;0\u003d\u003dc\u0026\u0026e\u003cd;e++){var f\u003da[e]\|\|\"\",g\u003db[e]\|\|\"\";do{f\u003d/(\\d)(\\D)(.)/.exec(f)\|\|[\"\",\"\",\"\",\"\"];g\u003d/(\\d)(\\D)(.)/.exec(g)\|\|[\"\",\"\",\"\",\"\"];if(0\u003d\u003df[0].length\u0026\u
2022-12-09 04:34:45 UTC	89	IN	Data Raw: 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 61 7d 3b 5f 2e 4a 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 76 61 72 20 62 5c 75 30 30 33 64 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 6e 6f 64 65 4e 61 6d 65 3f 62 3a 6e 75 6c 6c 7d 63 61 74 63 68 28 63 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 7d 3b 4b 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6a 5c 75 30 30 33 64 61 7c 7c 5f 2e 6e 2e 64 6f 63 75 6d 65 6e 74 7c 7c 64 6f 63 75 6d 65 6e 74 7d 3b 5f 2e 6b 5c 75 30 30 33 64 4b 67 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6b 2e 4a 5c 75 30 30 33 64 66 75 6e Data Ascii: arentNode;return b\u003d\u003da};_.Jg\u003dfunction(a){try{var b\u003da\u0026\u0026a.activeElement;return b\u0026\u0026b.nodeName?b:null}catch(c){return null}};Kg\u003dfunction(a){this.j\u003da\|\|_.n.document\|\|document};_.k\u003dKg.prototype;_.k.J\u003dfun
2022-12-09 04:34:45 UTC	90	IN	Data Raw: 75 30 30 33 63 5c 75 30 30 33 64 66 3b 66 2d 2d 29 7b 76 61 72 20 67 5c 75 30 30 33 64 61 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 5c 75 30 30 33 64 62 5b 66 5d 3b 65 5c 75 30 30 33 64 4d 67 28 67 2c 64 2c 21 30 2c 61 29 5c 75 30 30 32 36 5c 75 30 30 32 36 65 7d 61 2e 6a 7c 7c 28 67 5c 75 30 30 33 64 61 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 5c 75 30 30 33 64 63 2c 65 5c 75 30 30 33 64 4d 67 28 67 2c 64 2c 21 30 2c 61 29 5c 75 30 30 32 36 5c 75 30 30 32 36 65 2c 61 2e 6a 7c 7c 28 65 5c 75 30 30 33 64 4d 67 28 67 2c 64 2c 21 31 2c 61 29 5c 75 30 30 32 36 5c 75 30 30 32 36 65 29 29 3b 69 66 28 62 29 66 6f 72 28 66 5c 75 30 30 33 64 30 3b 21 61 2e 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 66 5c 75 30 30 33 63 62 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 67 5c 75 Data Ascii: u003c\u003df;f--){var g\u003da.currentTarget\u003db[f];e\u003dMg(g,d,!0,a)\u0026\u0026e}a.j\|\|(g\u003da.currentTarget\u003dc,e\u003dMg(g,d,!0,a)\u0026\u0026e,a.j\|\|(e\u003dMg(g,d,!1,a)\u0026\u0026e));if(b)for(f\u003d0;!a.j\u0026\u0026f\u003cb.length;f++)g\u
2022-12-09 04:34:45 UTC	91	IN	Data Raw: 73 74 65 6e 65 72 28 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 53 74 72 69 6e 67 28 61 29 3a 76 6f 69 64 20 30 2c 62 29 7d 3b 5c 6e 5f 2e 4e 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 4f 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 61 7c 7c 31 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 62 7c 7c 5f 2e 6e 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 74 68 69 73 2e 66 6b 2c 74 68 69 73 29 3b 74 68 69 73 2e 42 5c 75 30 30 33 64 44 61 74 65 2e 6e 6f 77 28 29 7d 3b 5f 2e 42 28 5f 2e 4e 67 2c 5f 2e 4f 29 3b 5f 2e 6b 5c 75 30 30 33 64 5f 2e 4e 67 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6b 2e 55 62 5c 75 30 30 33 64 21 31 3b 5f 2e 6b 2e 45 62 5c 75 30 30 33 64 6e 75 6c 6c 3b 5f Data Ascii: stener(void 0!\u003d\u003da?String(a):void 0,b)};\n_.Ng\u003dfunction(a,b){_.O.call(this);this.o\u003da\|\|1;this.j\u003db\|\|_.n;this.A\u003d(0,_.z)(this.fk,this);this.B\u003dDate.now()};_.B(_.Ng,_.O);_.k\u003d_.Ng.prototype;_.k.Ub\u003d!1;_.k.Eb\u003dnull;_
2022-12-09 04:34:45 UTC	92	IN	Data Raw: 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 54 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 4f 5c 75 30 30 33 64 7b 7d 7d 3b 5f 2e 42 28 5f 2e 50 2c 5f 2e 48 29 3b 76 61 72 20 51 67 5c 75 30 30 33 64 5b 5d 3b 5f 2e 50 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 69 73 74 65 6e 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 52 67 28 74 68 69 73 2c 61 2c 62 2c 63 2c 64 29 7d 3b 5f 2e 50 2e 70 72 6f 74 6f 74 79 70 65 2e 42 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 72 65 74 75 72 6e 20 52 67 28 74 68 69 73 2c 61 2c 62 2c 63 2c 64 2c 65 29 7d 3b 76 61 72 20 52 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 63 29 7c 7c Data Ascii: l(this);this.T\u003da;this.O\u003d{}};_.B(_.P,_.H);var Qg\u003d[];_.P.prototype.listen\u003dfunction(a,b,c,d){return Rg(this,a,b,c,d)};_.P.prototype.B\u003dfunction(a,b,c,d,e){return Rg(this,a,b,c,d,e)};var Rg\u003dfunction(a,b,c,d,e,f){Array.isArray(c)\|\|
2022-12-09 04:34:45 UTC	94	IN	Data Raw: 45 76 65 6e 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 4f 5c 22 29 3b 7d 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 56 67 2c 5a 67 2c 64 68 2c 65 68 3b 5f 2e 55 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5b 5d 2c 63 5c 75 30 30 33 64 30 2c 64 3b 66 6f 72 28 64 20 69 6e 20 61 29 62 5b 63 2b 2b 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 62 7d 3b 56 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 32 5c 75 30 30 33 65 5c 75 30 30 33 64 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3f 41 72 72 61 79 2e 70 72 Data Ascii: Event\u003dfunction(){throw Error(\"O\");};\n\n}catch(e){_._DumpException(e)}\ntry{\nvar Vg,Zg,dh,eh;_.Ug\u003dfunction(a){var b\u003d[],c\u003d0,d;for(d in a)b[c++]\u003da[d];return b};Vg\u003dfunction(a,b,c){return 2\u003e\u003darguments.length?Array.pr
2022-12-09 04:34:45 UTC	95	IN	Data Raw: 73 74 43 68 69 6c 64 29 3b 61 2e 66 69 72 73 74 43 68 69 6c 64 2e 64 61 74 61 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 7d 65 6c 73 65 20 5f 2e 4c 65 28 61 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 5f 2e 4e 65 28 61 29 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 53 74 72 69 6e 67 28 62 29 29 29 7d 3b 64 68 5c 75 30 30 33 64 7b 53 43 52 49 50 54 3a 31 2c 53 54 59 4c 45 3a 31 2c 48 45 41 44 3a 31 2c 49 46 52 41 4d 45 3a 31 2c 4f 42 4a 45 43 54 3a 31 7d 3b 65 68 5c 75 30 30 33 64 7b 49 4d 47 3a 5c 22 20 5c 22 2c 42 52 3a 5c 22 5c 5c 6e 5c 22 7d 3b 5c 6e 5f 2e 66 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 28 61 2e 6e 6f 64 65 4e 61 6d 65 20 69 6e 20 64 68 29 29 69 66 28 33 5c 75 30 30 33 64 5c 75 30 30 33 64 Data Ascii: stChild);a.firstChild.data\u003dString(b)}else _.Le(a),a.appendChild(_.Ne(a).createTextNode(String(b)))};dh\u003d{SCRIPT:1,STYLE:1,HEAD:1,IFRAME:1,OBJECT:1};eh\u003d{IMG:\" \",BR:\"\\n\"};\n_.fh\u003dfunction(a,b,c){if(!(a.nodeName in dh))if(3\u003d\u003d
2022-12-09 04:34:45 UTC	96	IN	Data Raw: 70 75 74 65 64 53 74 79 6c 65 28 61 2c 6e 75 6c 6c 29 29 3f 61 5b 62 5d 7c 7c 61 2e 67 65 74 50 72 6f 70 65 72 74 79 56 61 6c 75 65 28 62 29 7c 7c 5c 22 5c 22 3a 5c 22 5c 22 7d 3b 5f 2e 6d 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 6c 68 28 61 2c 62 29 7c 7c 28 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3f 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 5b 62 5d 3a 6e 75 6c 6c 29 7c 7c 61 2e 73 74 79 6c 65 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 73 74 79 6c 65 5b 62 5d 7d 3b 5f 2e 6e 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 61 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 7d 63 61 74 63 68 28 62 29 7b 72 65 74 75 72 6e 7b 6c 65 66 74 3a 30 Data Ascii: putedStyle(a,null))?a[b]\|\|a.getPropertyValue(b)\|\|\"\":\"\"};_.mh\u003dfunction(a,b){return _.lh(a,b)\|\|(a.currentStyle?a.currentStyle[b]:null)\|\|a.style\u0026\u0026a.style[b]};_.nh\u003dfunction(a){try{return a.getBoundingClientRect()}catch(b){return{left:0
2022-12-09 04:34:45 UTC	97	IN	Data Raw: 28 29 7b 7d 3b 5f 2e 75 68 2e 4d 63 5c 75 30 30 33 64 76 6f 69 64 20 30 3b 5f 2e 75 68 2e 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 75 68 2e 4d 63 3f 5f 2e 75 68 2e 4d 63 3a 5f 2e 75 68 2e 4d 63 5c 75 30 30 33 64 6e 65 77 20 5f 2e 75 68 7d 3b 5f 2e 75 68 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 5c 75 30 30 33 64 30 3b 5f 2e 76 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 5c 22 3a 5c 22 2b 28 61 2e 6a 2b 2b 29 2e 74 6f 53 74 72 69 6e 67 28 33 36 29 7d 3b 5c 6e 76 61 72 20 77 68 3b 5f 2e 78 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4f 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 61 7c 7c 5f 2e 4c 67 28 29 3b 74 68 69 73 2e 68 61 5c 75 30 30 33 64 Data Ascii: (){};_.uh.Mc\u003dvoid 0;_.uh.j\u003dfunction(){return _.uh.Mc?_.uh.Mc:_.uh.Mc\u003dnew _.uh};_.uh.prototype.j\u003d0;_.vh\u003dfunction(a){return\":\"+(a.j++).toString(36)};\nvar wh;_.xh\u003dfunction(a){_.O.call(this);this.A\u003da\|\|_.Lg();this.ha\u003d
2022-12-09 04:34:45 UTC	98	IN	Data Raw: 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6a 5c 75 30 30 33 64 61 7d 3b 5f 2e 6b 2e 50 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 47 61 5c 75 30 30 33 64 21 30 3b 5f 2e 42 68 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 21 61 2e 47 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 4a 28 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 50 61 28 29 7d 29 7d 3b 5c 6e 5f 2e 6b 2e 50 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 42 68 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 47 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 50 62 28 29 7d 29 3b 74 68 69 73 2e 4c 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 54 67 28 74 68 69 73 2e 4c 29 3b 74 68 69 73 2e 47 61 5c 75 30 30 33 64 21 31 7d 3b 5f 2e Data Ascii: dfunction(a){this.j\u003da};_.k.Pa\u003dfunction(){this.Ga\u003d!0;_.Bh(this,function(a){!a.Ga\u0026\u0026a.J()\u0026\u0026a.Pa()})};\n_.k.Pb\u003dfunction(){_.Bh(this,function(a){a.Ga\u0026\u0026a.Pb()});this.L\u0026\u0026_.Tg(this.L);this.Ga\u003d!1};_.
2022-12-09 04:34:45 UTC	100	IN	Data Raw: 21 61 2e 47 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 6a 2e 70 61 72 65 6e 74 4e 6f 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 31 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 6a 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 6e 6f 64 65 54 79 70 65 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 50 61 28 29 7d 3b 5f 2e 43 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 43 3f 61 2e 43 2e 6c 65 6e 67 74 68 3a 30 7d 3b 5f 2e 44 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 43 3f 61 2e 43 5b 62 5d 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 7d 3b 5f 2e 42 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 43 5c 75 30 30 32 36 5c 75 30 30 32 Data Ascii: !a.Ga\u0026\u0026a.j\u0026\u0026a.j.parentNode\u0026\u00261\u003d\u003da.j.parentNode.nodeType\u0026\u0026a.Pa()};_.Ch\u003dfunction(a){return a.C?a.C.length:0};_.Dh\u003dfunction(a,b){return a.C?a.C[b]\|\|null:null};_.Bh\u003dfunction(a,b,c){a.C\u0026\u002
2022-12-09 04:34:45 UTC	101	IN	Data Raw: 60 5c 22 2b 62 29 29 3b 72 65 74 75 72 6e 20 64 7d 3b 5f 2e 47 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 62 2e 61 70 70 6c 79 28 63 2c 61 72 67 75 6d 65 6e 74 73 29 7d 63 61 74 63 68 28 64 29 7b 61 2e 6c 6f 67 28 64 29 7d 7d 7d 3b 5c 6e 5f 2e 49 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 64 5c 75 30 30 33 64 5f 2e 47 68 28 61 2c 64 2c 66 29 3b 61 5c 75 30 30 33 64 5f 2e 4e 28 62 2c 63 2c 64 2c 65 2c 66 29 3b 5f 2e 48 68 28 62 2c 63 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 48 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 6c 65 6d 65 Data Ascii: `\"+b));return d};_.Gh\u003dfunction(a,b,c){return function(){try{return b.apply(c,arguments)}catch(d){a.log(d)}}};\n_.Ih\u003dfunction(a,b,c,d,e,f){d\u003d_.Gh(a,d,f);a\u003d_.N(b,c,d,e,f);_.Hh(b,c);return a};_.Hh\u003dfunction(a,b){if(a instanceof Eleme
2022-12-09 04:34:45 UTC	102	IN	Data Raw: 4e 61 6d 65 28 5c 22 2a 5c 22 29 3b 69 66 28 62 29 7b 76 61 72 20 66 5c 75 30 30 33 64 7b 7d 3b 66 6f 72 28 63 5c 75 30 30 33 64 64 5c 75 30 30 33 64 30 3b 61 5c 75 30 30 33 64 65 5b 63 5d 3b 63 2b 2b 29 7b 76 61 72 20 67 5c 75 30 30 33 64 61 2e 63 6c 61 73 73 4e 61 6d 65 3b 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 67 2e 73 70 6c 69 74 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 79 65 28 67 2e 73 70 6c 69 74 28 2f 5c 5c 73 2b 2f 29 2c 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 66 5b 64 2b 2b 5d 5c 75 30 30 33 64 61 29 7d 66 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 64 3b 72 65 74 75 72 6e 20 66 7d 72 65 74 75 72 6e 20 65 7d 3b 5f 2e 50 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 Data Ascii: Name(\"*\");if(b){var f\u003d{};for(c\u003dd\u003d0;a\u003de[c];c++){var g\u003da.className;\"function\"\u003d\u003dtypeof g.split\u0026\u0026_.ye(g.split(/\\s+/),b)\u0026\u0026(f[d++]\u003da)}f.length\u003dd;return f}return e};_.Ph\u003dfunction(a,b){var
2022-12-09 04:34:45 UTC	103	IN	Data Raw: 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 5c 22 63 6c 69 63 6b 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 67 2e 74 79 70 65 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 4a 68 28 67 29 3f 68 2e 63 61 6c 6c 28 64 2c 67 29 3a 31 33 21 5c 75 30 30 33 64 67 2e 6b 65 79 43 6f 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 33 21 5c 75 30 30 33 64 67 2e 6b 65 79 43 6f 64 65 7c 7c 5c 22 6b 65 79 75 70 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 67 2e 74 79 70 65 3f 33 32 21 5c 75 30 30 33 64 67 2e 6b 65 79 43 6f 64 65 7c 7c 5c 22 62 75 74 74 6f 6e 5c 22 21 5c 75 30 30 33 64 6c 5c 75 30 30 32 36 5c 75 30 30 32 36 5c 22 74 61 62 5c 22 21 5c 75 30 30 33 64 6c 5c 75 30 30 32 36 5c 75 30 30 32 36 5c 22 72 61 64 69 6f 5c 22 21 5c 75 30 30 33 64 6c 7c 7c 28 5c 22 6b 65 79 75 70 5c 22 5c Data Ascii: \|\|null:null;\"click\"\u003d\u003dg.type\u0026\u0026_.Jh(g)?h.call(d,g):13!\u003dg.keyCode\u0026\u00263!\u003dg.keyCode\|\|\"keyup\"\u003d\u003dg.type?32!\u003dg.keyCode\|\|\"button\"!\u003dl\u0026\u0026\"tab\"!\u003dl\u0026\u0026\"radio\"!\u003dl\|\|(\"keyup\"\
2022-12-09 04:34:45 UTC	105	IN	Data Raw: 3b 63 5c 75 30 30 33 64 5f 2e 50 2e 70 72 6f 74 6f 74 79 70 65 2e 42 2e 63 61 6c 6c 28 74 68 69 73 2c 61 2c 62 2c 63 2c 64 2c 65 29 3b 5f 2e 48 68 28 61 2c 56 68 28 62 29 29 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 20 5f 2e 50 2e 70 72 6f 74 6f 74 79 70 65 2e 42 2e 63 61 6c 6c 28 74 68 69 73 2c 61 2c 62 2c 63 2c 64 2c 65 29 7d 3b 5f 2e 55 68 2e 70 72 6f 74 6f 74 79 70 65 2e 53 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 69 66 28 63 29 7b 69 66 28 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 21 5c 75 30 30 33 64 74 79 70 65 6f 66 20 63 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 5c 22 57 5c 22 29 3b 63 5c 75 30 30 33 64 5f 2e 47 68 28 74 68 69 73 2e 43 2c 63 2c 74 68 69 73 2e 58 61 29 3b 63 5c 75 30 30 33 64 Data Ascii: ;c\u003d_.P.prototype.B.call(this,a,b,c,d,e);_.Hh(a,Vh(b));return c}return _.P.prototype.B.call(this,a,b,c,d,e)};_.Uh.prototype.Sa\u003dfunction(a,b,c,d){if(c){if(\"function\"!\u003dtypeof c)throw new TypeError(\"W\");c\u003d_.Gh(this.C,c,this.Xa);c\u003d
2022-12-09 04:34:45 UTC	106	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 69 28 61 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 31 5c 75 30 30 33 64 5c 75 30 30 33 64 62 2e 6e 6f 64 65 54 79 70 65 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 62 69 28 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 21 24 68 28 62 29 7d 29 3a 5b 5d 7d 3b 5f 2e 64 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 69 66 28 6e 75 6c 6c 21 5c 75 30 30 33 64 61 29 66 6f 72 28 61 5c 75 30 30 33 64 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 61 3b 29 7b 69 66 28 62 28 61 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 63 2e 70 75 73 68 28 61 29 2c 64 29 7c 7c 5f 2e 64 69 28 61 2c 62 2c 63 2c 64 29 29 72 65 74 75 72 6e 21 30 3b 61 5c 75 30 30 33 64 61 2e 6e 65 78 74 53 Data Ascii: function(a){return a?ai(a,function(b){return 1\u003d\u003db.nodeType\u0026\u0026_.bi(b)\u0026\u0026!$h(b)}):[]};_.di\u003dfunction(a,b,c,d){if(null!\u003da)for(a\u003da.firstChild;a;){if(b(a)\u0026\u0026(c.push(a),d)\|\|_.di(a,b,c,d))return!0;a\u003da.nextS
2022-12-09 04:34:45 UTC	107	IN	Data Raw: 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 66 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 5c 22 5c 22 3a 53 74 72 69 6e 67 28 61 29 7d 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 67 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 48 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 43 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 6e 75 6c 6c 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 44 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 Data Ascii: e){_._DumpException(e)}\ntry{\n_.fi\u003dfunction(a){return null\u003d\u003da?\"\":String(a)};\n\n}catch(e){_._DumpException(e)}\ntry{\nvar gi\u003dfunction(a){_.H.call(this);this.C\u003da;this.A\u003dnull;this.o\u003d{};this.D\u003d{};this.j\u003d{};this
2022-12-09 04:34:45 UTC	108	IN	Data Raw: 72 20 70 69 2c 72 69 2c 73 69 2c 75 69 2c 76 69 2c 77 69 2c 7a 69 2c 41 69 2c 44 69 2c 48 69 2c 49 69 2c 4a 69 3b 5f 2e 6a 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5c 75 30 30 32 36 5c 75 30 30 32 36 62 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 4e 68 28 61 2c 61 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 28 5b 3f 5c 75 30 30 32 36 5d 28 63 6f 6e 74 69 6e 75 65 7c 66 6f 6c 6c 6f 77 75 70 29 5c 75 30 30 33 64 29 5b 5e 5c 75 30 30 32 36 5d 2a 2f 67 2c 5c 22 24 31 5c 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 29 29 29 7d 3b 5f 2e 6f 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 41 28 5c 22 67 62 61 72 2e 49 5c 22 2c 5f 2e 6b 69 29 3b 5f 2e 6b 69 2e 70 72 6f 74 6f 74 79 70 65 2e 69 61 5c 75 30 30 Data Ascii: r pi,ri,si,ui,vi,wi,zi,Ai,Di,Hi,Ii,Ji;_.ji\u003dfunction(a,b){a\u0026\u0026b\u0026\u0026_.Nh(a,a.href.replace(/([?\u0026](continue\|followup)\u003d)[^\u0026]*/g,\"$1\"+encodeURIComponent(b)))};_.oi\u003dfunction(){_.A(\"gbar.I\",_.ki);_.ki.prototype.ia\u00
2022-12-09 04:34:45 UTC	109	IN	Data Raw: 5c 22 5c 22 21 5c 75 30 30 33 64 63 3f 63 2b 5c 22 20 32 78 20 5c 22 3a 5c 22 5c 22 2c 5c 22 5c 22 21 5c 75 30 30 33 64 62 5c 75 30 30 32 36 5c 75 30 30 32 36 28 63 5c 75 30 30 33 64 63 2b 28 5c 22 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 63 3f 5c 22 5c 22 3a 5c 22 2c 5c 22 29 2b 28 62 2b 5c 22 20 31 78 5c 22 29 29 2c 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 73 72 63 73 65 74 5c 22 2c 63 29 29 7d 7d 3b 5f 2e 74 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 5f 2e 48 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 49 62 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 62 7c 7c 30 3b 74 68 69 73 2e 6a 5c 75 30 30 0d 0a Data Ascii: \"\"!\u003dc?c+\" 2x \":\"\",\"\"!\u003db\u0026\u0026(c\u003dc+(\"\"\u003d\u003dc?\"\":\",\")+(b+\" 1x\")),a.setAttribute(\"srcset\",c))}};_.ti\u003dfunction(a,b,c){_.H.call(this);this.Ib\u003da;this.A\u003db\|\|0;this.j\u00
2022-12-09 04:34:45 UTC	110	IN	Data Raw: 37 31 39 30 0d 0a 33 64 63 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 74 68 69 73 2e 56 67 2c 74 68 69 73 29 7d 3b 5c 6e 5f 2e 42 28 5f 2e 74 69 2c 5f 2e 48 29 3b 5f 2e 6b 5c 75 30 30 33 64 5f 2e 74 69 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6b 2e 75 64 5c 75 30 30 33 64 30 3b 5f 2e 6b 2e 52 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 74 69 2e 59 2e 52 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 73 74 6f 70 28 29 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 49 62 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 6a 7d 3b 5f 2e 6b 2e 73 74 61 72 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 73 74 6f 70 28 29 3b 74 68 69 73 2e 75 64 5c 75 30 30 33 64 5f 2e 4f 67 28 74 68 69 73 2e 6f 2c 76 6f 69 64 20 30 21 5c Data Ascii: 71903dc;this.o\u003d(0,_.z)(this.Vg,this)};\n_.B(_.ti,_.H);_.k\u003d_.ti.prototype;_.k.ud\u003d0;_.k.R\u003dfunction(){_.ti.Y.R.call(this);this.stop();delete this.Ib;delete this.j};_.k.start\u003dfunction(a){this.stop();this.ud\u003d_.Og(this.o,void 0!\
2022-12-09 04:34:45 UTC	111	IN	Data Raw: 21 28 5c 22 69 74 65 6d 5c 22 69 6e 20 61 2e 64 61 74 61 73 65 74 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 5c 75 30 30 33 64 61 2e 64 61 74 61 73 65 74 2e 69 74 65 6d 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 6e 75 6c 6c 3a 61 7d 72 65 74 75 72 6e 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 64 61 74 61 2d 5c 22 2b 75 69 28 5c 22 69 74 65 6d 5c 22 29 29 7d 3b 41 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 2f 2d 5b 61 2d 7a 5d 2f 2e 74 65 73 74 28 62 29 3f 21 31 3a 5f 2e 45 68 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 64 61 74 61 73 65 74 3f 62 20 69 6e 20 61 2e 64 61 74 61 73 65 74 3a 61 2e 68 61 73 41 74 74 72 69 62 75 74 65 3f 61 2e 68 61 73 41 Data Ascii: !(\"item\"in a.dataset))return null;a\u003da.dataset.item;return void 0\u003d\u003d\u003da?null:a}return a.getAttribute(\"data-\"+ui(\"item\"))};Ai\u003dfunction(a,b){return/-[a-z]/.test(b)?!1:_.Eh\u0026\u0026a.dataset?b in a.dataset:a.hasAttribute?a.hasA
2022-12-09 04:34:45 UTC	112	IN	Data Raw: 64 5c 22 2c 73 6b 3a 5c 22 67 62 5f 52 63 5c 22 7d 3b 49 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 5c 75 30 30 33 64 5f 2e 4b 65 28 5c 22 4c 49 5c 22 29 3b 5f 2e 4d 28 61 2c 5c 22 67 62 5f 5a 63 5c 22 29 3b 5f 2e 51 65 28 61 2c 5c 22 6d 65 6e 75 69 74 65 6d 5c 22 29 3b 72 65 74 75 72 6e 20 61 7d 3b 4a 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 7c 7c 28 62 5c 75 30 30 33 64 49 69 28 29 2c 61 2e 49 64 28 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 29 3b 5f 2e 6b 69 2e 63 61 6c 6c 28 74 68 69 73 2c 62 29 3b 74 68 69 73 2e 44 5c 75 30 30 33 64 6e 65 77 20 5f 2e 50 28 74 68 69 73 29 3b 5f 2e 4d 68 28 74 68 69 73 2e 44 2c 74 68 69 73 2e 4a 28 29 2c 74 68 69 73 2e 42 69 29 7d 3b 5f 2e 77 28 4a 69 2c 5f 2e 6b Data Ascii: d\",sk:\"gb_Rc\"};Ii\u003dfunction(){var a\u003d_.Ke(\"LI\");_.M(a,\"gb_Zc\");_.Qe(a,\"menuitem\");return a};Ji\u003dfunction(a,b){b\|\|(b\u003dIi(),a.Id().appendChild(b));_.ki.call(this,b);this.D\u003dnew _.P(this);_.Mh(this.D,this.J(),this.Bi)};_.w(Ji,_.k
2022-12-09 04:34:45 UTC	113	IN	Data Raw: 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5c 6e 5f 2e 6b 2e 50 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 74 68 69 73 2e 42 29 69 66 28 74 68 69 73 2e 42 5c 75 30 30 33 64 5f 2e 51 28 5c 22 49 4d 47 5c 22 2c 5c 22 67 62 5f 33 63 5c 22 29 2c 74 68 69 73 2e 42 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 61 6c 74 5c 22 2c 5c 22 5c 22 29 2c 74 68 69 73 2e 6a 29 76 69 28 74 68 69 73 2e 42 2c 74 68 69 73 2e 6a 29 2c 74 68 69 73 2e 6a 5c 75 30 30 33 64 6e 75 6c 6c 3b 65 6c 73 65 7b 76 61 72 20 62 5c 75 30 30 33 64 74 68 69 73 2e 6f 3b 62 2e 70 61 72 65 6e 74 4e 6f 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 74 68 69 73 2e 42 2c 62 29 7d 74 68 69 73 2e 42 2e Data Ascii: ;return this};\n_.k.Pg\u003dfunction(a){if(!this.B)if(this.B\u003d_.Q(\"IMG\",\"gb_3c\"),this.B.setAttribute(\"alt\",\"\"),this.j)vi(this.B,this.j),this.j\u003dnull;else{var b\u003dthis.o;b.parentNode\u0026\u0026b.parentNode.insertBefore(this.B,b)}this.B.
2022-12-09 04:34:45 UTC	115	IN	Data Raw: 63 62 3b 61 2b 2b 29 74 68 69 73 2e 42 5b 61 5d 2e 74 61 28 29 3b 74 68 69 73 2e 4b 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 42 5c 75 30 30 33 64 5b 5d 7d 3b 5c 6e 76 61 72 20 4c 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 62 29 7b 62 5c 75 30 30 33 64 5f 2e 4b 65 28 5c 22 55 4c 5c 22 29 3b 5f 2e 4d 28 62 2c 5c 22 67 62 5f 56 63 5c 22 29 3b 76 61 72 20 63 5c 75 30 30 33 64 5f 2e 51 28 5c 22 53 50 41 4e 5c 22 2c 5c 22 67 62 5f 30 63 5c 22 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 29 7d 5f 2e 6c 69 2e 63 61 6c 6c 28 74 68 69 73 2c 62 29 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 61 3b 61 5c 75 30 30 33 64 74 68 69 73 2e 4a 28 29 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 5c 22 67 62 5f 5a 63 Data Ascii: cb;a++)this.B[a].ta();this.K\u003d{};this.B\u003d[]};\nvar Li\u003dfunction(a,b){if(!b){b\u003d_.Ke(\"UL\");_.M(b,\"gb_Vc\");var c\u003d_.Q(\"SPAN\",\"gb_0c\");b.appendChild(c)}_.li.call(this,b);this.o\u003da;a\u003dthis.J().getElementsByClassName(\"gb_Zc
2022-12-09 04:34:45 UTC	116	IN	Data Raw: 68 69 73 2e 4c 5c 75 30 30 33 64 63 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 5f 2e 52 28 5c 22 67 62 5f 53 63 5c 22 2c 74 68 69 73 2e 6a 29 3b 74 68 69 73 2e 4d 5c 75 30 30 33 64 6e 65 77 20 5f 2e 42 69 28 74 68 69 73 2e 41 29 3b 74 68 69 73 2e 44 5c 75 30 30 33 64 5f 2e 52 28 5c 22 67 62 5f 54 63 5c 22 2c 74 68 69 73 2e 41 29 3b 74 68 69 73 2e 47 5c 75 30 30 33 64 5f 2e 52 28 5c 22 67 62 5f 55 63 5c 22 2c 74 68 69 73 2e 41 29 3b 74 68 69 73 2e 4e 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 4f 5c 75 30 30 33 64 5b 5d 3b 74 68 69 73 2e 54 5c 75 30 30 33 64 64 7c 7c 21 31 3b 74 68 69 73 2e 53 5c 75 30 30 33 64 65 7c 7c 21 31 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 6e 65 77 20 5f 2e 50 28 74 68 69 73 29 3b 50 69 28 74 68 69 73 29 3b 61 5c 75 30 30 33 64 74 68 69 Data Ascii: his.L\u003dc;this.A\u003d_.R(\"gb_Sc\",this.j);this.M\u003dnew _.Bi(this.A);this.D\u003d_.R(\"gb_Tc\",this.A);this.G\u003d_.R(\"gb_Uc\",this.A);this.N\u003d{};this.O\u003d[];this.T\u003dd\|\|!1;this.S\u003de\|\|!1;this.o\u003dnew _.P(this);Pi(this);a\u003dthi
2022-12-09 04:34:45 UTC	117	IN	Data Raw: 7c 7c 28 74 68 69 73 2e 46 5c 75 30 30 33 64 5f 2e 52 28 5c 22 67 62 5f 48 63 5c 22 29 29 3b 74 68 69 73 2e 46 5c 75 30 30 32 36 5c 75 30 30 32 36 61 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 63 68 28 74 68 69 73 2e 46 2c 61 29 7d 3b 5f 2e 6b 2e 69 73 56 69 73 69 62 6c 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 28 61 5c 75 30 30 33 64 74 68 69 73 2e 48 2e 67 65 74 28 61 29 29 3f 21 5f 2e 4c 28 61 2c 5c 22 67 62 5f 46 61 5c 22 29 3a 21 31 7d 3b 5f 2e 6b 2e 6f 70 65 6e 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 4c 7c 7c 28 61 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 69 68 28 74 68 69 73 2e 6a 2c 5c 22 74 72 61 6e 73 69 74 69 6f 6e 5c 22 2c 5c 22 6e 6f 6e 65 5c 22 29 2c 74 68 69 73 2e 64 69 73 70 61 Data Ascii: \|\|(this.F\u003d_.R(\"gb_Hc\"));this.F\u0026\u0026a\u0026\u0026_.ch(this.F,a)};_.k.isVisible\u003dfunction(a){return(a\u003dthis.H.get(a))?!_.L(a,\"gb_Fa\"):!1};_.k.open\u003dfunction(a){this.L\|\|(a\u0026\u0026_.ih(this.j,\"transition\",\"none\"),this.dispa
2022-12-09 04:34:45 UTC	118	IN	Data Raw: 62 5c 75 30 30 33 64 6e 65 77 20 4d 61 70 3b 62 2e 73 65 74 28 5c 22 63 6c 6f 73 65 5c 22 2c 5c 22 63 62 63 5c 22 29 3b 62 2e 73 65 74 28 5c 22 62 61 63 6b 5c 22 2c 5c 22 62 62 63 5c 22 29 3b 62 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 5f 2e 4d 68 28 61 2e 6f 2c 61 2e 48 2e 67 65 74 28 64 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 63 29 7d 29 7d 29 3b 69 66 28 5f 2e 4c 28 61 2e 6a 2c 5c 22 67 62 5f 76 61 5c 22 29 7c 7c 5f 2e 4c 28 61 2e 6a 2c 5c 22 67 62 5f 55 64 5c 22 29 29 61 2e 6f 2e 6c 69 73 74 65 6e 28 77 69 6e 64 6f 77 2c 5c 22 72 65 73 69 7a 65 5c 22 2c 61 2e 50 29 2c 61 2e 50 28 29 3b 5f 2e 4c 28 61 2e 6a 2c 5c 22 67 62 5f 4d 63 5c 22 29 7c 7c 61 2e 6f 2e 53 61 28 77 Data Ascii: b\u003dnew Map;b.set(\"close\",\"cbc\");b.set(\"back\",\"bbc\");b.forEach(function(c,d){_.Mh(a.o,a.H.get(d),function(){this.dispatchEvent(c)})});if(_.L(a.j,\"gb_va\")\|\|_.L(a.j,\"gb_Ud\"))a.o.listen(window,\"resize\",a.P),a.P();_.L(a.j,\"gb_Mc\")\|\|a.o.Sa(w
2022-12-09 04:34:45 UTC	119	IN	Data Raw: 65 28 29 2c 6e 75 6c 6c 21 5c 75 30 30 33 64 74 68 69 73 2e 55 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 55 2e 66 6f 63 75 73 28 29 29 7d 39 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 6b 65 79 43 6f 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 4b 62 28 29 5c 75 30 30 32 36 5c 75 30 30 32 36 54 69 28 74 68 69 73 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 61 2e 74 61 72 67 65 74 2c 63 5c 75 30 30 33 64 5f 2e 63 69 28 74 68 69 73 2e 6a 29 2c 30 5c 75 30 30 33 63 63 2e 6c 65 6e 67 74 68 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 5c 75 30 30 33 64 63 5b 30 5d 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 73 68 69 66 74 4b 65 79 3f 28 63 5b 63 2e 6c 65 6e 67 74 68 2d 31 5d 2e 66 6f 63 75 73 Data Ascii: e(),null!\u003dthis.U\u0026\u0026this.U.focus())}9\u003d\u003d\u003da.keyCode\u0026\u0026this.Kb()\u0026\u0026Ti(this)\u0026\u0026(b\u003da.target,c\u003d_.ci(this.j),0\u003cc.length\u0026\u0026(b\u003d\u003dc[0]\u0026\u0026a.shiftKey?(c[c.length-1].focus
2022-12-09 04:34:45 UTC	121	IN	Data Raw: 6d 65 6e 74 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 2e 74 61 67 4e 61 6d 65 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 68 69 73 2e 53 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 4f 65 28 64 6f 63 75 6d 65 6e 74 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 2c 4d 69 29 7c 7c 5f 2e 52 68 28 64 6f 63 75 6d 65 6e 74 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 2c 5c 22 67 62 5f 4c 63 5c 22 29 7c 7c 5f 2e 52 68 28 64 6f 63 75 6d 65 6e 74 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 2c 5c 22 67 62 5f 49 5c 22 29 7c 7c 5f 2e 47 69 28 74 68 69 73 2e 41 29 29 29 7d 3b 76 61 72 20 51 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 6f 2e 4a 61 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2c 4e 69 2c 61 2e 6a 67 2c 21 31 2c 61 29 3b 61 2e 6f 2e 4a 61 28 64 6f 63 75 Data Ascii: ment.activeElement.tagName\u0026\u0026(this.S\u0026\u0026_.Oe(document.activeElement,Mi)\|\|_.Rh(document.activeElement,\"gb_Lc\")\|\|_.Rh(document.activeElement,\"gb_I\")\|\|_.Gi(this.A)))};var Qi\u003dfunction(a){a.o.Ja(document.body,Ni,a.jg,!1,a);a.o.Ja(docu
2022-12-09 04:34:45 UTC	122	IN	Data Raw: 7b 5f 2e 4f 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 5a 69 28 74 68 69 73 2e 6a 29 3b 74 68 69 73 2e 46 5c 75 30 30 33 64 62 7c 7c 31 30 30 3b 74 68 69 73 2e 42 5c 75 30 30 33 64 5f 2e 4e 28 61 2c 5c 22 72 65 73 69 7a 65 5c 22 2c 74 68 69 73 2e 43 2c 21 31 2c 74 68 69 73 29 7d 3b 5f 2e 42 28 5f 2e 24 69 2c 5f 2e 4f 29 3b 5f 2e 24 69 2e 70 72 6f 74 6f 74 79 70 65 2e 52 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 46 66 28 74 68 69 73 2e 42 29 3b 5f 2e 24 69 2e 59 2e 52 2e 63 61 6c 6c 28 74 68 69 73 29 7d 3b 5f 2e 24 69 2e 70 72 6f 74 6f 74 79 70 65 2e 43 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 7c 7c 28 74 68 69 73 2e 6f 5c 75 30 30 33 64 6e 65 Data Ascii: {_.O.call(this);this.j\u003da;this.A\u003dZi(this.j);this.F\u003db\|\|100;this.B\u003d_.N(a,\"resize\",this.C,!1,this)};_.B(_.$i,_.O);_.$i.prototype.R\u003dfunction(){_.Ff(this.B);_.$i.Y.R.call(this)};_.$i.prototype.C\u003dfunction(){this.o\|\|(this.o\u003dne
2022-12-09 04:34:45 UTC	123	IN	Data Raw: 6a 5c 75 30 30 33 64 61 2c 74 68 69 73 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 72 65 73 69 7a 65 5c 22 29 29 7d 3b 5c 6e 76 61 72 20 65 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 42 5c 75 30 30 33 64 6e 65 77 20 59 69 28 74 68 69 73 29 3b 74 68 69 73 2e 47 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 44 5c 75 30 30 33 64 62 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 64 6a 28 61 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 74 68 69 73 2e 44 29 3b 74 68 69 73 2e 48 5c 75 30 30 33 64 6e 65 77 20 5f 2e 24 69 28 5f 2e 63 6a 28 29 2c 31 30 29 3b 5f 2e 4e 28 74 68 69 73 2e 48 2c 5c 22 62 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 72 65 71 75 65 73 74 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 3f 77 69 6e 64 6f 77 Data Ascii: j\u003da,this.dispatchEvent(\"resize\"))};\nvar ej\u003dfunction(a,b){this.B\u003dnew Yi(this);this.G\u003da;this.D\u003db;this.j\u003ddj(a.offsetWidth,this.D);this.H\u003dnew _.$i(_.cj(),10);_.N(this.H,\"b\",function(){window.requestAnimationFrame?window
2022-12-09 04:34:45 UTC	124	IN	Data Raw: 22 2c 5c 22 74 72 75 65 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 62 3f 5c 22 66 61 6c 73 65 5c 22 3a 5c 22 74 72 75 65 5c 22 29 3a 61 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 5c 22 61 72 69 61 2d 70 72 65 73 73 65 64 5c 22 29 3b 74 68 69 73 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 63 6c 69 63 6b 5c 22 29 7d 3b 5c 6e 76 61 72 20 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 5f 2e 4f 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 61 3b 5f 2e 57 65 28 74 68 69 73 2e 41 2c 5c 22 67 62 5f 4f 64 5c 22 29 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 62 3b 74 68 69 73 2e 50 5c 75 30 30 33 64 63 3b 74 68 69 73 2e 4c 61 5c 75 30 30 33 64 5c 22 5c 22 3b 74 68 69 73 2e 72 62 5c 75 30 30 33 64 64 3b Data Ascii: ",\"true\"\u003d\u003db?\"false\":\"true\"):a.removeAttribute(\"aria-pressed\");this.dispatchEvent(\"click\")};\nvar U\u003dfunction(a,b,c,d){_.O.call(this);this.A\u003da;_.We(this.A,\"gb_Od\");this.o\u003db;this.P\u003dc;this.La\u003d\"\";this.rb\u003dd;
2022-12-09 04:34:45 UTC	126	IN	Data Raw: 75 30 30 33 64 5f 2e 24 61 28 5f 2e 44 28 74 68 69 73 2e 6f 2c 33 30 29 2c 30 29 3b 30 21 5c 75 30 30 33 64 63 5c 75 30 30 32 36 5c 75 30 30 32 36 68 6a 28 74 68 69 73 2c 63 29 3b 61 5c 75 30 30 33 64 69 6a 28 74 68 69 73 2c 61 2c 62 29 3b 74 68 69 73 2e 4c 5c 75 30 30 33 64 6e 65 77 20 65 6a 28 74 68 69 73 2e 41 2c 6a 6a 29 3b 74 68 69 73 2e 46 62 5c 75 30 30 33 64 5f 2e 75 28 5f 2e 44 28 74 68 69 73 2e 6f 2c 33 37 29 29 3b 74 68 69 73 2e 43 62 5c 75 30 30 33 64 5f 2e 75 28 5f 2e 44 28 74 68 69 73 2e 6f 2c 5c 6e 33 38 29 29 3b 5f 2e 4c 28 74 68 69 73 2e 41 2c 5c 22 67 62 5f 33 64 5c 22 29 3b 74 68 69 73 2e 4e 65 5c 75 30 30 33 64 5f 2e 74 28 5f 2e 45 28 74 68 69 73 2e 6f 2c 33 39 29 29 3b 74 68 69 73 2e 75 61 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 Data Ascii: u003d_.$a(_.D(this.o,30),0);0!\u003dc\u0026\u0026hj(this,c);a\u003dij(this,a,b);this.L\u003dnew ej(this.A,jj);this.Fb\u003d_.u(_.D(this.o,37));this.Cb\u003d_.u(_.D(this.o,\n38));_.L(this.A,\"gb_3d\");this.Ne\u003d_.t(_.E(this.o,39));this.ua\u0026\u0026thi
2022-12-09 04:34:45 UTC	127	IN	Data Raw: 72 65 79 36 30 30 5f 31 38 64 70 2e 70 6e 67 20 31 78 2c 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 73 2f 6d 61 74 65 72 69 61 6c 2f 73 79 73 74 65 6d 2f 32 78 2f 62 72 6f 6b 65 6e 5f 69 6d 61 67 65 5f 67 72 65 79 36 30 30 5f 31 38 64 70 2e 70 6e 67 20 32 78 5c 22 2c 5f 2e 69 68 28 74 68 69 73 2e 4b 2c 5c 22 77 69 64 74 68 5c 22 2c 5c 22 61 75 74 6f 5c 22 29 2c 5f 2e 4d 28 74 68 69 73 2e 4b 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2c 5c 22 67 62 5f 73 61 5c 22 29 2c 5f 2e 69 68 28 74 68 69 73 2e 4b 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2c 5c 22 6c 69 6e 65 2d 68 65 69 67 68 74 5c 22 2c 5c 22 33 30 70 78 5c 22 29 29 7d 3b 5f 2e 6b 2e 4a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b Data Ascii: rey600_18dp.png 1x, https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png 2x\",_.ih(this.K,\"width\",\"auto\"),_.M(this.K.parentElement,\"gb_sa\"),_.ih(this.K.parentElement,\"line-height\",\"30px\"))};_.k.J\u003dfunction(){
2022-12-09 04:34:45 UTC	128	IN	Data Raw: 62 5f 76 65 5c 22 2c 61 2e 41 29 2c 65 5c 75 30 30 33 64 5c 22 67 62 5f 52 63 5c 22 21 5c 75 30 30 33 64 61 2e 4c 2e 6a 7c 7c 62 3f 5c 22 5c 22 3a 61 2e 42 63 2b 5c 22 70 78 5c 22 3b 5f 2e 69 68 28 63 2c 5c 22 6d 69 6e 2d 77 69 64 74 68 5c 22 2c 65 29 3b 5f 2e 69 68 28 64 2c 5c 22 6d 69 6e 2d 77 69 64 74 68 5c 22 2c 65 29 7d 7d 5f 2e 4c 28 61 2e 44 2c 5c 22 67 62 5f 4a 65 5c 22 29 21 5c 75 30 30 33 64 62 5c 75 30 30 32 36 5c 75 30 30 32 36 28 5f 2e 53 28 61 2e 44 2c 5c 22 67 62 5f 4a 65 5c 22 2c 62 29 2c 62 3f 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 73 66 69 5c 22 29 3a 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 73 66 75 5c 22 29 2c 5f 2e 53 28 5f 2e 52 28 5c 22 67 62 5f 58 65 5c 22 2c 61 2e 44 29 2c 5c 22 67 62 5f 4a 65 5c 22 2c Data Ascii: b_ve\",a.A),e\u003d\"gb_Rc\"!\u003da.L.j\|\|b?\"\":a.Bc+\"px\";_.ih(c,\"min-width\",e);_.ih(d,\"min-width\",e)}}_.L(a.D,\"gb_Je\")!\u003db\u0026\u0026(_.S(a.D,\"gb_Je\",b),b?a.dispatchEvent(\"sfi\"):a.dispatchEvent(\"sfu\"),_.S(_.R(\"gb_Xe\",a.D),\"gb_Je\",
2022-12-09 04:34:45 UTC	129	IN	Data Raw: 2e 54 67 3b 54 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6e 5c 75 30 30 33 64 54 2e 70 72 6f 74 6f 74 79 70 65 2e 59 6a 3b 5f 2e 41 28 5c 22 67 62 61 72 2e 44 5c 22 2c 4c 69 29 3b 4c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 64 61 5c 75 30 30 33 64 4c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 46 68 3b 4c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 64 62 5c 75 30 30 33 64 4c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 47 68 3b 4c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 64 63 5c 75 30 30 33 64 4c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 52 67 3b 4c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 64 64 5c 75 30 30 33 64 4c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 53 67 3b 5f 2e 41 28 5c 22 67 62 61 72 2e 45 5c 22 2c 4a 69 29 3b 4a 69 2e 70 72 6f 74 6f 74 79 70 65 2e 65 61 5c 75 30 30 33 64 4a 69 2e 70 72 6f 74 6f 74 Data Ascii: .Tg;T.prototype.cn\u003dT.prototype.Yj;_.A(\"gbar.D\",Li);Li.prototype.da\u003dLi.prototype.Fh;Li.prototype.db\u003dLi.prototype.Gh;Li.prototype.dc\u003dLi.prototype.Rg;Li.prototype.dd\u003dLi.prototype.Sg;_.A(\"gbar.E\",Ji);Ji.prototype.ea\u003dJi.protot
2022-12-09 04:34:45 UTC	130	IN	Data Raw: 75 30 30 33 64 5c 75 30 30 33 64 62 3b 61 2e 5a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 58 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 53 28 61 2e 58 2c 5c 22 67 62 5f 46 61 5c 22 2c 63 7c 7c 64 29 3b 76 61 72 20 65 5c 75 30 30 33 64 74 6a 28 61 2c 62 29 3b 61 2e 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 65 3f 5f 2e 75 6a 28 61 29 7c 7c 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 57 7c 7c 28 65 5c 75 30 30 33 64 5f 2e 52 28 5c 22 67 62 5f 57 63 5c 22 29 2c 61 2e 57 2e 70 61 72 65 6e 74 4e 6f 64 65 21 5c 75 30 30 33 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2e 57 2c 65 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 7c 7c 6e 75 6c 6c 29 2c 5f 2e 4d 28 61 2e 46 2c 5c 22 67 62 5f 32 64 5c 22 29 2c 61 2e 77 Data Ascii: u003d\u003db;a.Zb\u0026\u0026a.X\u0026\u0026_.S(a.X,\"gb_Fa\",c\|\|d);var e\u003dtj(a,b);a.j\u0026\u0026e?_.uj(a)\|\|null\u003d\u003da.W\|\|(e\u003d_.R(\"gb_Wc\"),a.W.parentNode!\u003de\u0026\u0026e.insertBefore(a.W,e.childNodes[0]\|\|null),_.M(a.F,\"gb_2d\"),a.w
2022-12-09 04:34:45 UTC	132	IN	Data Raw: 2c 5f 2e 53 28 61 2e 44 2c 5c 22 67 62 5f 4f 65 5c 22 2c 63 7c 7c 64 29 29 3b 61 2e 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 28 63 5c 75 30 30 33 64 61 2e 6a 2e 6a 2c 5f 2e 58 65 28 63 2c 65 29 2c 5f 2e 4d 28 63 2c 62 29 2c 54 69 28 61 2e 6a 29 3f 5f 2e 52 28 5c 22 67 62 5f 62 65 5c 22 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 29 3a 61 2e 41 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 29 2c 61 2e 6a 2e 69 73 56 69 73 69 62 6c 65 28 5c 22 6d 65 6e 75 5c 22 29 7c 7c 61 2e 6a 2e 69 73 56 69 73 69 62 6c 65 28 5c 22 62 61 63 6b 5c 22 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 21 54 69 28 61 2e 6a 29 2c 63 5c 75 30 30 33 64 61 2e 6a 2e 4b 62 28 29 2c 62 5c 75 30 30 32 36 5c 75 30 30 32 36 21 63 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 48 Data Ascii: ,_.S(a.D,\"gb_Oe\",c\|\|d));a.j\u0026\u0026(c\u003da.j.j,_.Xe(c,e),_.M(c,b),Ti(a.j)?_.R(\"gb_be\").appendChild(c):a.A.appendChild(c),a.j.isVisible(\"menu\")\|\|a.j.isVisible(\"back\"))\u0026\u0026(b\u003d!Ti(a.j),c\u003da.j.Kb(),b\u0026\u0026!c\u0026\u0026a.H
2022-12-09 04:34:45 UTC	133	IN	Data Raw: 3b 5c 6e 55 2e 70 72 6f 74 6f 74 79 70 65 2e 41 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 75 61 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 43 29 7b 76 61 72 20 61 5c 75 30 30 33 64 76 6a 28 74 68 69 73 29 2c 62 5c 75 30 30 33 64 21 31 3b 61 5c 75 30 30 33 64 5f 2e 48 62 28 61 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 62 5c 75 30 30 33 64 62 7c 7c 5f 2e 4c 28 66 2c 5c 22 67 62 5f 78 65 5c 22 29 3b 72 65 74 75 72 6e 20 5f 2e 4c 28 66 2c 5c 22 67 62 5f 64 64 5c 22 29 7c 7c 5f 2e 4c 28 66 2c 5c 22 67 62 5f 41 66 5c 22 29 7c 7c 5f 2e 4c 28 66 2c 5c 22 67 62 5f 72 66 5c 22 29 7d 29 3b 76 61 72 20 63 5c 75 30 30 33 64 74 68 69 73 2e 59 61 2e 6a 2e 64 65 2c 64 5c 75 30 30 33 64 21 31 3b 69 66 28 61 2e 6c 65 6e 67 74 68 5c Data Ascii: ;\nU.prototype.Aa\u003dfunction(){if(this.ua\u0026\u0026this.C){var a\u003dvj(this),b\u003d!1;a\u003d_.Hb(a,function(f){b\u003db\|\|_.L(f,\"gb_xe\");return _.L(f,\"gb_dd\")\|\|_.L(f,\"gb_Af\")\|\|_.L(f,\"gb_rf\")});var c\u003dthis.Ya.j.de,d\u003d!1;if(a.length\
2022-12-09 04:34:45 UTC	134	IN	Data Raw: 62 6c 61 63 6b 5f 32 34 64 70 2e 70 6e 67 5c 22 3a 5c 6e 66 5c 75 30 30 33 64 67 2e 73 72 63 3b 61 2e 42 5c 75 30 30 33 64 5f 2e 51 28 5c 22 49 4d 47 5c 22 29 3b 5f 2e 56 65 28 61 2e 42 2c 5b 5c 22 67 62 5f 33 63 5c 22 2c 5c 22 67 62 5f 46 65 5c 22 5d 29 3b 61 2e 42 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 73 72 63 5c 22 2c 66 29 3b 65 2e 70 61 72 65 6e 74 4e 6f 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2e 42 2c 65 29 3b 61 2e 55 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 29 7d 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 58 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 21 5f 2e 4c 28 74 68 69 73 2e 44 64 2c 5c 22 67 62 5f 46 61 5c 22 29 5c 75 30 30 32 36 5c 75 30 Data Ascii: black_24dp.png\":\nf\u003dg.src;a.B\u003d_.Q(\"IMG\");_.Ve(a.B,[\"gb_3c\",\"gb_Fe\"]);a.B.setAttribute(\"src\",f);e.parentNode\u0026\u0026e.parentNode.insertBefore(a.B,e);a.U.appendChild(c)};U.prototype.Xa\u003dfunction(a){!_.L(this.Dd,\"gb_Fa\")\u0026\u0
2022-12-09 04:34:45 UTC	135	IN	Data Raw: 64 21 30 3b 62 72 65 61 6b 3b 63 61 73 65 20 5c 22 63 6c 6f 73 65 5c 22 3a 74 68 69 73 2e 53 5c 75 30 30 33 64 21 30 3b 56 69 28 74 68 69 73 2e 6a 29 3b 55 69 28 74 68 69 73 2e 6a 2c 5c 22 63 6c 6f 73 65 5c 22 29 3b 62 5c 75 30 30 33 64 21 30 3b 62 72 65 61 6b 3b 63 61 73 65 20 5c 22 64 65 66 61 75 6c 74 5c 22 3a 74 68 69 73 2e 53 5c 75 30 30 33 64 21 31 3b 74 6a 28 74 68 69 73 2c 74 68 69 73 2e 4c 2e 6a 29 7c 7c 74 68 69 73 2e 41 63 3f 28 74 68 69 73 2e 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 21 74 68 69 73 2e 6a 2e 69 73 56 69 73 69 62 6c 65 28 5c 22 6d 65 6e 75 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 56 69 28 74 68 69 73 2e 6a 29 2c 55 69 28 74 68 69 73 2e 6a 2c 5c 22 6d 65 6e 75 5c 22 29 29 2c 62 5c 75 30 30 33 64 21 30 29 3a 28 74 68 69 73 2e Data Ascii: d!0;break;case \"close\":this.S\u003d!0;Vi(this.j);Ui(this.j,\"close\");b\u003d!0;break;case \"default\":this.S\u003d!1;tj(this,this.L.j)\|\|this.Ac?(this.j\u0026\u0026!this.j.isVisible(\"menu\")\u0026\u0026(Vi(this.j),Ui(this.j,\"menu\")),b\u003d!0):(this.
2022-12-09 04:34:45 UTC	137	IN	Data Raw: 5c 22 67 62 5f 37 64 5c 22 5d 29 3b 43 6a 28 61 2c 6f 6a 28 74 68 69 73 29 29 3b 61 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 5c 75 30 30 33 64 74 68 69 73 2e 41 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 3b 74 68 69 73 2e 6b 61 2e 70 75 73 68 28 61 29 3b 76 61 72 20 62 5c 75 30 30 33 64 74 68 69 73 2e 43 3b 62 2e 70 61 72 65 6e 74 4e 6f 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2c 62 2e 6e 65 78 74 53 69 62 6c 69 6e 67 29 3b 74 68 69 73 2e 4f 5c 75 30 30 33 64 61 7d 72 65 74 75 72 6e 20 74 68 69 73 2e 4f 7d 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 45 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 48 67 28 74 68 69 73 Data Ascii: \"gb_7d\"]);Cj(a,oj(this));a.style.backgroundColor\u003dthis.A.style.backgroundColor;this.ka.push(a);var b\u003dthis.C;b.parentNode\u0026\u0026b.parentNode.insertBefore(a,b.nextSibling);this.O\u003da}return this.O};U.prototype.Ec\u003dfunction(){_.Hg(this
2022-12-09 04:34:45 UTC	138	IN	Data Raw: 61 72 20 61 5c 75 30 30 33 64 5f 2e 64 66 28 5c 22 64 64 5c 22 29 3b 5f 2e 68 69 28 61 29 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 68 69 28 61 29 2e 4b 64 28 21 31 29 3b 61 2e 6e 66 28 6e 75 6c 6c 29 7d 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 54 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 68 6a 28 74 68 69 73 2c 61 2d 38 2d 31 30 29 3b 73 6a 28 74 68 69 73 29 7d 3b 76 61 72 20 68 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 44 3f 61 2e 50 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 64 61 5c 22 29 29 3a 61 2e 6d 61 3f 61 2e 50 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 65 61 5c 22 29 29 3a 61 2e 6d 62 5c 75 30 30 33 64 30 5c 75 30 30 33 65 62 3f 30 3a 62 7d 2c 73 6a 5c 75 30 30 33 Data Ascii: ar a\u003d_.df(\"dd\");_.hi(a)\u0026\u0026_.hi(a).Kd(!1);a.nf(null)};U.prototype.Te\u003dfunction(a){hj(this,a-8-10);sj(this)};var hj\u003dfunction(a,b){null\u003d\u003da.D?a.P.log(Error(\"da\")):a.ma?a.P.log(Error(\"ea\")):a.mb\u003d0\u003eb?0:b},sj\u003
2022-12-09 04:34:45 UTC	138	IN	Data Raw: 38 30 30 30 0d 0a 5c 75 30 30 32 36 5c 75 30 30 32 36 28 5c 22 67 62 5f 76 61 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 4c 2e 6a 3f 5f 2e 69 68 28 61 2e 47 2c 5c 22 6d 69 6e 2d 77 69 64 74 68 5c 22 2c 5c 22 5c 22 29 3a 6e 75 6c 6c 21 5c 75 30 30 33 64 61 2e 6d 62 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 69 68 28 61 2e 47 2c 5c 22 6d 69 6e 2d 77 69 64 74 68 5c 22 2c 61 2e 6d 62 2b 5c 22 70 78 5c 22 29 29 7d 3b 5c 6e 55 2e 70 72 6f 74 6f 74 79 70 65 2e 59 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 53 28 5f 2e 52 28 5c 22 67 62 5f 78 63 5c 22 2c 74 68 69 73 2e 43 29 2c 5c 22 67 62 5f 46 61 5c 22 2c 21 61 29 7d 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 77 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 5c 75 30 30 32 36 5c Data Ascii: 8000\u0026\u0026(\"gb_va\"\u003d\u003da.L.j?_.ih(a.G,\"min-width\",\"\"):null!\u003da.mb\u0026\u0026_.ih(a.G,\"min-width\",a.mb+\"px\"))};\nU.prototype.Ye\u003dfunction(a){_.S(_.R(\"gb_xc\",this.C),\"gb_Fa\",!a)};U.prototype.we\u003dfunction(a){a\u0026\
2022-12-09 04:34:45 UTC	139	IN	Data Raw: 70 69 5c 75 30 30 33 64 55 2e 70 72 6f 74 6f 74 79 70 65 2e 77 61 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6a 5c 75 30 30 33 64 55 2e 70 72 6f 74 6f 74 79 70 65 2e 54 65 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6b 5c 75 30 30 33 64 55 2e 70 72 6f 74 6f 74 79 70 65 2e 59 65 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6c 5c 75 30 30 33 64 55 2e 70 72 6f 74 6f 74 79 70 65 2e 77 65 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6d 5c 75 30 30 33 64 55 2e 70 72 6f 74 6f 74 79 70 65 2e 4d 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6e 5c 75 30 30 33 64 5c 6e 55 2e 70 72 6f 74 6f 74 79 70 65 2e 47 62 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6f 5c 75 30 30 33 64 55 2e 70 72 6f 74 6f 74 79 70 65 2e 58 6a 3b 55 2e 70 72 6f 74 6f 74 79 70 65 2e 70 70 5c 75 30 30 33 64 55 Data Ascii: pi\u003dU.prototype.wa;U.prototype.pj\u003dU.prototype.Te;U.prototype.pk\u003dU.prototype.Ye;U.prototype.pl\u003dU.prototype.we;U.prototype.pm\u003dU.prototype.M;U.prototype.pn\u003d\nU.prototype.Gb;U.prototype.po\u003dU.prototype.Xj;U.prototype.pp\u003dU
2022-12-09 04:34:45 UTC	140	IN	Data Raw: 7b 5c 6e 69 66 28 5f 2e 49 6a 29 7b 76 61 72 20 4c 6a 3b 69 66 28 4c 6a 5c 75 30 30 33 64 5f 2e 44 28 5f 2e 49 6a 2e 6f 2c 33 29 29 66 6f 72 28 76 61 72 20 4d 6a 5c 75 30 30 33 64 5f 2e 50 68 28 4c 6a 29 2c 4e 6a 5c 75 30 30 33 64 30 3b 4e 6a 5c 75 30 30 33 63 4d 6a 2e 6c 65 6e 67 74 68 3b 4e 6a 2b 2b 29 5f 2e 79 69 28 4d 6a 5b 4e 6a 5d 2c 5c 22 6f 67 70 63 5c 22 2c 5c 22 5c 22 29 3b 5f 2e 42 6a 28 5f 2e 49 6a 2c 21 21 5f 2e 49 6a 2e 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 49 6a 2e 6a 2e 4b 62 28 29 2c 21 31 29 7d 5c 6e 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 4f 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 72 65 6c 5c 75 30 30 33 64 Data Ascii: {\nif(_.Ij){var Lj;if(Lj\u003d_.D(_.Ij.o,3))for(var Mj\u003d_.Ph(Lj),Nj\u003d0;Nj\u003cMj.length;Nj++)_.yi(Mj[Nj],\"ogpc\",\"\");_.Bj(_.Ij,!!_.Ij.j\u0026\u0026_.Ij.j.Kb(),!1)}\n;\n}catch(e){_._DumpException(e)}\ntry{\n_.Oj\u003dfunction(a,b,c){a.rel\u003d
2022-12-09 04:34:45 UTC	142	IN	Data Raw: 7b 61 74 74 3a 61 2c 6d 61 78 3a 62 2c 75 72 6c 3a 63 7d 29 3b 61 5c 75 30 30 33 63 62 3f 55 6a 28 61 2b 31 2c 62 29 3a 5f 2e 4b 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 68 61 60 5c 22 2b 61 2b 5c 22 60 5c 22 2b 62 29 2c 7b 75 72 6c 3a 63 7d 29 7d 2c 55 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 57 6a 29 7b 76 61 72 20 63 5c 75 30 30 33 64 5f 2e 4b 65 28 5c 22 53 43 52 49 50 54 5c 22 29 3b 63 2e 61 73 79 6e 63 5c 75 30 30 33 64 21 30 3b 63 2e 74 79 70 65 5c 75 30 30 33 64 5c 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 5c 22 3b 63 2e 63 68 61 72 73 65 74 5c 75 30 30 33 64 5c 22 55 54 46 2d 38 5c 22 3b 63 2e 73 72 63 5c 75 30 30 33 64 5f 2e 24 63 28 57 6a 29 3b 5f 2e 53 6a 28 63 29 3b 63 2e 6f 6e 6c 6f 61 64 5c 75 30 30 33 64 Data Ascii: {att:a,max:b,url:c});a\u003cb?Uj(a+1,b):_.K.log(Error(\"ha`\"+a+\"`\"+b),{url:c})},Uj\u003dfunction(a,b){if(Wj){var c\u003d_.Ke(\"SCRIPT\");c.async\u003d!0;c.type\u003d\"text/javascript\";c.charset\u003d\"UTF-8\";c.src\u003d_.$c(Wj);_.Sj(c);c.onload\u003d
2022-12-09 04:34:45 UTC	143	IN	Data Raw: 22 34 39 33 34 36 36 36 36 34 5c 22 2c 5c 22 30 5c 22 5d 2c 6e 75 6c 6c 2c 5c 22 35 62 71 53 59 35 58 7a 46 5f 36 42 37 5f 55 50 5f 34 61 35 75 41 6f 5c 22 2c 6e 75 6c 6c 2c 30 2c 5c 22 6f 67 2e 71 74 6d 2e 67 6b 7a 66 4f 53 65 32 49 38 45 2e 4c 2e 57 2e 4f 5c 22 2c 5c 22 41 41 32 59 72 54 75 65 47 52 50 72 61 49 49 70 67 6a 59 63 76 61 58 4d 4a 53 71 59 4b 6c 4e 33 64 67 5c 22 2c 5c 22 41 41 32 59 72 54 76 34 41 42 5a 41 50 73 43 41 78 41 58 4f 41 48 75 54 6f 58 42 42 51 43 68 33 49 67 5c 22 2c 5c 22 5c 22 2c 32 2c 31 2c 32 30 30 2c 5c 22 47 42 52 5c 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 31 5c 22 2c 5c 22 32 34 33 5c 22 2c 31 5d 2c 6e 75 6c 6c 2c 5b 31 2c 30 2e 31 30 30 30 30 30 30 30 31 34 39 30 31 31 36 31 2c 32 2c 31 5d 2c 5b 31 2c 30 2e 30 30 31 Data Ascii: "493466664\",\"0\"],null,\"5bqSY5XzF_6B7_UP_4a5uAo\",null,0,\"og.qtm.gkzfOSe2I8E.L.W.O\",\"AA2YrTueGRPraIIpgjYcvaXMJSqYKlN3dg\",\"AA2YrTv4ABZAPsCAxAXOAHuToXBBQCh3Ig\",\"\",2,1,200,\"GBR\",null,null,\"1\",\"243\",1],null,[1,0.1000000014901161,2,1],[1,0.001
2022-12-09 04:34:45 UTC	144	IN	Data Raw: 35 75 41 6f 5c 22 2c 30 2c 30 2c 30 2c 6e 75 6c 6c 2c 32 2c 35 2c 5c 22 65 6e 5c 22 2c 33 37 2c 30 2c 30 2c 31 2c 30 2c 30 5d 2c 5b 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 6f 67 2f 5f 2f 6a 73 2f 6b 5c 75 30 30 33 64 6f 67 2e 71 74 6d 2e 65 6e 5f 55 53 2e 53 68 59 32 6a 34 74 44 74 39 38 2e 65 73 35 2e 4f 2f 72 74 5c 75 30 30 33 64 6a 2f 6d 5c 75 30 30 33 64 71 5f 64 6e 70 2c 71 6d 64 2c 71 63 77 69 64 2c 71 61 70 69 64 2c 71 61 6c 64 2f 65 78 6d 5c 75 30 30 33 64 71 61 61 77 2c 71 61 62 72 2c 71 61 64 64 2c 71 61 69 64 2c 71 61 6c 6f 2c 71 65 62 72 2c 71 65 69 6e 2c 71 68 61 77 2c 71 68 62 72 2c 71 68 63 68 2c 71 68 67 61 2c 71 68 69 64 2c 71 68 69 6e 2c 71 68 6c 6f 2c Data Ascii: 5uAo\",0,0,0,null,2,5,\"en\",37,0,0,1,0,0],[[null,null,null,\"https://www.gstatic.com/og/_/js/k\u003dog.qtm.en_US.ShY2j4tDt98.es5.O/rt\u003dj/m\u003dq_dnp,qmd,qcwid,qapid,qald/exm\u003dqaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,
2022-12-09 04:34:45 UTC	145	IN	Data Raw: 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 6b 61 2c 7a 61 2c 41 61 2c 42 61 2c 47 61 2c 49 61 2c 4b 61 2c 4c 61 2c 52 61 2c 55 61 2c 51 61 2c 56 61 2c 59 61 2c 5a 61 2c 64 62 2c 65 62 2c 66 62 2c 67 62 2c 68 62 2c 69 62 2c 6b 62 2c 6c 62 2c 70 62 2c 71 62 3b 5f 2e 61 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 45 72 Data Ascii: 003dthis.gbar_\|\|{};(function(_){var window\u003dthis;\ntry{\n/\n\n Copyright The Closure Library Authors.\n SPDX-License-Identifier: Apache-2.0\n/\nvar ka,za,Aa,Ba,Ga,Ia,Ka,La,Ra,Ua,Qa,Va,Ya,Za,db,eb,fb,gb,hb,ib,kb,lb,pb,qb;_.aa\u003dfunction(a,b){if(Er
2022-12-09 04:34:45 UTC	147	IN	Data Raw: 69 50 61 64 5c 22 29 7d 3b 5f 2e 6c 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6b 61 28 29 7c 7c 5f 2e 70 28 5c 22 69 50 61 64 5c 22 29 7c 7c 5f 2e 70 28 5c 22 69 50 6f 64 5c 22 29 7d 3b 5c 6e 5f 2e 6d 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 30 5c 75 30 30 33 63 62 29 7b 66 6f 72 28 76 61 72 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 2c 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 5f 2e 6e 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 2d 31 21 5c 75 30 30 33 64 5f 2e 62 61 28 29 2e 74 6f Data Ascii: iPad\")};_.la\u003dfunction(){return ka()\|\|_.p(\"iPad\")\|\|_.p(\"iPod\")};\n_.ma\u003dfunction(a){var b\u003da.length;if(0\u003cb){for(var c\u003dArray(b),d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};_.na\u003dfunction(){return-1!\u003d_.ba().to
2022-12-09 04:34:45 UTC	148	IN	Data Raw: 30 32 36 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 5c 75 30 30 32 36 5c 75 30 30 32 36 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 4f 62 6a 65 63 74 7d 3b 5c 6e 42 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 28 62 5c 75 30 30 33 64 62 3f 61 5b 62 2d 31 5d 3a 76 6f 69 64 20 30 29 5c 75 30 30 32 36 5c 75 30 30 32 36 41 61 28 62 29 3f 62 2e 67 5c 75 30 30 33 64 31 3a 28 62 5c 75 30 30 33 64 7b 7d 2c 61 2e 70 75 73 68 28 28 62 2e 67 5c 75 30 30 33 64 31 2c 62 29 29 29 7d 3b 5f 2e 44 61 5c Data Ascii: 026\"object\"\u003d\u003d\u003dtypeof a\u0026\u0026!Array.isArray(a)\u0026\u0026a.constructor\u003d\u003d\u003dObject};\nBa\u003dfunction(a){var b\u003da.length;(b\u003db?a[b-1]:void 0)\u0026\u0026Aa(b)?b.g\u003d1:(b\u003d{},a.push((b.g\u003d1,b)))};_.Da\
2022-12-09 04:34:45 UTC	149	IN	Data Raw: 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 61 2e 6f 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 2e 6f 5c 75 30 30 33 64 76 6f 69 64 20 30 29 3b 69 66 28 62 5c 75 30 30 33 65 5c 75 30 30 33 64 61 2e 6a 7c 7c 64 29 72 65 74 75 72 6e 20 4d 61 28 61 29 5b 62 5d 5c 75 30 30 33 64 63 2c 61 3b 61 2e 79 61 5b 62 2b 61 2e 47 63 5d 5c 75 30 30 33 64 63 3b 28 63 5c 75 30 30 33 64 61 2e 79 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 62 20 69 6e 20 63 5c 75 30 30 32 36 5c 75 30 30 32 36 64 65 6c 65 74 65 20 63 5b 62 5d 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 4f 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 62 3a 61 7d 3b 52 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 Data Ascii: nction(a,b,c,d){a.o\u0026\u0026(a.o\u003dvoid 0);if(b\u003e\u003da.j\|\|d)return Ma(a)[b]\u003dc,a;a.ya[b+a.Gc]\u003dc;(c\u003da.yb)\u0026\u0026b in c\u0026\u0026delete c[b];return a};_.Oa\u003dfunction(a,b){return null\u003d\u003da?b:a};Ra\u003dfunction(a)
2022-12-09 04:34:45 UTC	150	IN	Data Raw: 28 29 29 3b 65 5c 75 30 30 33 64 21 21 28 5f 2e 74 61 28 63 29 5c 75 30 30 32 36 31 36 29 3b 66 6f 72 28 76 61 72 20 66 5c 75 30 30 33 64 30 3b 66 5c 75 30 30 33 63 63 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 7b 76 61 72 20 67 5c 75 30 30 33 64 63 5b 66 5d 3b 69 66 28 66 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 63 2e 6c 65 6e 67 74 68 2d 31 5c 75 30 30 32 36 5c 75 30 30 32 36 41 61 28 67 29 29 66 6f 72 28 76 61 72 20 68 20 69 6e 20 67 29 7b 76 61 72 20 6c 5c 75 30 30 33 64 2b 68 3b 69 66 28 4e 75 6d 62 65 72 2e 69 73 4e 61 4e 28 6c 29 29 4d 61 28 64 29 5b 6c 5d 5c 75 30 30 33 64 67 5b 6c 5d 3b 65 6c 73 65 7b 76 61 72 20 6d 5c 75 30 30 33 64 67 5b 68 5d 2c 71 5c 75 30 30 33 64 61 2e 56 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 56 61 5b 6c 5d 3b Data Ascii: ());e\u003d!!(_.ta(c)\u002616);for(var f\u003d0;f\u003cc.length;f++){var g\u003dc[f];if(f\u003d\u003d\u003dc.length-1\u0026\u0026Aa(g))for(var h in g){var l\u003d+h;if(Number.isNaN(l))Ma(d)[l]\u003dg[l];else{var m\u003dg[h],q\u003da.Va\u0026\u0026a.Va[l];
2022-12-09 04:34:45 UTC	151	IN	Data Raw: 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 63 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 3b 65 62 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 5c 75 30 30 33 64 5c 75 30 30 33 64 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 5c 75 30 30 Data Ascii: turn function(){return b\u003ca.length?{done:!1,value:a[b++]}:{done:!0}}};eb\u003d\"function\"\u003d\u003dtypeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a\u003d\u003dArray.prototype\|\|a\u003d\u003dObject.prototype)return a;a[b]\u00
2022-12-09 04:34:45 UTC	153	IN	Data Raw: 63 74 69 6f 6e 28 66 29 7b 69 66 28 74 68 69 73 20 69 6e 73 74 61 6e 63 65 6f 66 20 65 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 5c 22 62 5c 22 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 28 63 2b 28 66 7c 7c 5c 22 5c 22 29 2b 5c 22 5f 5c 22 2b 64 2b 2b 2c 66 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 5c 6e 68 62 28 5c 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 5c 75 30 30 33 64 53 79 6d 62 6f 6c 28 5c 22 63 5c 22 29 3b 66 6f 72 28 76 61 72 20 62 5c 75 30 30 33 64 5c 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e Data Ascii: ction(f){if(this instanceof e)throw new TypeError(\"b\");return new b(c+(f\|\|\"\")+\"_\"+d++,f)};return e});\nhb(\"Symbol.iterator\",function(a){if(a)return a;a\u003dSymbol(\"c\");for(var b\u003d\"Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uin
2022-12-09 04:34:45 UTC	154	IN	Data Raw: 72 72 6f 72 28 5c 22 64 60 5c 22 2b 61 29 3b 72 65 74 75 72 6e 20 61 7d 3a 6e 75 6c 6c 7d 70 62 5c 75 30 30 33 64 6c 62 3b 5c 6e 5f 2e 77 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 70 72 6f 74 6f 74 79 70 65 5c 75 30 30 33 64 6b 62 28 62 2e 70 72 6f 74 6f 74 79 70 65 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 5c 75 30 30 33 64 61 3b 69 66 28 70 62 29 70 62 28 61 2c 62 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 5c 22 70 72 6f 74 6f 74 79 70 65 5c 22 21 5c 75 30 30 33 64 63 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 5c 75 30 30 33 64 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 Data Ascii: rror(\"d`\"+a);return a}:null}pb\u003dlb;\n_.w\u003dfunction(a,b){a.prototype\u003dkb(b.prototype);a.prototype.constructor\u003da;if(pb)pb(a,b);else for(var c in b)if(\"prototype\"!\u003dc)if(Object.defineProperties){var d\u003dObject.getOwnPropertyDescri
2022-12-09 04:34:45 UTC	155	IN	Data Raw: 64 5c 75 30 30 33 64 6c 7c 7c 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 6d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 6c 29 7b 69 66 28 21 72 62 28 6c 2c 66 29 29 7b 76 61 72 20 6d 5c 75 30 30 33 64 6e 65 77 20 62 3b 65 62 28 6c 2c 66 2c 7b 76 61 6c 75 65 3a 6d 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 28 6c 29 7b 76 61 72 20 6d 5c 75 30 30 33 64 4f 62 6a 65 63 74 5b 6c 5d 3b 6d 5c 75 30 30 32 36 5c 75 30 30 32 36 28 4f 62 6a 65 63 74 5b 6c 5d 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 71 29 7b 69 66 28 71 20 69 6e 73 74 61 6e 63 65 6f 66 20 62 29 72 65 74 75 72 6e 20 71 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 71 29 5c 75 30 30 32 36 5c 75 30 30 32 36 64 28 71 29 3b 72 65 74 75 72 6e 20 6d Data Ascii: d\u003dl\|\|\"function\"\u003d\u003d\u003dm}function d(l){if(!rb(l,f)){var m\u003dnew b;eb(l,f,{value:m})}}function e(l){var m\u003dObject[l];m\u0026\u0026(Object[l]\u003dfunction(q){if(q instanceof b)return q;Object.isExtensible(q)\u0026\u0026d(q);return m
2022-12-09 04:34:45 UTC	156	IN	Data Raw: 6e 68 62 28 5c 22 4d 61 70 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 21 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 21 5c 75 30 30 33 64 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 68 5c 75 30 30 33 64 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 6c 5c 75 30 30 33 64 6e 65 77 20 61 28 5f 2e 6a 62 28 5b 5b 68 2c 5c 22 73 5c 22 5d 5d 29 29 3b 69 66 28 5c 22 73 5c 22 21 5c 75 30 30 33 64 6c 2e 67 65 74 28 68 29 7c 7c 31 21 5c 75 30 30 33 64 6c 2e 73 69 7a 65 7c 7c 6c 2e 67 65 74 Data Ascii: nhb(\"Map\",function(a){if(function(){if(!a\|\|\"function\"!\u003dtypeof a\|\|!a.prototype.entries\|\|\"function\"!\u003dtypeof Object.seal)return!1;try{var h\u003dObject.seal({x:4}),l\u003dnew a(_.jb([[h,\"s\"]]));if(\"s\"!\u003dl.get(h)\|\|1!\u003dl.size\|\|l.get
2022-12-09 04:34:45 UTC	158	IN	Data Raw: 33 64 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 74 68 69 73 2e 6a 2e 6d 63 5c 75 30 30 33 64 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 5c 75 30 30 33 64 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 68 29 2e 55 61 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 28 68 5c 75 30 30 33 64 64 28 74 68 69 73 2c 68 29 2e 55 61 29 5c 75 30 30 32 36 5c 75 30 30 32 36 68 2e 76 Data Ascii: 3dnull,this.size--,!0):!1};c.prototype.clear\u003dfunction(){this.o\u003d{};this.j\u003dthis.j.mc\u003df();this.size\u003d0};c.prototype.has\u003dfunction(h){return!!d(this,h).Ua};c.prototype.get\u003dfunction(h){return(h\u003dd(this,h).Ua)\u0026\u0026h.v
2022-12-09 04:34:45 UTC	159	IN	Data Raw: 20 6d 5c 75 30 30 33 64 5c 6e 6d 2e 6e 65 78 74 2c 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 6c 28 6d 29 7d 3b 6d 5c 75 30 30 33 64 6e 75 6c 6c 7d 72 65 74 75 72 6e 7b 64 6f 6e 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 7d 29 7d 2c 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 5c 75 30 30 33 64 7b 7d 3b 72 65 74 75 72 6e 20 68 2e 6d 63 5c 75 30 30 33 64 68 2e 6e 65 78 74 5c 75 30 30 33 64 68 2e 68 65 61 64 5c 75 30 30 33 64 68 7d 2c 67 5c 75 30 30 33 64 30 3b 72 65 74 75 72 6e 20 63 7d 29 3b 68 62 28 5c 22 4e 75 6d 62 65 72 2e 4d 41 58 5f 53 41 46 45 5f 49 4e 54 45 47 45 52 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 39 30 30 37 31 39 39 32 35 34 37 34 30 39 39 31 7d 29 3b 68 62 28 5c 22 4e 75 6d 62 Data Ascii: m\u003d\nm.next,{done:!1,value:l(m)};m\u003dnull}return{done:!0,value:void 0}})},f\u003dfunction(){var h\u003d{};return h.mc\u003dh.next\u003dh.head\u003dh},g\u003d0;return c});hb(\"Number.MAX_SAFE_INTEGER\",function(){return 9007199254740991});hb(\"Numb
2022-12-09 04:34:45 UTC	160	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 62 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 5c 6e 68 62 28 5c 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 62 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 20 63 7d 29 7d 7d 29 3b 68 62 28 5c 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 76 61 72 20 65 5c 75 30 30 33 64 74 68 69 73 2e 6c 65 6e 67 74 68 7c 7c 30 3b 30 Data Ascii: function(){return sb(this,function(b){return b})}});\nhb(\"Array.prototype.values\",function(a){return a?a:function(){return sb(this,function(b,c){return c})}});hb(\"Array.prototype.fill\",function(a){return a?a:function(b,c,d){var e\u003dthis.length\|\|0;0
2022-12-09 04:34:45 UTC	161	IN	Data Raw: 28 5b 64 2c 62 5b 64 5d 5d 29 3b 72 65 74 75 72 6e 20 63 7d 7d 29 3b 68 62 28 5c 22 4f 62 6a 65 63 74 2e 69 73 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 63 3f 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 62 7c 7c 31 2f 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 31 2f 63 3a 62 21 5c 75 30 30 33 64 5c 75 30 30 33 64 62 5c 75 30 30 32 36 5c 75 30 30 32 36 63 21 5c 75 30 30 33 64 5c 75 30 30 33 64 63 7d 7d 29 3b 68 62 28 5c 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 63 6c 75 64 65 73 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f Data Ascii: ([d,b[d]]);return c}});hb(\"Object.is\",function(a){return a?a:function(b,c){return b\u003d\u003d\u003dc?0!\u003d\u003db\|\|1/b\u003d\u003d\u003d1/c:b!\u003d\u003db\u0026\u0026c!\u003d\u003dc}});hb(\"Array.prototype.includes\",function(a){return a?a:functio
2022-12-09 04:34:45 UTC	162	IN	Data Raw: 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 65 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 3b 5f 2e 7a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 62 69 6e 64 5c 75 30 30 32 36 5c 75 30 30 32 36 2d 31 21 5c 75 30 30 33 64 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 62 69 6e 64 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 5c 22 6e 61 74 69 76 65 20 63 6f 64 65 5c 22 29 3f 5f 2e 7a 5c 75 30 30 33 64 41 62 3a 5f 2e 7a 5c Data Ascii: ents);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}};_.z\u003dfunction(a,b,c){Function.prototype.bind\u0026\u0026-1!\u003dFunction.prototype.bind.toString().indexOf(\"native code\")?_.z\u003dAb:_.z\
2022-12-09 04:34:45 UTC	164	IN	Data Raw: 5c 22 43 75 73 74 6f 6d 45 72 72 6f 72 5c 22 3b 5c 6e 5f 2e 45 62 5c 75 30 30 33 64 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 74 72 69 6d 3f 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 74 72 69 6d 28 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 2f 5e 5b 5c 5c 73 5c 5c 78 61 30 5d 2a 28 5b 5c 5c 73 5c 5c 53 5d 2a 3f 29 5b 5c 5c 73 5c 5c 78 61 30 5d 2a 24 2f 2e 65 78 65 63 28 61 29 5b 31 5d 7d 3b 5c 6e 5f 2e 46 62 5c 75 30 30 33 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 2e 63 61 6c 6c 28 61 2c 62 2c 76 6f 69 64 20 30 29 7d 3a 66 75 6e 63 74 69 6f 6e Data Ascii: \"CustomError\";\n_.Eb\u003dString.prototype.trim?function(a){return a.trim()}:function(a){return/^[\\s\\xa0]([\\s\\S]?)[\\s\\xa0]*$/.exec(a)[1]};\n_.Fb\u003dArray.prototype.indexOf?function(a,b){return Array.prototype.indexOf.call(a,b,void 0)}:function
2022-12-09 04:34:45 UTC	165	IN	Data Raw: 30 30 33 63 64 3b 67 2b 2b 29 67 20 69 6e 20 66 5c 75 30 30 32 36 5c 75 30 30 32 36 28 65 5b 67 5d 5c 75 30 30 33 64 62 2e 63 61 6c 6c 28 63 2c 66 5b 67 5d 2c 67 2c 61 29 29 3b 72 65 74 75 72 6e 20 65 7d 3b 5c 6e 5f 2e 49 62 5c 75 30 30 33 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 64 75 63 65 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 64 75 63 65 2e 63 61 6c 6c 28 61 2c 62 2c 63 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 5c 75 30 30 33 64 63 3b 28 30 2c 5f 2e 47 62 29 28 61 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 66 29 7b 64 5c 75 30 30 33 64 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 2c 65 2c 66 2c 61 29 7d 29 3b 72 65 74 75 72 6e Data Ascii: 003cd;g++)g in f\u0026\u0026(e[g]\u003db.call(c,f[g],g,a));return e};\n_.Ib\u003dArray.prototype.reduce?function(a,b,c){return Array.prototype.reduce.call(a,b,c)}:function(a,b,c){var d\u003dc;(0,_.Gb)(a,function(e,f){d\u003db.call(void 0,d,e,f,a)});return
2022-12-09 04:34:45 UTC	166	IN	Data Raw: 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 5f 2e 43 29 72 65 74 75 72 6e 2f 5c 5c 62 28 3f 3a 4d 53 49 45 7c 72 76 29 5b 3a 20 5d 28 5b 5e 5c 5c 29 3b 5d 2b 29 28 5c 5c 29 7c 3b 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 5f 2e 50 62 29 72 65 74 75 72 6e 2f 57 65 62 4b 69 74 5c 5c 2f 28 5c 5c 53 2b 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 5f 2e 4c 62 29 72 65 74 75 72 6e 2f 28 3f 3a 56 65 72 73 69 6f 6e 29 5b 20 5c 5c 2f 5d 3f 28 5c 5c 53 2b 29 2f 2e 65 78 65 63 28 61 29 7d 28 29 3b 61 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 24 62 5c 75 30 30 33 64 61 63 3f 61 63 5b 31 5d 3a 5c 22 5c 22 29 3b 69 66 28 5f 2e 43 29 7b 76 61 72 20 62 63 5c 75 30 30 33 64 59 62 28 29 3b 69 66 28 6e 75 6c 6c 21 5c 75 30 30 33 64 62 63 5c 75 30 30 32 36 5c 75 30 30 32 36 62 63 Data Ascii: )/.exec(a);if(_.C)return/\\b(?:MSIE\|rv)[: ]([^\\);]+)(\\)\|;)/.exec(a);if(_.Pb)return/WebKit\\/(\\S+)/.exec(a);if(_.Lb)return/(?:Version)[ \\/]?(\\S+)/.exec(a)}();ac\u0026\u0026($b\u003dac?ac[1]:\"\");if(_.C){var bc\u003dYb();if(null!\u003dbc\u0026\u0026bc
2022-12-09 04:34:45 UTC	167	IN	Data Raw: 5f 2e 6f 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 5f 2e 6e 63 29 7b 5f 2e 6e 63 5c 75 30 30 33 64 7b 7d 3b 66 6f 72 28 76 61 72 20 61 5c 75 30 30 33 64 5c 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 5c 22 2e 73 70 6c 69 74 28 5c 22 5c 22 29 2c 62 5c 75 30 30 33 64 5b 5c 22 2b 2f 5c 75 30 30 33 64 5c 22 2c 5c 22 2b 2f 5c 22 2c 5c 22 2d 5f 5c 75 30 30 33 64 5c 22 2c 5c 22 2d 5f 2e 5c 22 2c 5c 22 2d 5f 5c 22 5d 2c 63 5c 75 30 30 33 64 30 3b 35 5c 75 30 30 33 65 63 3b 63 2b 2b 29 7b 76 61 72 20 64 5c 75 30 30 33 64 61 2e 63 6f 6e 63 61 74 28 62 5b 63 5d 2e 73 70 6c 69 74 28 5c 22 5c 22 29 29 Data Ascii: _.oc\u003dfunction(){if(!_.nc){_.nc\u003d{};for(var a\u003d\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\".split(\"\"),b\u003d[\"+/\u003d\",\"+/\",\"-_\u003d\",\"-_.\",\"-_\"],c\u003d0;5\u003ec;c++){var d\u003da.concat(b[c].split(\"\"))
2022-12-09 04:34:45 UTC	169	IN	Data Raw: 63 3b 72 65 74 75 72 6e 20 61 2e 79 62 7c 7c 28 61 2e 79 62 5c 75 30 30 33 64 61 2e 79 61 5b 62 5d 5c 75 30 30 33 64 7b 7d 29 7d 3b 5f 2e 44 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 2d 31 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 62 3f 6e 75 6c 6c 3a 62 5c 75 30 30 33 65 5c 75 30 30 33 64 61 2e 6a 3f 61 2e 79 62 3f 61 2e 79 62 5b 62 5d 3a 76 6f 69 64 20 30 3a 63 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 79 62 5c 75 30 30 32 36 5c 75 30 30 32 36 28 63 5c 75 30 30 33 64 61 2e 79 62 5b 62 5d 2c 6e 75 6c 6c 21 5c 75 30 30 33 64 63 29 3f 63 3a 61 2e 79 61 5b 62 2b 61 2e 47 63 5d 7d 3b 5f 2e 72 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 5f 2e 77 63 28 61 29 3b 72 65 74 75 72 6e Data Ascii: c;return a.yb\|\|(a.yb\u003da.ya[b]\u003d{})};_.D\u003dfunction(a,b,c){return-1\u003d\u003d\u003db?null:b\u003e\u003da.j?a.yb?a.yb[b]:void 0:c\u0026\u0026a.yb\u0026\u0026(c\u003da.yb[b],null!\u003dc)?c:a.ya[b+a.Gc]};_.r\u003dfunction(a,b,c,d){_.wc(a);return
2022-12-09 04:34:45 UTC	170	IN	Data Raw: 75 30 30 32 36 5c 75 30 30 32 36 28 61 2e 56 61 5b 62 5d 5c 75 30 30 33 64 76 6f 69 64 20 30 29 2c 65 5c 75 30 30 33 64 5f 2e 75 63 3b 72 65 74 75 72 6e 20 5f 2e 4e 61 28 61 2c 62 2c 65 2c 64 29 7d 3b 5f 2e 41 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 5c 75 30 30 33 64 5f 2e 44 28 61 2c 62 29 3b 72 65 74 75 72 6e 20 5f 2e 4f 61 28 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 61 3a 2b 61 2c 76 6f 69 64 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 63 3f 30 3a 63 29 7d 3b 5f 2e 42 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 4f 61 28 5f 2e 44 28 61 2c 62 29 0d 0a Data Ascii: u0026\u0026(a.Va[b]\u003dvoid 0),e\u003d_.uc;return _.Na(a,b,e,d)};_.Ac\u003dfunction(a,b,c){a\u003d_.D(a,b);return _.Oa(null\u003d\u003da?a:+a,void 0\u003d\u003d\u003dc?0:c)};_.Bc\u003dfunction(a,b,c){return _.Oa(_.D(a,b)
2022-12-09 04:34:45 UTC	170	IN	Data Raw: 35 63 30 66 0d 0a 2c 76 6f 69 64 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 63 3f 30 3a 63 29 7d 3b 5c 6e 5f 2e 47 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 5f 2e 43 61 29 3b 5f 2e 43 61 5c 75 30 30 33 64 76 6f 69 64 20 30 3b 76 61 72 20 64 5c 75 30 30 33 64 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6f 7c 7c 30 2c 65 5c 75 30 30 33 64 30 5c 75 30 30 33 63 64 2c 66 5c 75 30 30 33 64 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6a 2c 67 5c 75 30 30 33 64 21 31 3b 69 66 28 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 29 7b 61 5c 75 30 30 33 64 66 3f 5b 66 5d 3a 5b 5d 3b 76 61 72 20 68 5c Data Ascii: 5c0f,void 0\u003d\u003d\u003dc?0:c)};\n_.G\u003dfunction(a,b,c){null\u003d\u003da\u0026\u0026(a\u003d_.Ca);_.Ca\u003dvoid 0;var d\u003dthis.constructor.o\|\|0,e\u003d0\u003cd,f\u003dthis.constructor.j,g\u003d!1;if(null\u003d\u003da){a\u003df?[f]:[];var h\
2022-12-09 04:34:45 UTC	171	IN	Data Raw: 30 30 33 63 65 3f 28 67 2b 5c 75 30 30 33 64 74 68 69 73 2e 47 63 2c 28 64 5c 75 30 30 33 64 61 5b 67 5d 29 3f 59 61 28 64 2c 62 29 3a 61 5b 67 5d 5c 75 30 30 33 64 5f 2e 75 63 29 3a 28 78 7c 7c 28 78 5c 75 30 30 33 64 4d 61 28 74 68 69 73 29 29 2c 28 64 5c 75 30 30 33 64 78 5b 67 5d 29 3f 59 61 28 64 2c 62 29 3a 78 5b 67 5d 5c 75 30 30 33 64 5f 2e 75 63 29 7d 7d 3b 5f 2e 6b 5c 75 30 30 33 64 5f 2e 47 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6b 2e 74 6f 4a 53 4f 4e 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 5c 75 30 30 33 64 74 68 69 73 2e 79 61 3b 72 65 74 75 72 6e 20 74 63 3f 61 3a 5f 2e 48 61 28 61 2c 4b 61 2c 4c 61 29 7d 3b 5c 6e 5f 2e 6b 2e 45 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 63 5c 75 30 30 33 64 21 30 3b Data Ascii: 003ce?(g+\u003dthis.Gc,(d\u003da[g])?Ya(d,b):a[g]\u003d_.uc):(x\|\|(x\u003dMa(this)),(d\u003dx[g])?Ya(d,b):x[g]\u003d_.uc)}};_.k\u003d_.G.prototype;_.k.toJSON\u003dfunction(){var a\u003dthis.ya;return tc?a:_.Ha(a,Ka,La)};\n_.k.Ea\u003dfunction(){tc\u003d!0;
2022-12-09 04:34:45 UTC	172	IN	Data Raw: 2e 4d 61 2e 73 68 69 66 74 28 29 28 29 7d 3b 5c 6e 76 61 72 20 4d 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 48 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 5b 5d 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 7b 7d 7d 3b 5f 2e 77 28 4d 63 2c 5f 2e 48 29 3b 4d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 73 6f 6c 76 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 74 68 69 73 2e 41 3b 61 5c 75 30 30 33 64 61 2e 73 70 6c 69 74 28 5c 22 2e 5c 22 29 3b 66 6f 72 28 76 61 72 20 63 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 2c 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 63 3b 2b 2b 64 29 69 66 28 62 5b 61 5b 64 5d 5d 29 62 5c 75 30 30 33 64 Data Ascii: .Ma.shift()()};\nvar Mc\u003dfunction(a){_.H.call(this);this.A\u003da;this.j\u003d[];this.o\u003d{}};_.w(Mc,_.H);Mc.prototype.resolve\u003dfunction(a){var b\u003dthis.A;a\u003da.split(\".\");for(var c\u003da.length,d\u003d0;d\u003cc;++d)if(b[a[d]])b\u003d
2022-12-09 04:34:45 UTC	174	IN	Data Raw: 7d 3b 5f 2e 51 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 5c 75 30 30 32 36 5c 75 30 30 32 36 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 5c 75 30 30 32 36 5c 75 30 30 32 36 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 5c 22 4c 6f 67 20 64 61 74 61 3a 20 5c 22 2c 74 68 69 73 2e 64 61 74 61 29 7d 3b 5f 2e 51 63 2e 70 72 6f 74 6f 74 79 70 65 2e 45 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5b 5d 2c 63 3b 66 6f 72 28 63 20 69 6e 20 74 68 69 73 2e 64 61 74 61 29 62 2e 70 75 73 68 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 63 29 2b 5c 22 5c 75 30 30 33 64 5c 22 2b 65 6e 63 6f 64 65 55 52 Data Ascii: };_.Qc.prototype.j\u003dfunction(){window.console\u0026\u0026window.console.log\u0026\u0026window.console.log(\"Log data: \",this.data)};_.Qc.prototype.Ea\u003dfunction(a){var b\u003d[],c;for(c in this.data)b.push(encodeURIComponent(c)+\"\u003d\"+encodeUR
2022-12-09 04:34:45 UTC	175	IN	Data Raw: 28 65 29 7b 65 2e 5f 73 6e 5c 75 30 30 32 36 5c 75 30 30 32 36 28 65 2e 5f 73 6e 5c 75 30 30 33 64 5c 22 6f 67 2e 5c 22 2b 65 2e 5f 73 6e 29 3b 66 6f 72 28 76 61 72 20 66 20 69 6e 20 65 29 74 68 69 73 2e 64 61 74 61 5b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 66 29 5d 5c 75 30 30 33 64 65 5b 66 5d 7d 7d 3b 5f 2e 77 28 5f 2e 53 63 2c 52 63 29 3b 5c 6e 76 61 72 20 54 63 3b 5f 2e 55 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 6f 69 64 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 54 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 54 63 5c 75 30 30 33 64 5f 2e 44 62 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 29 29 3b 72 65 74 75 72 6e 20 54 63 7d 3b 5c 6e 5f 2e 58 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 Data Ascii: (e){e._sn\u0026\u0026(e._sn\u003d\"og.\"+e._sn);for(var f in e)this.data[encodeURIComponent(f)]\u003de[f]}};_.w(_.Sc,Rc);\nvar Tc;_.Uc\u003dfunction(){void 0\u003d\u003d\u003dTc\u0026\u0026(Tc\u003d_.Db(\"ogb-qtm#html\"));return Tc};\n_.Xc\u003dfunction(a
2022-12-09 04:34:45 UTC	176	IN	Data Raw: 5c 75 30 30 33 64 2f 5e 28 3f 3a 28 3f 3a 68 74 74 70 73 3f 7c 6d 61 69 6c 74 6f 7c 66 74 70 29 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 5c 6e 5f 2e 68 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 63 64 29 72 65 74 75 72 6e 20 61 3b 61 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 52 62 3f 61 2e 77 62 28 29 3a 53 74 72 69 6e 67 28 61 29 3b 66 64 2e 74 65 73 74 28 61 29 3f 61 5c 75 30 30 33 64 5f 2e 67 64 28 61 29 3a 28 61 5c 75 30 30 33 64 53 74 72 69 6e 67 28 61 29 2e 72 65 70 6c 61 63 65 28 2f 28 25 30 41 7c 25 30 44 29 2f 67 2c 5c 22 5c 22 29 2c 61 5c Data Ascii: \u003d/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;\n_.hd\u003dfunction(a){if(a instanceof _.cd)return a;a\u003d\"object\"\u003d\u003dtypeof a\u0026\u0026a.Rb?a.wb():String(a);fd.test(a)?a\u003d_.gd(a):(a\u003dString(a).replace(/(%0A\|%0D)/g,\"\"),a\
2022-12-09 04:34:45 UTC	177	IN	Data Raw: 2e 25 23 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2c 20 5d 2b 5c 5c 5c 5c 29 5c 22 2c 5c 22 67 5c 22 29 3b 5c 6e 76 61 72 20 72 64 3b 72 64 5c 75 30 30 33 64 7b 7d 3b 5f 2e 73 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 6a 5c 75 30 30 33 64 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 72 64 3f 61 3a 5c 22 5c 22 3b 74 68 69 73 2e 52 62 5c 75 30 30 33 64 21 30 7d 3b 5f 2e 73 64 2e 70 72 6f 74 6f 74 79 70 65 2e 77 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6a 2e 74 6f 53 74 72 69 6e 67 28 29 7d 3b 5f 2e 73 64 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6a 2e 74 6f 53 74 72 69 6e Data Ascii: .%#\\\\[\\\\], ]+\\\\)\",\"g\");\nvar rd;rd\u003d{};_.sd\u003dfunction(a,b){this.j\u003db\u003d\u003d\u003drd?a:\"\";this.Rb\u003d!0};_.sd.prototype.wb\u003dfunction(){return this.j.toString()};_.sd.prototype.toString\u003dfunction(){return this.j.toStrin
2022-12-09 04:34:45 UTC	179	IN	Data Raw: 7d 61 74 28 3f 3a 20 28 3f 3a 28 2e 2a 3f 29 5c 5c 5c 5c 2e 29 3f 28 28 3f 3a 6e 65 77 20 29 3f 28 3f 3a 5b 61 2d 7a 41 2d 5a 5f 24 5d 5b 5c 5c 5c 5c 77 24 5d 2a 7c 5c 75 30 30 33 63 61 6e 6f 6e 79 6d 6f 75 73 5c 75 30 30 33 65 29 29 28 3f 3a 20 5c 5c 5c 5c 5b 61 73 20 28 5b 61 2d 7a 41 2d 5a 5f 24 5d 5b 5c 5c 5c 5c 77 24 5d 2a 29 5c 5c 5c 5c 5d 29 3f 29 3f 20 28 3f 3a 5c 5c 5c 5c 28 75 6e 6b 6e 6f 77 6e 20 73 6f 75 72 63 65 5c 5c 5c 5c 29 7c 5c 5c 5c 5c 28 6e 61 74 69 76 65 5c 5c 5c 5c 29 7c 5c 5c 5c 5c 28 28 3f 3a 65 76 61 6c 20 61 74 20 29 3f 28 28 3f 3a 68 74 74 70 7c 68 74 74 70 73 7c 66 69 6c 65 29 3a 2f 2f 5b 5e 5c 5c 5c 5c 73 29 5d 2b 7c 6a 61 76 61 73 63 72 69 70 74 3a 2e 2a 29 5c 5c 5c 5c 29 7c 28 28 3f 3a 68 74 74 70 7c 68 74 74 70 73 7c 66 69 Data Ascii: }at(?: (?:(.?)\\\\.)?((?:new )?(?:[a-zA-Z_$][\\\\w$]\|\u003canonymous\u003e))(?: \\\\[as ([a-zA-Z_$][\\\\w$])\\\\])?)? (?:\\\$unknown source\\\$\|\\\$native\\\$\|\\\$(?:eval at )?((?:http\|https\|file)://[^\\\\s)]+\|javascript:.)\\\$\|((?:http\|https\|fi
2022-12-09 04:34:45 UTC	180	IN	Data Raw: 30 30 33 63 65 3b 64 2b 2b 29 62 5b 64 5d 2e 6a 28 63 2e 6a 2c 61 29 3b 64 65 6c 65 74 65 20 63 2e 6f 5b 61 5d 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 20 69 6e 20 61 2e 6a 29 72 65 74 75 72 6e 20 61 2e 6a 5b 62 5d 3b 74 68 72 6f 77 20 6e 65 77 20 4c 64 28 62 29 3b 7d 3b 5f 2e 49 64 2e 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 48 64 28 5f 2e 49 64 29 7d 3b 76 61 72 20 4e 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 61 61 2e 63 61 6c 6c 28 74 68 69 73 29 7d 3b 5f 2e 77 28 4e 64 2c 5f 2e 61 61 29 3b 76 61 72 20 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 61 61 2e 63 61 6c 6c 28 74 68 69 73 29 7d 3b 5f 2e 77 28 4a 64 2c 4e 64 29 3b 76 Data Ascii: 003ce;d++)b[d].j(c.j,a);delete c.o[a]}};_.Md\u003dfunction(a,b){if(b in a.j)return a.j[b];throw new Ld(b);};_.Id.j\u003dfunction(){return _.Hd(_.Id)};var Nd\u003dfunction(){_.aa.call(this)};_.w(Nd,_.aa);var Jd\u003dfunction(){_.aa.call(this)};_.w(Jd,Nd);v
2022-12-09 04:34:45 UTC	181	IN	Data Raw: 2e 6f 67 77 2c 64 65 6c 65 74 65 20 66 2e 6f 67 77 29 3b 5c 22 76 65 64 5c 22 69 6e 20 66 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 68 69 73 2e 64 61 74 61 2e 76 65 64 5c 75 30 30 33 64 66 2e 76 65 64 2c 64 65 6c 65 74 65 20 66 2e 76 65 64 29 3b 61 5c 75 30 30 33 64 5b 5d 3b 66 6f 72 28 76 61 72 20 67 20 69 6e 20 66 29 30 21 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 70 75 73 68 28 5c 22 2c 5c 22 29 2c 61 2e 70 75 73 68 28 55 64 28 67 29 29 2c 61 2e 70 75 73 68 28 5c 22 2e 5c 22 29 2c 61 2e 70 75 73 68 28 55 64 28 66 5b 67 5d 29 29 3b 66 5c 75 30 30 33 64 61 2e 6a 6f 69 6e 28 5c 22 5c 22 29 3b 5c 22 5c 22 21 5c 75 30 30 33 64 66 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 68 69 73 2e 64 61 74 61 2e 6f 67 61 64 5c 75 Data Ascii: .ogw,delete f.ogw);\"ved\"in f\u0026\u0026(this.data.ved\u003df.ved,delete f.ved);a\u003d[];for(var g in f)0!\u003da.length\u0026\u0026a.push(\",\"),a.push(Ud(g)),a.push(\".\"),a.push(Ud(f[g]));f\u003da.join(\"\");\"\"!\u003df\u0026\u0026(this.data.ogad\u
2022-12-09 04:34:45 UTC	182	IN	Data Raw: 65 77 20 63 65 28 61 2c 62 2c 63 29 29 3b 64 65 28 74 68 69 73 29 7d 3b 5f 2e 62 65 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 73 6f 6c 76 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 74 68 69 73 2e 42 61 7c 7c 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 74 68 69 73 2e 6a 29 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 4a 5c 22 29 3b 74 68 69 73 2e 42 61 5c 75 30 30 33 64 61 3b 64 65 28 74 68 69 73 29 7d 3b 5f 2e 62 65 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 6a 65 63 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 74 68 69 73 2e 42 61 7c 7c 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 74 Data Ascii: ew ce(a,b,c));de(this)};_.be.prototype.resolve\u003dfunction(a){if(void 0!\u003d\u003dthis.Ba\|\|void 0!\u003d\u003dthis.j)throw Error(\"J\");this.Ba\u003da;de(this)};_.be.prototype.reject\u003dfunction(a){if(void 0!\u003d\u003dthis.Ba\|\|void 0!\u003d\u003dt
2022-12-09 04:34:45 UTC	184	IN	Data Raw: 57 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 41 7d 3b 5f 2e 6b 2e 56 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6f 7d 3b 5f 2e 49 2e 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 48 64 28 5f 2e 49 29 7d 3b 5c 6e 76 61 72 20 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 47 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 77 28 65 65 2c 5f 2e 47 29 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 46 28 5f 2e 66 65 2c 5f 2e 4b 63 2c 31 29 7d 3b 5f 2e 68 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 46 28 5f 2e 66 65 2c 5f 2e 4c 63 Data Ascii: Wh\u003dfunction(){return this.A};_.k.Vh\u003dfunction(){return this.o};_.I.j\u003dfunction(){return _.Hd(_.I)};\nvar ee\u003dfunction(a){_.G.call(this,a)};_.w(ee,_.G);_.ge\u003dfunction(){return _.F(_.fe,_.Kc,1)};_.he\u003dfunction(){return _.F(_.fe,_.Lc
2022-12-09 04:34:45 UTC	185	IN	Data Raw: 65 29 3b 5c 6e 76 61 72 20 6d 65 5c 75 30 30 33 64 5f 2e 68 65 28 29 7c 7c 6e 65 77 20 5f 2e 4c 63 3b 77 69 6e 64 6f 77 2e 5f 5f 50 56 54 5c 75 30 30 33 64 5f 2e 75 28 5f 2e 44 28 6d 65 2c 38 29 29 3b 5f 2e 4b 64 28 5c 22 65 71 5c 22 2c 5f 2e 6b 65 29 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 6e 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 47 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 77 28 6e 65 2c 5f 2e 47 29 3b 5c 6e 76 61 72 20 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 48 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 5b 5d 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 5b 5d 7d 3b 5f 2e 77 Data Ascii: e);\nvar me\u003d_.he()\|\|new _.Lc;window.__PVT\u003d_.u(_.D(me,8));_.Kd(\"eq\",_.ke);\n\n}catch(e){_._DumpException(e)}\ntry{\nvar ne\u003dfunction(a){_.G.call(this,a)};_.w(ne,_.G);\nvar oe\u003dfunction(){_.H.call(this);this.o\u003d[];this.j\u003d[]};_.w
2022-12-09 04:34:45 UTC	186	IN	Data Raw: 69 74 79 3a 30 7d 35 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 67 62 5f 5f 61 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 35 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 61 2e 67 62 5f 33 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 34 32 38 35 66 34 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 2d 77 65 62 6b 69 74 2d 75 73 Data Ascii: ity:0}50%{opacity:1}}@keyframes gb__a{0%{opacity:0}50%{opacity:1}}a.gb_3{border:none;color:#4285f4;cursor:default;font-weight:bold;outline:none;position:relative;text-align:center;text-decoration:none;text-transform:uppercase;white-space:nowrap;-webkit-us
2022-12-09 04:34:45 UTC	187	IN	Data Raw: 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 5c 75 30 30 33 64 23 34 33 38 37 66 64 2c 65 6e 64 43 6f 6c 6f 72 73 74 72 5c 75 30 30 33 64 23 34 36 38 33 65 61 2c 47 72 61 64 69 65 6e 74 54 79 70 65 5c 75 30 30 33 64 30 29 7d 23 67 62 20 61 2e 67 62 5f 37 2e 67 62 5f 37 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 67 62 5f 37 3a 68 6f 76 65 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 7d 2e 67 62 5f 37 3a 61 63 74 69 76 65 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 3b Data Ascii: nt(startColorstr\u003d#4387fd,endColorstr\u003d#4683ea,GradientType\u003d0)}#gb a.gb_7.gb_7{color:#fff}.gb_7:hover{-webkit-box-shadow:0 1px 0 rgba(0,0,0,.15);box-shadow:0 1px 0 rgba(0,0,0,.15)}.gb_7:active{-webkit-box-shadow:inset 0 2px 0 rgba(0,0,0,.15);
2022-12-09 04:34:45 UTC	188	IN	Data Raw: 72 74 61 6e 74 7d 2e 67 62 5f 48 61 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 5f 6c 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 67 62 5f 44 66 20 2e 67 62 5f 5a 61 7b 62 6f 74 74 6f 6d 3a 2d 33 70 78 3b 72 69 67 68 74 3a 2d 35 70 78 7d 2e 67 62 5f 45 66 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 67 62 5f 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 2d 77 65 62 6b 69 Data Ascii: rtant}.gb_Ha{visibility:hidden}.gb_ld{display:inline-block;vertical-align:middle}.gb_Df .gb_Za{bottom:-3px;right:-5px}.gb_Ef{position:relative}.gb_d{display:inline-block;outline:none;vertical-align:middle;-webkit-border-radius:2px;border-radius:2px;-webki
2022-12-09 04:34:45 UTC	190	IN	Data Raw: 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 67 62 5f 5f 61 20 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 3a 67 62 5f 5f 61 20 2e 32 73 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 74 65 78 74 7d 2e 67 62 5f 6c 64 2e 67 62 5f 71 61 20 2e 67 62 5f 38 61 2c 2e 67 62 5f 6c 64 2e 67 62 5f 71 61 20 2e 67 62 5f 39 61 2c 2e 67 62 5f 6c 64 2e 67 62 5f 71 61 20 2e 67 62 5f 49 2c 2e 67 62 5f 71 61 2e 67 62 5f 49 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 5f 6c 64 2e 67 62 5f 71 61 2e 67 62 5f 46 66 20 2e 67 62 5f 38 61 2c 2e 67 62 5f 6c 64 2e 67 62 5f 71 61 2e 67 62 5f 46 66 20 2e 67 62 5f 39 61 7b 64 69 73 70 6c Data Ascii: kit-animation:gb__a .2s;animation:gb__a .2s;-webkit-border-radius:2px;border-radius:2px;-webkit-user-select:text}.gb_ld.gb_qa .gb_8a,.gb_ld.gb_qa .gb_9a,.gb_ld.gb_qa .gb_I,.gb_qa.gb_I{display:block}.gb_ld.gb_qa.gb_Ff .gb_8a,.gb_ld.gb_qa.gb_Ff .gb_9a{displ
2022-12-09 04:34:45 UTC	191	IN	Data Raw: 62 6c 65 20 73 76 67 2c 2e 67 62 5f 58 65 20 62 75 74 74 6f 6e 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 20 73 76 67 2c 2e 67 62 5f 46 63 20 2e 67 62 5f 58 65 20 62 75 74 74 6f 6e 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 20 73 76 67 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 73 6f 6c 69 64 20 63 75 72 72 65 6e 74 63 6f 6c 6f 72 7d 7d 2e 67 62 5f 46 63 20 2e 67 62 5f 58 65 2e 67 62 5f 5a 65 20 62 75 74 74 6f 6e 3a 66 6f 63 75 73 20 73 76 67 2c 2e 67 62 5f 46 63 20 2e 67 62 5f 58 65 2e 67 62 5f 5a 65 20 62 75 74 74 6f 6e 3a 66 6f 63 75 73 3a 68 6f 76 65 72 20 73 76 67 2c 2e 67 62 5f 58 65 20 62 75 74 74 6f 6e 3a 66 6f 63 75 73 20 73 76 67 2c 2e 67 62 5f 58 65 20 62 75 74 74 6f 6e 3a 66 6f 63 75 73 3a 68 6f 76 65 72 20 73 76 67 2c 2e 67 62 5f 64 3a 66 6f 63 75 Data Ascii: ble svg,.gb_Xe button:focus-visible svg,.gb_Fc .gb_Xe button:focus-visible svg{outline:1px solid currentcolor}}.gb_Fc .gb_Xe.gb_Ze button:focus svg,.gb_Fc .gb_Xe.gb_Ze button:focus:hover svg,.gb_Xe button:focus svg,.gb_Xe button:focus:hover svg,.gb_d:focu
2022-12-09 04:34:45 UTC	192	IN	Data Raw: 64 5b 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 74 72 75 65 5d 20 2e 67 62 5f 30 65 2c 2e 67 62 5f 46 63 20 2e 67 62 5f 64 5b 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 74 72 75 65 5d 20 2e 67 62 5f 31 65 7b 66 69 6c 6c 3a 23 66 66 66 3b 6f 70 61 63 69 74 79 3a 31 7d 2e 67 62 5f 6c 64 7b 70 61 64 64 69 6e 67 3a 34 70 78 7d 2e 67 62 5f 75 61 2e 67 62 5f 56 65 20 2e 67 62 5f 6c 64 7b 70 61 64 64 69 6e 67 3a 34 70 78 20 32 70 78 7d 2e 67 62 5f 75 61 2e 67 62 5f 56 65 20 2e 67 62 5f 62 2e 67 62 5f 6c 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 36 70 78 7d 2e 67 62 5f 49 7b 7a 2d 69 6e 64 65 78 3a 39 39 31 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 7d 2e 67 62 5f 49 2e 67 62 5f 32 65 7b 6c 65 66 74 3a 38 70 78 3b 72 Data Ascii: d[aria-expanded\u003dtrue] .gb_0e,.gb_Fc .gb_d[aria-expanded\u003dtrue] .gb_1e{fill:#fff;opacity:1}.gb_ld{padding:4px}.gb_ua.gb_Ve .gb_ld{padding:4px 2px}.gb_ua.gb_Ve .gb_b.gb_ld{padding-left:6px}.gb_I{z-index:991;line-height:normal}.gb_I.gb_2e{left:8px;r
2022-12-09 04:34:45 UTC	193	IN	Data Raw: 35 65 36 64 0d 0a 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 78 2d 73 68 61 64 6f 77 20 32 35 30 6d 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 78 2d 73 68 61 64 6f 77 20 32 35 30 6d 73 7d 2e 67 62 5f 75 61 2e 67 62 5f 4f 63 7b 6d 69 6e 2d 77 69 64 74 68 3a 32 34 30 70 78 7d 2e 67 62 5f 75 61 2e 67 62 5f 4f 64 20 2e 67 62 5f 50 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 75 61 2e 67 62 5f 4f 64 20 2e 67 62 5f 51 64 7b 68 65 69 67 68 74 3a 35 36 70 78 7d 68 65 61 64 65 72 2e 67 62 5f 75 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 5f 75 61 20 73 76 67 7b 66 69 6c 6c 3a 63 75 72 72 65 6e 74 43 6f 6c 6f 72 7d 2e 67 62 5f 52 64 7b 70 6f 73 69 74 69 6f 6e 3a 66 Data Ascii: 5e6dposition:relative;-webkit-transition:box-shadow 250ms;transition:box-shadow 250ms}.gb_ua.gb_Oc{min-width:240px}.gb_ua.gb_Od .gb_Pd{display:none}.gb_ua.gb_Od .gb_Qd{height:56px}header.gb_ua{display:block}.gb_ua svg{fill:currentColor}.gb_Rd{position:f
2022-12-09 04:34:45 UTC	194	IN	Data Raw: 62 6c 65 2d 63 65 6c 6c 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 5f 37 63 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 30 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 7d 2e 67 62 5f 75 61 2e 67 62 5f 76 61 20 2e 67 62 5f 37 63 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 34 70 78 7d 2e 67 62 5f 30 64 7b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 31 20 31 20 31 30 30 25 3b 66 6c 65 78 3a 31 20 31 20 31 30 30 25 7d 2e 67 62 5f 30 64 5c 75 30 30 33 65 3a 6f 6e 6c 79 2d 63 68 69 6c 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d Data Ascii: ble-cell;width:100%}.gb_7c{padding-right:30px;-webkit-box-sizing:border-box;box-sizing:border-box;-webkit-flex:1 0 auto;flex:1 0 auto}.gb_ua.gb_va .gb_7c{padding-right:14px}.gb_0d{-webkit-flex:1 1 100%;flex:1 1 100%}.gb_0d\u003e:only-child{display:inline-
2022-12-09 04:34:45 UTC	196	IN	Data Raw: 7d 2e 67 62 5f 77 7b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 38 37 29 7d 2e 67 62 5f 75 61 20 73 76 67 2c 2e 67 62 5f 4c 63 20 73 76 67 2c 2e 67 62 5f 37 63 20 2e 67 62 5f 39 64 2c 2e 67 62 5f 57 63 20 2e 67 62 5f 39 64 7b 63 6f 6c 6f 72 3a 23 35 66 36 33 36 38 3b 6f 70 61 63 69 74 79 3a 31 7d 2e 67 62 5f 46 63 20 73 76 67 2c 2e 67 62 5f 4c 63 2e 67 62 5f 50 63 20 73 76 67 2c 2e 67 62 5f 46 63 20 2e 67 62 5f 37 63 20 2e 67 62 5f 39 64 2c 2e 67 62 5f 46 63 20 2e 67 62 5f 37 63 20 2e 67 62 5f 45 63 2c 2e 67 62 5f 46 63 20 2e 67 62 5f 37 63 20 2e 67 62 5f 39 63 2c 2e 67 62 5f 4c 63 2e 67 62 5f 50 63 20 2e 67 62 5f 39 64 7b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 38 37 29 7d 2e 67 62 5f 46 63 20 2e 67 62 5f 37 Data Ascii: }.gb_w{color:rgba(0,0,0,.87)}.gb_ua svg,.gb_Lc svg,.gb_7c .gb_9d,.gb_Wc .gb_9d{color:#5f6368;opacity:1}.gb_Fc svg,.gb_Lc.gb_Pc svg,.gb_Fc .gb_7c .gb_9d,.gb_Fc .gb_7c .gb_Ec,.gb_Fc .gb_7c .gb_9c,.gb_Lc.gb_Pc .gb_9d{color:rgba(255,255,255,0.87)}.gb_Fc .gb_7
2022-12-09 04:34:45 UTC	197	IN	Data Raw: 75 6e 64 3a 23 31 62 36 36 63 39 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 33 70 78 20 31 70 78 20 72 67 62 61 28 36 36 2c 36 34 2c 36 37 2c 2e 31 35 29 2c 30 20 31 70 78 20 32 70 78 20 30 20 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 2e 33 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 33 70 78 20 31 70 78 20 72 67 62 61 28 36 36 2c 36 34 2c 36 37 2c 2e 31 35 29 2c 30 20 31 70 78 20 32 70 78 20 30 20 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 2e 33 29 7d 2e 67 62 5f 37 2e 67 62 5f 64 65 3a 66 6f 63 75 73 2c 2e 67 62 5f 37 2e 67 62 5f 64 65 3a 68 6f 76 65 72 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 63 35 66 62 61 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 33 Data Ascii: und:#1b66c9;-webkit-box-shadow:0 1px 3px 1px rgba(66,64,67,.15),0 1px 2px 0 rgba(60,64,67,.3);box-shadow:0 1px 3px 1px rgba(66,64,67,.15),0 1px 2px 0 rgba(60,64,67,.3)}.gb_7.gb_de:focus,.gb_7.gb_de:hover:focus{background:#1c5fba;-webkit-box-shadow:0 1px 3
2022-12-09 04:34:45 UTC	198	IN	Data Raw: 30 2c 30 2c 30 2c 2e 31 35 29 2c 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 33 29 7d 23 67 62 20 2e 67 62 5f 46 63 20 61 2e 67 62 5f 64 65 3a 66 6f 63 75 73 3a 6e 6f 74 28 2e 67 62 5f 61 61 29 2c 23 67 62 20 2e 67 62 5f 46 63 20 61 2e 67 62 5f 64 65 3a 66 6f 63 75 73 3a 68 6f 76 65 72 3a 6e 6f 74 28 2e 67 62 5f 61 61 29 2c 23 67 62 2e 67 62 5f 46 63 20 61 2e 67 62 5f 64 65 3a 66 6f 63 75 73 3a 6e 6f 74 28 2e 67 62 5f 61 61 29 2c 23 67 62 2e 67 62 5f 46 63 20 61 2e 67 62 5f 64 65 3a 66 6f 63 75 73 3a 68 6f 76 65 72 3a 6e 6f 74 28 2e 67 62 5f 61 61 29 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 34 66 38 66 66 3b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 39 64 64 66 63 7d 23 67 62 20 61 2e 67 62 5f 37 2e 67 62 5f 61 61 Data Ascii: 0,0,0,.15),0 1px 2px rgba(0,0,0,.3)}#gb .gb_Fc a.gb_de:focus:not(.gb_aa),#gb .gb_Fc a.gb_de:focus:hover:not(.gb_aa),#gb.gb_Fc a.gb_de:focus:not(.gb_aa),#gb.gb_Fc a.gb_de:focus:hover:not(.gb_aa){background:#f4f8ff;outline:1px solid #c9ddfc}#gb a.gb_7.gb_aa
2022-12-09 04:34:45 UTC	199	IN	Data Raw: 33 66 63 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 38 2c 32 35 30 2c 32 35 35 2c 2e 38 38 29 7d 2e 67 62 5f 6f 61 2e 67 62 5f 61 61 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 31 2c 32 34 33 2c 32 34 34 2c 2e 30 34 29 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 35 66 36 33 36 38 7d 2e 67 62 5f 6f 61 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 67 62 5f 6f 61 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 29 3b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 73 6f 6c 69 64 20 23 32 30 32 31 32 34 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 31 70 78 20 32 70 78 20 30 70 78 Data Ascii: 3fc;background-color:rgba(248,250,255,.88)}.gb_oa.gb_aa:hover{background-color:rgba(241,243,244,.04);border:1px solid #5f6368}.gb_oa:focus-visible,.gb_oa:focus{background-color:rgba(255,255,255);outline:1px solid #202124;-webkit-box-shadow:0px 1px 2px 0px
2022-12-09 04:34:45 UTC	200	IN	Data Raw: 37 38 70 78 7d 2e 67 62 5f 6f 61 2e 67 62 5f 61 61 20 2e 67 62 5f 77 61 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 36 70 78 3b 77 69 64 74 68 3a 37 32 70 78 7d 2e 67 62 5f 49 61 7b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 33 32 70 78 20 33 32 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 33 32 70 78 20 33 32 70 78 3b 62 6f 72 64 65 72 3a 30 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 68 65 69 67 68 74 3a 33 32 70 78 3b 77 69 64 74 68 3a 33 32 70 78 3b 7a 2d 69 6e 64 65 78 3a 30 7d 2e 67 62 5f 4a 61 7b Data Ascii: 78px}.gb_oa.gb_aa .gb_wa{max-height:26px;width:72px}.gb_Ia{-webkit-background-size:32px 32px;background-size:32px 32px;border:0;-webkit-border-radius:50%;border-radius:50%;display:block;margin:0px;position:relative;height:32px;width:32px;z-index:0}.gb_Ja{
2022-12-09 04:34:45 UTC	202	IN	Data Raw: 6d 3a 73 63 61 6c 65 28 30 2e 34 31 36 36 36 36 36 36 37 29 7d 7d 2e 67 62 5f 49 61 3a 68 6f 76 65 72 2c 2e 67 62 5f 49 61 3a 66 6f 63 75 73 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 7d 2e 67 62 5f 49 61 3a 61 63 74 69 76 65 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 7d 2e 67 62 5f 49 61 3a 61 63 74 69 76 65 3a 3a 61 66 74 65 72 7b 62 61 63 6b Data Ascii: m:scale(0.416666667)}}.gb_Ia:hover,.gb_Ia:focus{-webkit-box-shadow:0 1px 0 rgba(0,0,0,.15);box-shadow:0 1px 0 rgba(0,0,0,.15)}.gb_Ia:active{-webkit-box-shadow:inset 0 2px 0 rgba(0,0,0,.15);box-shadow:inset 0 2px 0 rgba(0,0,0,.15)}.gb_Ia:active::after{back
2022-12-09 04:34:45 UTC	203	IN	Data Raw: 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 31 70 78 20 32 70 78 20 30 70 78 20 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 2e 33 30 29 2c 30 70 78 20 31 70 78 20 33 70 78 20 31 70 78 20 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 31 70 78 20 32 70 78 20 30 70 78 20 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 2e 33 30 29 2c 30 70 78 20 31 70 78 20 33 70 78 20 31 70 78 20 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 2e 31 35 29 3b 6d 61 72 67 69 6e 3a 32 70 78 7d 2e 67 62 5f 56 61 7b 66 69 6c 6c 3a 23 66 39 61 62 30 30 7d 2e 67 62 5f 61 61 20 2e 67 62 5f 56 61 7b 66 69 6c 6c 3a 23 66 Data Ascii: der-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Va{fill:#f9ab00}.gb_aa .gb_Va{fill:#f
2022-12-09 04:34:45 UTC	204	IN	Data Raw: 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 32 70 78 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 7d 2e 67 62 5f 6a 65 20 2e 67 62 5f 78 63 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 51 64 20 2e 67 62 5f 79 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 36 70 78 7d 2e 67 62 5f 37 63 2e 67 62 5f 38 63 20 2e 67 62 5f 79 63 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 70 78 7d 2e 67 62 5f 37 63 20 2e 67 62 5f 79 63 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 32 70 78 7d 2e 67 62 5f 7a 63 2e 67 62 5f 6b 65 7b 64 69 72 65 63 74 69 6f 6e 3a 6c Data Ascii: y:inline-block;position:relative;top:2px;-webkit-user-select:none}.gb_je .gb_xc{display:none}.gb_Qd .gb_yc{line-height:normal;position:relative;padding-left:16px}.gb_7c.gb_8c .gb_yc{padding-left:0px}.gb_7c .gb_yc{padding-left:12px}.gb_zc.gb_ke{direction:l
2022-12-09 04:34:45 UTC	205	IN	Data Raw: 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 73 76 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 64 61 72 6b 5f 63 6c 72 5f 37 34 78 32 34 70 78 2e 73 76 67 5c 75 30 30 32 37 29 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 77 68 69 74 65 2d 6f 6e 2d 62 6c 61 63 6b 29 7b 2e 67 62 5f 38 64 20 2e 67 62 5f 7a 63 20 2e 67 62 5f 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 5c 75 30 30 32 37 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 73 76 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f Data Ascii: ://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_dark_clr_74x24px.svg\u0027)}}@media screen and (-ms-high-contrast:white-on-black){.gb_8d .gb_zc .gb_le:before{content:url(\u0027https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_
2022-12-09 04:34:45 UTC	207	IN	Data Raw: 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 2e 31 32 29 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 2e 67 62 5f 45 63 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 2e 30 38 29 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 2e 67 62 5f 46 63 20 2e 67 62 5f 45 63 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 33 32 2c 32 33 34 2c 32 33 37 2c 2e 30 38 29 7d 2e 67 62 5f 46 63 20 2e 67 62 5f 45 63 3a 66 6f 63 75 73 2c 2e 67 62 5f 46 63 20 2e 67 62 5f 45 63 3a 66 6f 63 75 73 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 33 32 2c 32 33 34 2c 32 33 37 2c 2e 31 29 7d 2e 67 62 5f 46 63 20 2e 67 Data Ascii: nd-color:rgba(60,64,67,.12);outline:none}.gb_Ec:hover{background-color:rgba(60,64,67,.08);outline:none}.gb_Fc .gb_Ec:hover{background-color:rgba(232,234,237,.08)}.gb_Fc .gb_Ec:focus,.gb_Fc .gb_Ec:focus:hover{background-color:rgba(232,234,237,.1)}.gb_Fc .g
2022-12-09 04:34:45 UTC	208	IN	Data Raw: 30 20 31 36 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 38 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 36 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 38 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 74 72 61 6e 73 66 6f 72 6d 20 2e 32 35 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2e 30 2c 30 2e 32 2c 31 29 2c 76 69 73 69 62 69 6c 69 74 79 20 30 73 20 6c 69 6e 65 61 72 20 30 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 72 61 6e 73 66 6f 72 6d 20 2e 32 35 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2e 30 2c 30 2e 32 2c 31 29 2c 76 69 73 69 62 69 6c 69 74 79 20 30 73 20 6c 69 6e 65 61 72 20 30 73 7d 2e 67 62 5f 4c 63 2e 67 62 5f 50 63 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 Data Ascii: 0 16px rgba(0,0,0,.28);box-shadow:0 0 16px rgba(0,0,0,.28);-webkit-transition:transform .25s cubic-bezier(0.4,0.0,0.2,1),visibility 0s linear 0s;transition:transform .25s cubic-bezier(0.4,0.0,0.2,1),visibility 0s linear 0s}.gb_Lc.gb_Pc{background-color:rg
2022-12-09 04:34:45 UTC	209	IN	Data Raw: 74 28 2e 67 62 5f 76 61 29 20 2e 67 62 5f 30 63 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 36 70 78 7d 2e 67 62 5f 4c 63 3a 6e 6f 74 28 2e 67 62 5f 76 61 29 20 2e 67 62 5f 5a 63 2c 2e 67 62 5f 4c 63 3a 6e 6f 74 28 2e 67 62 5f 76 61 29 20 2e 67 62 5f 30 63 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 34 70 78 7d 2e 67 62 5f 5a 63 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 7d 2e 67 62 5f 50 63 20 2e 67 62 5f 5a 63 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 32 33 32 2c 32 33 34 2c 32 33 37 2c 2e 30 38 29 7d 2e 67 62 5f 5a 63 2e 67 62 5f 44 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b Data Ascii: t(.gb_va) .gb_0c{padding-left:16px}.gb_Lc:not(.gb_va) .gb_Zc,.gb_Lc:not(.gb_va) .gb_0c{padding-left:24px}.gb_Zc:hover{background:rgba(0,0,0,.12)}.gb_Pc .gb_Zc:hover{background:rgba(232,234,237,.08)}.gb_Zc.gb_Da{background:rgba(0,0,0,.12);font-weight:bold;
2022-12-09 04:34:45 UTC	210	IN	Data Raw: 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 67 62 5f 57 63 20 2e 67 62 5f 58 63 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 5f 57 63 20 2e 67 62 5f 58 63 20 2e 67 62 5f 6c 64 7b 66 6c 6f 61 74 3a 72 69 67 68 74 7d 2e 67 62 5f 75 61 2e 67 62 5f 76 61 20 2e 67 62 5f 57 63 20 2e 67 62 5f 58 63 7b 70 61 64 64 69 6e 67 3a 34 70 78 7d 2e 67 62 5f 75 61 3a 6e 6f 74 28 2e 67 62 5f 76 61 29 20 2e 67 62 5f 57 63 20 2e 67 62 5f 58 63 7b 70 61 64 64 69 6e 67 3a 38 70 78 7d 2e 67 62 5f 57 63 20 2e 67 62 5f 4e 61 7b 77 69 64 74 68 3a 34 30 70 78 7d 2e 67 62 5f 57 63 20 2e 67 62 5f 51 61 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a Data Ascii: al-align:middle}.gb_Wc .gb_Xc{background-color:#f5f5f5;display:block}.gb_Wc .gb_Xc .gb_ld{float:right}.gb_ua.gb_va .gb_Wc .gb_Xc{padding:4px}.gb_ua:not(.gb_va) .gb_Wc .gb_Xc{padding:8px}.gb_Wc .gb_Na{width:40px}.gb_Wc .gb_Qa{position:absolute;right:0;top:
2022-12-09 04:34:45 UTC	211	IN	Data Raw: 65 73 73 65 64 5c 75 30 30 33 64 74 72 75 65 5d 20 2e 67 62 5f 42 66 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 2e 31 29 7d 2e 67 62 5f 43 66 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 32 35 70 78 3b 68 65 69 67 68 74 3a 32 35 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 2c 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 34 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 Data Ascii: essed\u003dtrue] .gb_Bf{background-color:rgba(255,255,255,.1)}.gb_Cf{position:absolute;width:25px;height:25px;-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0 0 2px rgba(0,0,0,.12),0 2px 4px rgba(0,0,0,.24);box-shadow:0 0 2px rgba(0,0,0,.1
2022-12-09 04:34:45 UTC	213	IN	Data Raw: 31 34 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 35 70 78 20 35 70 78 20 2d 33 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 30 70 78 20 38 70 78 20 31 30 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 34 29 2c 30 70 78 20 33 70 78 20 31 34 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 32 34 70 78 3b 74 6f 70 3a 34 38 70 78 7d 2e 67 62 5f 6e 66 2c 2e 67 62 5f 6f 66 2c 2e 67 62 5f 70 66 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 4b 65 7b 68 65 69 67 68 74 3a 34 38 70 78 3b 6d 61 78 2d 77 69 64 74 68 3a 37 32 Data Ascii: 14px 2px rgba(0,0,0,.12);box-shadow:0px 5px 5px -3px rgba(0,0,0,.2),0px 8px 10px 1px rgba(0,0,0,.14),0px 3px 14px 2px rgba(0,0,0,.12);overflow-y:hidden;position:absolute;right:24px;top:48px}.gb_nf,.gb_of,.gb_pf{display:none}.gb_Ke{height:48px;max-width:72
2022-12-09 04:34:45 UTC	214	IN	Data Raw: 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 7d 2e 67 62 5f 75 66 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 6f 70 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 32 35 30 6d 73 20 65 61 73 65 2d 6f 75 74 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 32 35 30 6d 73 20 65 61 73 65 2d 6f 75 74 7d 2e 67 62 5f 76 66 20 2e 67 62 5f 75 66 7b 72 69 67 68 74 3a 34 34 70 78 7d 2e 67 62 5f 75 66 2e 67 62 5f 77 66 7b 76 69 73 69 62 69 6c 69 74 79 3a 69 6e 68 65 72 69 74 7d 2e 67 62 5f 69 66 3a 3a 2d 6d 73 2d 63 6c 65 61 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 Data Ascii: on:absolute;top:0}.gb_uf{position:absolute;right:0;cursor:default;visibility:hidden;top:0;-webkit-transition:opacity 250ms ease-out;transition:opacity 250ms ease-out}.gb_vf .gb_uf{right:44px}.gb_uf.gb_wf{visibility:inherit}.gb_if::-ms-clear{display:none;h
2022-12-09 04:34:45 UTC	215	IN	Data Raw: 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 67 62 5f 58 65 2e 67 62 5f 4a 65 2e 67 62 5f 50 20 2e 67 62 5f 72 66 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 58 65 2e 67 62 5f 4a 65 20 2e 67 62 5f 72 66 7b 70 61 64 64 69 6e 67 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 73 74 61 74 69 63 7d 2e 67 62 5f 58 65 2e 67 62 5f 4a 65 2e 67 62 5f 50 20 2e 67 62 5f 74 66 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 5f 75 61 2e 67 62 5f 52 63 20 2e 67 62 5f 50 64 2e 67 62 5f 49 65 3a 6e 6f 74 28 2e 67 62 5f 4a 65 29 20 2e 67 62 5f 4b 65 2c 2e 67 62 5f 75 61 2e 67 62 5f 52 63 20 2e 67 62 5f 50 64 2e 67 62 5f 4c 65 2e 67 62 5f 4d 65 3a 6e 6f 74 28 2e 67 62 5f 4a 65 29 20 2e 67 62 5f 4b 65 2c 2e 67 62 5f Data Ascii: :0;position:absolute;width:auto}.gb_Xe.gb_Je.gb_P .gb_rf{display:none}.gb_Xe.gb_Je .gb_rf{padding:0;position:static}.gb_Xe.gb_Je.gb_P .gb_tf{display:block}.gb_ua.gb_Rc .gb_Pd.gb_Ie:not(.gb_Je) .gb_Ke,.gb_ua.gb_Rc .gb_Pd.gb_Le.gb_Me:not(.gb_Je) .gb_Ke,.gb_
2022-12-09 04:34:45 UTC	216	IN	Data Raw: 5f 37 63 2c 2e 67 62 5f 51 64 2e 67 62 5f 56 64 2e 67 62 5f 57 64 5c 75 30 30 33 65 2e 67 62 5f 37 63 7b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 67 62 5f 75 61 2e 67 62 5f 76 61 20 2e 67 62 5f 30 64 2c 2e 67 62 5f 51 64 2e 67 62 5f 56 64 2e 67 62 5f 57 64 5c 75 30 30 33 65 2e 67 62 5f 30 64 7b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 7d 73 65 6e 74 69 6e 65 6c 7b 7d 22 7d 7d 2c 22 70 61 67 65 5f 74 69 74 6c 65 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 70 61 67 65 2d 74 69 74 6c 65 22 2c 22 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 5f 70 6c 61 63 65 68 Data Ascii: _7c,.gb_Qd.gb_Vd.gb_Wd\u003e.gb_7c{-webkit-flex:1 1 auto;flex:1 1 auto;overflow:hidden}.gb_ua.gb_va .gb_0d,.gb_Qd.gb_Vd.gb_Wd\u003e.gb_0d{-webkit-flex:0 0 auto;flex:0 0 auto}sentinel{}"}},"page_title_placeholder_label":"page-title","product_control_placeh
2022-12-09 04:34:45 UTC	217	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49741	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-09 04:34:45 UTC	217	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-12-09 04:34:45 UTC	217	IN	HTTP/1.1 200 OK Version: 492505354 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 BFCache-Opt-In: unload Permissions-Policy: unload=() Origin-Trial: AqRrpS1jM/HOs1rGR0CnXerKEP/QFz7qj9ApDSZqAO+0U+KcT/h/lxA6akW4ar0kT0V1bw5MD4t8O7L7OFwM5gUAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY3ODIzMzU5OX0= Content-Disposition: attachment; filename="f.txt" Date: Fri, 09 Dec 2022 04:34:45 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: CONSENT=PENDING+291; expires=Sun, 08-Dec-2024 04:34:45 GMT; path=/; domain=.google.com; Secure P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 09 Dec 2022 04:34:45 GMT Connection: close Transfer-Encoding: chunked
2022-12-09 04:34:45 UTC	218	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2022-12-09 04:34:45 UTC	218	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49742	142.250.185.132	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-09 04:34:45 UTC	218	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fcdn-file-ssl-pc.ludashi.com%2Fpc%2Fpdf%2Fmini_20190902.7z&oit=3&cp=58&gs_rn=42&psi=WcOZ_6yD2WdHCjET&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJKhywEIi6vMAQj7u8wBCPq8zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-12-09 04:34:46 UTC	219	IN	HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 04:34:45 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-G4gMgFl9nqOd7ptIROI5mQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 BFCache-Opt-In: unload Permissions-Policy: unload=() Origin-Trial: AqRrpS1jM/HOs1rGR0CnXerKEP/QFz7qj9ApDSZqAO+0U+KcT/h/lxA6akW4ar0kT0V1bw5MD4t8O7L7OFwM5gUAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY3ODIzMzU5OX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: CONSENT=PENDING+577; expires=Sun, 08-Dec-2024 04:34:45 GMT; path=/; domain=.google.com; Secure P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-12-09 04:34:46 UTC	221	IN	Data Raw: 62 32 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 3a 2f 2f 63 64 6e 2d 66 69 6c 65 2d 73 73 6c 2d 70 63 2e 6c 75 64 61 73 68 69 2e 63 6f 6d 2f 70 63 2f 70 64 66 2f 6d 69 6e 69 5f 32 30 31 39 30 39 30 32 2e 37 7a 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: b2)]}'["http://cdn-file-ssl-pc.ludashi.com/pc/pdf/mini_20190902.7z",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]
2022-12-09 04:34:46 UTC	221	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49745	216.58.212.174	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-09 04:34:46 UTC	221	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiSocsBCIurzAEI+7vMAQj6vMwBCJjRzAE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
2022-12-09 04:34:46 UTC	222	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 109470 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 08 Dec 2022 22:26:36 GMT Expires: Fri, 08 Dec 2023 22:26:36 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 01 Nov 2022 15:23:57 GMT Content-Type: text/javascript; charset=UTF-8 Age: 22090 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2022-12-09 04:34:46 UTC	223	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 76 61 72 20 63 61 2c 66 61 2c 68 61 2c 69 61 2c 6b 61 2c 6c 61 2c 79 61 3b 5f 2e 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 61 61 5b 61 5d 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 3b 5f 2e 61 61 3d 5b 5d 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 3b 66 61 3d 22 66 75 6e 63 74 Data Ascii: gapi.loaded_0(function(_){var window=this;var ca,fa,ha,ia,ka,la,ya;_.ba=function(a){return function(){return _.aa[a].apply(this,arguments)}};_.aa=[];ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};fa="funct
2022-12-09 04:34:46 UTC	223	IN	Data Raw: 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 Data Ascii: ion"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==ty
2022-12-09 04:34:46 UTC	224	IN	Data Raw: 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 26 26 66 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6c 61 28 63 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 6c 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 Data Ascii: &"function"!=typeof d.prototype[a]&&fa(d.prototype,a,{configurable:!0,writable:!0,value:function(){return la(ca(this))}})}return a});la=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.pa=function(a){var b="undefined"!=typeof
2022-12-09 04:34:46 UTC	226	IN	Data Raw: 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 44 61 3d 30 3b 74 68 69 73 2e 53 65 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4c 70 3d 5b 5d 3b 74 68 69 73 2e 57 4f 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 59 42 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 59 42 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 4a 33 29 2c 72 65 Data Ascii: ar e=function(h){this.Da=0;this.Se=void 0;this.Lp=[];this.WO=!1;var k=this.YB();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.YB=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.J3),re
2022-12-09 04:34:46 UTC	227	IN	Data Raw: 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 69 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 53 65 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 46 58 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6e 75 6c 6c 21 3d 74 68 69 73 2e 4c 70 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4c 70 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 7a 4b 28 74 68 69 73 2e 4c 70 5b 68 5d 29 3b 74 68 69 73 2e 4c 70 Data Ascii: ,{cancelable:!0}):(h=ia.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.Se;return l(h)};e.prototype.FX=function(){if(null!=this.Lp){for(var h=0;h<this.Lp.length;++h)f.zK(this.Lp[h]);this.Lp
2022-12-09 04:34:46 UTC	228	IN	Data Raw: 29 2e 75 76 28 72 28 70 2e 6c 65 6e 67 74 68 2d 31 29 2c 6e 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 0a 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 49 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 6e 75 6c 6c 3d 3d 61 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f Data Ascii: ).uv(r(p.length-1),n),l=k.next();while(!l.done)})};return e});var Ia=function(a,b,c){if(null==a)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to
2022-12-09 04:34:46 UTC	229	IN	Data Raw: 6e 2e 67 65 74 28 6c 29 7c 7c 33 21 3d 6e 2e 67 65 74 28 6d 29 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e 68 61 73 28 6c 29 26 26 34 3d 3d 6e 2e 67 65 74 28 6d 29 7d 63 61 74 63 68 28 72 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 43 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 Data Ascii: n.get(l)\|\|3!=n.get(m))return!1;n.delete(l);n.set(m,4);return!n.has(l)&&4==n.get(m)}catch(r){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Ca=(h+=Math.random()+1).toStri
2022-12-09 04:34:46 UTC	230	IN	Data Raw: 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6b 3d 30 3d 3d 3d 6b 3f 30 3a 6b 3b 76 61 72 20 6d 3d 64 28 74 68 69 73 2c 6b 29 3b 6d 2e 6c 69 73 74 7c 7c 28 6d 2e 6c 69 73 74 3d 74 68 69 73 2e 50 66 5b 6d 2e 69 64 5d 3d 5b 5d 29 3b 6d 2e 46 65 3f 6d 2e 46 65 2e 76 61 6c 75 65 3d 6c 3a 28 6d 2e 46 65 3d 7b 6e 65 78 74 3a 74 68 69 73 2e 75 66 2c 4c 6a 3a 74 68 69 73 2e 75 66 2e 4c 6a 2c 68 65 61 64 3a 74 68 69 73 2e 75 66 2c 6b 65 79 3a 6b 2c 76 61 6c 75 65 3a 6c 7d 2c 6d 2e 6c 69 73 74 2e 70 75 73 68 28 6d 2e 46 65 29 2c 74 68 69 73 2e 75 66 2e 4c Data Ascii: r l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list\|\|(m.list=this.Pf[m.id]=[]);m.Fe?m.Fe.value=l:(m.Fe={next:this.uf,Lj:this.uf.Lj,head:this.uf,key:k,value:l},m.list.push(m.Fe),this.uf.L
2022-12-09 04:34:46 UTC	232	IN	Data Raw: 6e 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 72 3d 6e 5b 6b 5d 3b 69 66 28 6c 21 3d 3d 6c 26 26 72 2e 6b 65 79 21 3d 3d 72 2e 6b 65 79 7c 7c 6c 3d 3d 3d 72 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 6b 2c 46 65 3a 72 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 2d 31 2c 46 65 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 76 61 72 20 6d 3d 6b 2e 75 66 3b 72 65 74 75 72 6e 20 6c 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6d 29 7b 66 6f 72 28 3b 6d 2e 68 65 61 64 21 3d 6b 2e 75 66 3b 29 6d 3d 6d 2e 4c 6a 3b 66 6f 72 28 3b 6d 2e 6e 65 78 74 21 3d 6d 2e 68 65 61 64 3b 29 72 65 74 75 72 6e 20 6d 3d 0a 6d 2e 6e 65 78 74 2c 7b 64 6f 6e Data Ascii: n.length;k++){var r=n[k];if(l!==l&&r.key!==r.key\|\|l===r.key)return{id:m,list:n,index:k,Fe:r}}return{id:m,list:n,index:-1,Fe:void 0}},e=function(k,l){var m=k.uf;return la(function(){if(m){for(;m.head!=k.uf;)m=m.Lj;for(;m.next!=m.head;)return m=m.next,{don
2022-12-09 04:34:46 UTC	233	IN	Data Raw: 69 7a 65 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 63 3d 74 68 69 73 2e 77 61 2e 64 65 6c 65 74 65 28 63 29 3b 74 68 69 73 2e 73 69 7a 65 3d 74 68 69 73 2e 77 61 2e 73 69 7a 65 3b 72 65 74 75 72 6e 20 63 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 77 61 2e 63 6c 65 61 72 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 77 61 2e 68 61 73 28 63 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 77 61 Data Ascii: ize;return this};b.prototype.delete=function(c){c=this.wa.delete(c);this.size=this.wa.size;return c};b.prototype.clear=function(){this.wa.clear();this.size=0};b.prototype.has=function(c){return this.wa.has(c)};b.prototype.entries=function(){return this.wa
2022-12-09 04:34:46 UTC	234	IN	Data Raw: 3d 63 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 6b 7d 3b 76 61 72 20 65 3d 5b 5d 2c 66 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 62 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 66 29 7b 62 3d 66 2e 63 61 6c 6c 28 62 29 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 21 28 66 3d 62 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 66 2e 76 61 6c 75 65 2c 68 2b 2b 29 29 7d 65 6c 73 65 20 66 6f 72 28 66 3d 62 2e 6c 65 6e 67 74 68 2c 68 3d 30 3b 68 3c 66 3b 68 2b 2b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 62 5b 68 5d 2c 68 Data Ascii: =c?c:function(k){return k};var e=[],f="undefined"!=typeof Symbol&&Symbol.iterator&&b[Symbol.iterator];if("function"==typeof f){b=f.call(b);for(var h=0;!(f=b.next()).done;)e.push(c.call(d,f.value,h++))}else for(f=b.length,h=0;h<f;h++)e.push(c.call(d,b[h],h
2022-12-09 04:34:46 UTC	235	IN	Data Raw: 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 0a 6b 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 70 6c 61 63 65 41 6c 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 26 26 21 62 2e 67 6c 6f 62 61 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 70 6c 61 63 65 41 6c 6c 20 63 61 6c 6c 65 64 20 77 69 74 68 20 61 20 6e 6f 6e 2d 67 6c 6f 62 61 6c 20 52 65 67 45 78 70 20 61 72 67 75 6d 65 6e 74 2e 22 29 3b 72 65 74 75 72 6e 20 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 3f 74 68 69 73 2e 72 65 70 6c 61 63 65 28 62 2c 63 29 3a Data Ascii: isNaN(b)}});ka("String.prototype.replaceAll",function(a){return a?a:function(b,c){if(b instanceof RegExp&&!b.global)throw new TypeError("String.prototype.replaceAll called with a non-global RegExp argument.");return b instanceof RegExp?this.replace(b,c):
2022-12-09 04:34:46 UTC	237	IN	Data Raw: 7c 76 6f 69 64 20 30 3d 3d 3d 62 3f 63 3d 63 5b 64 5d 26 26 63 5b 64 5d 21 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 5b 64 5d 3f 63 5b 64 5d 3a 63 5b 64 5d 3d 7b 7d 3a 63 5b 64 5d 3d 62 7d 3b 0a 5f 2e 24 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 7d 63 2e 70 72 6f 74 6f 74 79 70 65 3d 62 2e 70 72 6f 74 6f 74 79 70 65 3b 61 2e 48 3d 62 2e 70 72 6f 74 6f 74 79 70 65 3b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 6e 65 77 20 63 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 61 3b 61 2e 58 71 3d 66 75 6e 63 74 69 6f 6e 28 64 2c 65 2c 66 29 7b 66 6f 72 28 76 61 72 20 68 3d 41 72 72 61 79 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2d 32 29 2c 6b 3d 32 3b 6b 3c 61 72 67 75 6d 65 Data Ascii: \|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};_.$a=function(a,b){function c(){}c.prototype=b.prototype;a.H=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.Xq=function(d,e,f){for(var h=Array(arguments.length-2),k=2;k<argume
2022-12-09 04:34:46 UTC	238	IN	Data Raw: 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 22 3a 69 6d 5f 73 6f 63 69 61 6c 68 6f 73 74 3a 22 3a 22 68 74 74 70 73 3a 2f 2f 70 6c 75 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 2c 64 6f 6d 61 69 6e 73 5f 73 75 67 67 65 73 74 3a 7b 75 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 75 67 67 65 73 74 2f 66 6c 6f 77 22 7d 2c 63 61 72 64 3a 7b 70 61 72 61 6d 73 3a 7b 73 3a 22 23 22 2c 75 73 65 72 69 64 3a 22 26 22 7d 2c 0a 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 68 6f 76 65 72 63 61 72 64 2f 69 6e 74 65 72 6e 61 6c 63 61 72 64 22 7d 2c 22 3a 73 69 67 6e 75 70 68 6f 73 74 3a 22 3a 22 68 74 74 70 73 3a 2f 2f 70 6c 75 73 2e 67 6f 6f 67 6c 65 2e 63 6f Data Ascii: oogle.com",":im_socialhost:":"https://plus.googleapis.com",domains_suggest:{url:"https://domains.google.com/suggest/flow"},card:{params:{s:"#",userid:"&"},url:":socialhost:/:session_prefix:_/hovercard/internalcard"},":signuphost:":"https://plus.google.co
2022-12-09 04:34:46 UTC	239	IN	Data Raw: 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 63 6f 6d 6d 65 6e 74 73 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 0a 62 6c 6f 67 67 65 72 3a 7b 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 62 6c 6f 67 67 65 72 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 79 6f 75 74 75 62 65 3a 7b 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 79 6f 75 74 75 62 65 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 72 65 70 6f 72 74 61 62 75 73 65 3a 7b 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 Data Ascii: widget/render/comments?usegapi=1"},blogger:{url:":socialhost:/:session_prefix:_/widget/render/blogger?usegapi=1"},youtube:{url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1"},reportabuse:{url:":socialhost:/:session_prefix:_/widget/rende
2022-12-09 04:34:46 UTC	240	IN	Data Raw: 5f 2e 6c 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 6f 72 28 76 61 72 20 64 20 69 6e 20 61 29 62 2e 63 61 6c 6c 28 63 2c 61 5b 64 5d 2c 64 2c 61 29 7d 3b 0a 5f 2e 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 69 66 28 61 5b 63 5d 3d 3d 62 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 3b 5f 2e 6e 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 58 61 2e 6e 61 76 69 67 61 74 6f 72 3b 72 65 74 75 72 6e 20 61 26 26 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 3f 61 3a 22 22 7d 3b 5f 2e 70 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 6f 62 28 5f 2e 6e 62 28 29 2c 61 29 7d 3b 5f 2e 71 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e Data Ascii: _.lb=function(a,b,c){for(var d in a)b.call(c,a[d],d,a)};_.mb=function(a,b){for(var c in a)if(a[c]==b)return!0;return!1};_.nb=function(){var a=_.Xa.navigator;return a&&(a=a.userAgent)?a:""};_.pb=function(a){return _.ob(_.nb(),a)};_.qb=function(){return _.
2022-12-09 04:34:46 UTC	241	IN	Data Raw: 5f 2e 48 61 29 28 30 2c 5f 2e 48 61 29 28 61 2c 62 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 22 70 72 6f 74 6f 74 79 70 65 22 21 3d 63 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 62 2c 63 29 3b 64 26 26 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 63 2c 64 29 7d 65 6c 73 65 20 61 5b 63 5d 3d 62 5b 63 5d 3b 61 2e 48 3d 62 2e 70 72 6f 74 6f 74 79 70 65 7d 3b 5f 2e 45 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 61 3b 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 21 3d 62 3f 62 3a 61 3f 41 72 72 61 79 2e 69 73 41 Data Ascii: _.Ha)(0,_.Ha)(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.H=b.prototype};_.Eb=function(a){var b=typeof a;return"object"!=b?b:a?Array.isA
2022-12-09 04:34:46 UTC	243	IN	Data Raw: 2b 29 69 66 28 63 20 69 6e 20 61 26 26 61 5b 63 5d 3d 3d 3d 62 29 72 65 74 75 72 6e 20 63 3b 72 65 74 75 72 6e 2d 31 7d 3b 0a 5f 2e 4e 62 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 2e 63 61 6c 6c 28 61 2c 62 2c 61 2e 6c 65 6e 67 74 68 2d 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 6c 65 6e 67 74 68 2d 31 3b 30 3e 63 26 26 28 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 63 29 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 61 29 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 3d 74 79 70 65 6f 66 Data Ascii: +)if(c in a&&a[c]===b)return c;return-1};_.Nb=Array.prototype.lastIndexOf?function(a,b){return Array.prototype.lastIndexOf.call(a,b,a.length-1)}:function(a,b){var c=a.length-1;0>c&&(c=Math.max(0,a.length+c));if("string"===typeof a)return"string"!==typeof
2022-12-09 04:34:46 UTC	244	IN	Data Raw: 58 61 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 62 26 26 62 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 74 72 79 7b 61 3d 62 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 67 61 70 69 23 68 74 6d 6c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 4c 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 4c 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 4c 62 7d 29 7d 63 61 74 63 68 28 63 29 7b 5f 2e 58 61 2e 63 6f 6e 73 6f 6c 65 26 26 5f 2e 58 61 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 63 2e 6d 65 73 73 61 67 65 29 7d 53 62 3d 61 7d 72 65 74 75 72 6e 20 53 62 7d 3b 0a 76 61 72 20 57 62 2c 56 62 3b 5f 2e 58 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 78 53 3d 61 3d 3d 3d 56 62 26 26 62 7c 7c 22 22 3b 74 68 69 73 2e 43 56 3d 57 62 7d 3b Data Ascii: Xa.trustedTypes;if(b&&b.createPolicy)try{a=b.createPolicy("gapi#html",{createHTML:Lb,createScript:Lb,createScriptURL:Lb})}catch(c){_.Xa.console&&_.Xa.console.error(c.message)}Sb=a}return Sb};var Wb,Vb;_.Xb=function(a,b){this.xS=a===Vb&&b\|\|"";this.CV=Wb};
2022-12-09 04:34:46 UTC	245	IN	Data Raw: 61 63 65 28 6d 63 2c 22 26 61 6d 70 3b 22 29 29 3b 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 22 3c 22 29 26 26 28 61 3d 61 2e 72 65 70 6c 61 63 65 28 6e 63 2c 22 26 6c 74 3b 22 29 29 3b 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 22 3e 22 29 26 26 28 61 3d 61 2e 72 65 70 6c 61 63 65 28 6f 63 2c 22 26 67 74 3b 22 29 29 3b 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 27 22 27 29 26 26 28 61 3d 61 2e 72 65 70 6c 61 63 65 28 70 63 2c 22 26 71 75 6f 74 3b 22 29 29 3b 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 22 27 22 29 26 26 28 61 3d 61 2e 72 65 70 6c 61 63 65 28 71 63 2c 22 26 23 33 39 3b 22 29 29 3b 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 22 5c 78 30 30 22 29 26 26 28 61 3d 61 2e 72 65 70 6c 61 63 65 28 72 63 2c 22 26 23 30 3b 22 29 29 3b 72 65 74 75 72 6e 20 Data Ascii: ace(mc,"&"));-1!=a.indexOf("<")&&(a=a.replace(nc,"<"));-1!=a.indexOf(">")&&(a=a.replace(oc,">"));-1!=a.indexOf('"')&&(a=a.replace(pc,"""));-1!=a.indexOf("'")&&(a=a.replace(qc,"'"));-1!=a.indexOf("\x00")&&(a=a.replace(rc,""));return
2022-12-09 04:34:46 UTC	246	IN	Data Raw: 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 0a 5f 2e 43 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 77 63 29 72 65 74 75 72 6e 20 61 3b 61 3d 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 61 26 26 61 2e 78 69 3f 61 2e 43 67 28 29 3a 53 74 72 69 6e 67 28 61 29 3b 41 63 2e 74 65 73 74 28 61 29 3f 61 3d 5f 2e 42 63 28 61 29 3a 28 61 3d 53 74 72 69 6e 67 28 61 29 2e 72 65 70 6c 61 63 65 28 2f 28 25 30 41 7c 25 30 44 29 2f 67 2c 22 22 29 2c 61 3d 61 2e 6d 61 74 63 68 28 79 63 29 3f 5f 2e 42 63 28 61 29 3a 6e 75 6c 6c 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 44 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 77 63 29 72 65 74 75 72 6e 20 61 3b Data Ascii: ?#]*(?:[/?#]\|$))/i;_.Cc=function(a){if(a instanceof _.wc)return a;a="object"==typeof a&&a.xi?a.Cg():String(a);Ac.test(a)?a=_.Bc(a):(a=String(a).replace(/(%0A\|%0D)/g,""),a=a.match(yc)?_.Bc(a):null);return a};_.Dc=function(a){if(a instanceof _.wc)return a;
2022-12-09 04:34:46 UTC	248	IN	Data Raw: 2e 4c 63 29 3b 0a 76 61 72 20 51 63 3b 51 63 3d 7b 7d 3b 5f 2e 52 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 50 46 3d 62 3d 3d 3d 51 63 3f 61 3a 22 22 3b 74 68 69 73 2e 78 69 3d 21 30 7d 3b 5f 2e 52 63 2e 70 72 6f 74 6f 74 79 70 65 2e 43 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 50 46 2e 74 6f 53 74 72 69 6e 67 28 29 7d 3b 5f 2e 52 63 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 50 46 2e 74 6f 53 74 72 69 6e 67 28 29 7d 3b 5f 2e 77 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 52 63 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 5f 2e 52 63 29 72 65 74 75 72 6e 20 Data Ascii: .Lc);var Qc;Qc={};_.Rc=function(a,b){this.PF=b===Qc?a:"";this.xi=!0};_.Rc.prototype.Cg=function(){return this.PF.toString()};_.Rc.prototype.toString=function(){return this.PF.toString()};_.wb=function(a){if(a instanceof _.Rc&&a.constructor===_.Rc)return
2022-12-09 04:34:46 UTC	249	IN	Data Raw: 41 6e 64 72 6f 69 64 22 29 3b 5f 2e 6c 64 3d 5f 2e 42 62 28 29 3b 5f 2e 6d 64 3d 5f 2e 70 62 28 22 69 50 61 64 22 29 3b 5f 2e 6e 64 3d 5f 2e 70 62 28 22 69 50 6f 64 22 29 3b 5f 2e 6f 64 3d 5f 2e 43 62 28 29 3b 70 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 58 61 2e 64 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 20 61 3f 61 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 3a 76 6f 69 64 20 30 7d 3b 0a 61 3a 7b 76 61 72 20 72 64 3d 22 22 2c 73 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 6e 62 28 29 3b 69 66 28 5f 2e 65 64 29 72 65 74 75 72 6e 2f 72 76 3a 28 5b 5e 5c 29 3b 5d 2b 29 28 5c 29 7c 3b 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 5f 2e 63 64 29 72 65 74 75 72 6e 2f 45 64 67 65 5c 2f 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 Data Ascii: Android");_.ld=_.Bb();_.md=_.pb("iPad");_.nd=_.pb("iPod");_.od=_.Cb();pd=function(){var a=_.Xa.document;return a?a.documentMode:void 0};a:{var rd="",sd=function(){var a=_.nb();if(_.ed)return/rv:([^\);]+)(\)\|;)/.exec(a);if(_.cd)return/Edge\/([\d\.]+)/.exe
2022-12-09 04:34:46 UTC	250	IN	Data Raw: 22 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 64 3f 62 2e 6f 70 65 6e 28 5f 2e 78 63 28 61 29 2c 63 2c 64 29 3a 62 2e 6f 70 65 6e 28 5f 2e 78 63 28 61 29 2c 63 29 7d 3b 45 64 3d 2f 5e 5b 5c 77 2b 2f 5f 2d 5d 2b 5b 3d 5d 7b 30 2c 32 7d 24 2f 3b 5f 2e 46 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 28 62 7c 7c 5f 2e 58 61 29 2e 64 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 20 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 3f 28 61 3d 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 29 29 26 26 28 61 3d 61 2e 6e 6f 6e 63 65 7c 7c 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 29 29 26 26 45 64 2e 74 65 73 74 28 61 29 3f 61 3a 22 22 3a 22 22 7d 3b 0a 5f 2e 47 64 3d 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 70 Data Ascii: ";return void 0!==d?b.open(_.xc(a),c,d):b.open(_.xc(a),c)};Ed=/^[\w+/_-]+[=]{0,2}$/;_.Fd=function(a,b){b=(b\|\|_.Xa).document;return b.querySelector?(a=b.querySelector(a))&&(a=a.nonce\|\|a.getAttribute("nonce"))&&Ed.test(a)?a:"":""};_.Gd=String.prototype.rep
2022-12-09 04:34:46 UTC	251	IN	Data Raw: 70 61 6e 3a 22 63 6f 6c 53 70 61 6e 22 2c 66 72 61 6d 65 62 6f 72 64 65 72 3a 22 66 72 61 6d 65 42 6f 72 64 65 72 22 2c 68 65 69 67 68 74 3a 22 68 65 69 67 68 74 22 2c 6d 61 78 6c 65 6e 67 74 68 3a 22 6d 61 78 4c 65 6e 67 74 68 22 2c 6e 6f 6e 63 65 3a 22 6e 6f 6e 63 65 22 2c 72 6f 6c 65 3a 22 72 6f 6c 65 22 2c 72 6f 77 73 70 61 6e 3a 22 72 6f 77 53 70 61 6e 22 2c 74 79 70 65 3a 22 74 79 70 65 22 2c 75 73 65 6d 61 70 3a 22 75 73 65 4d 61 70 22 2c 76 61 6c 69 67 6e 3a 22 76 41 6c 69 67 6e 22 2c 77 69 64 74 68 3a 22 77 69 64 74 68 22 7d 3b 0a 5f 2e 51 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 62 5b 31 5d 2c 64 3d 5f 2e 4f 64 28 61 2c 53 74 72 69 6e 67 28 62 5b 30 5d 29 29 3b 63 26 26 28 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f Data Ascii: pan:"colSpan",frameborder:"frameBorder",height:"height",maxlength:"maxLength",nonce:"nonce",role:"role",rowspan:"rowSpan",type:"type",usemap:"useMap",valign:"vAlign",width:"width"};_.Qd=function(a,b){var c=b[1],d=_.Od(a,String(b[0]));c&&("string"===typeo
2022-12-09 04:34:46 UTC	252	IN	Data Raw: 22 53 54 59 4c 45 22 3a 63 61 73 65 20 22 54 52 41 43 4b 22 3a 63 61 73 65 20 22 57 42 52 22 3a 72 65 74 75 72 6e 21 31 7d 72 65 74 75 72 6e 21 30 7d 3b 0a 5f 2e 54 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 50 64 28 5f 2e 4a 64 28 61 29 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2c 31 29 7d 3b 5f 2e 56 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3b 62 3d 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 7d 3b 5f 2e 57 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2c 62 29 7d 3b 5f 2e 58 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 26 26 61 2e 70 61 Data Ascii: "STYLE":case "TRACK":case "WBR":return!1}return!0};_.Td=function(a,b){Pd(_.Jd(a),a,arguments,1)};_.Vd=function(a){for(var b;b=a.firstChild;)a.removeChild(b)};_.Wd=function(a,b){b.parentNode&&b.parentNode.insertBefore(a,b)};_.Xd=function(a){return a&&a.pa
2022-12-09 04:34:46 UTC	254	IN	Data Raw: 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 62 7c 7c 74 68 69 73 2e 77 62 29 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 53 74 72 69 6e 67 28 61 29 29 7d 3b 0a 5f 2e 67 2e 6e 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 51 64 28 74 68 69 73 2e 77 62 2c 61 72 67 75 6d 65 6e 74 73 29 7d 3b 5f 2e 67 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 4f 64 28 74 68 69 73 2e 77 62 2c 61 29 7d 3b 5f 2e 67 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 77 62 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 53 74 72 69 6e 67 28 61 29 29 7d 3b 5f 2e 67 2e 67 65 74 57 69 6e 64 Data Ascii: ion(a,b){return(b\|\|this.wb).getElementsByTagName(String(a))};_.g.na=function(a,b,c){return _.Qd(this.wb,arguments)};_.g.createElement=function(a){return _.Od(this.wb,a)};_.g.createTextNode=function(a){return this.wb.createTextNode(String(a))};_.g.getWind
2022-12-09 04:34:46 UTC	255	IN	Data Raw: 6f 75 72 63 65 2b 2f 28 5c 2f 5c 2f 5b 5e 5c 2f 3f 23 5d 2a 29 3f 2f 2e 73 6f 75 72 63 65 2b 2f 28 5b 5e 3f 23 5d 2a 29 3f 2f 2e 73 6f 75 72 63 65 2b 2f 28 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 2f 2e 73 6f 75 72 63 65 2b 2f 28 23 28 28 23 7c 5b 5e 23 5d 29 2a 29 29 3f 2f 2e 73 6f 75 72 63 65 2b 2f 24 2f 2e 73 6f 75 72 63 65 29 3b 5f 2e 6d 65 3d 6e 65 77 20 52 65 67 45 78 70 28 2f 28 25 28 5b 5e 30 2d 39 61 2d 66 41 2d 46 25 5d 7c 5b 30 2d 39 61 2d 66 41 2d 46 5d 28 5b 5e 30 2d 39 61 2d 66 41 2d 46 25 5d 29 3f 29 3f 29 2a 2f 2e 73 6f 75 72 63 65 2b 2f 25 28 24 7c 5b 5e 30 2d 39 61 2d 66 41 2d 46 5d 7c 5b 30 2d 39 61 2d 66 41 2d 46 5d 28 24 7c 5b 5e 30 2d 39 61 2d 66 41 2d 46 5d 29 29 2f 2e 73 6f 75 72 63 65 2c 22 67 22 29 3b 0a 5f 2e 6e 65 3d 6e 65 77 20 52 65 Data Ascii: ource+/(\/\/[^\/?#])?/.source+/([^?#])?/.source+/(\?([^#]))?/.source+/(#((#\|[^#])))?/.source+/$/.source);_.me=new RegExp(/(%([^0-9a-fA-F%]\|[0-9a-fA-F]([^0-9a-fA-F%])?)?)*/.source+/%($\|[^0-9a-fA-F]\|[0-9a-fA-F]($\|[^0-9a-fA-F]))/.source,"g");_.ne=new Re
2022-12-09 04:34:46 UTC	256	IN	Data Raw: 5b 64 5d 29 29 3a 61 5b 64 5d 3d 62 5b 64 5d 29 7d 3b 0a 77 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 26 26 21 2f 5e 5c 73 2b 24 2f 2e 74 65 73 74 28 61 29 29 7b 66 6f 72 28 3b 30 3d 3d 61 2e 63 68 61 72 43 6f 64 65 41 74 28 61 2e 6c 65 6e 67 74 68 2d 31 29 3b 29 61 3d 61 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 61 2e 6c 65 6e 67 74 68 2d 31 29 3b 74 72 79 7b 76 61 72 20 62 3d 77 69 6e 64 6f 77 2e 4a 53 4f 4e 2e 70 61 72 73 65 28 61 29 7d 63 61 74 63 68 28 63 29 7b 7d 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 62 29 72 65 74 75 72 6e 20 62 3b 74 72 79 7b 62 3d 28 6e 65 77 20 46 75 6e 63 74 69 6f 6e 28 22 72 65 74 75 72 6e 20 28 22 2b 61 2b 22 5c 6e 29 22 29 29 28 29 7d 63 61 74 63 68 28 63 29 7b 7d 69 66 28 22 6f 62 6a 65 63 Data Ascii: [d])):a[d]=b[d])};we=function(a){if(a&&!/^\s+$/.test(a)){for(;0==a.charCodeAt(a.length-1);)a=a.substring(0,a.length-1);try{var b=window.JSON.parse(a)}catch(c){}if("object"===typeof b)return b;try{b=(new Function("return ("+a+"\n)"))()}catch(c){}if("objec
2022-12-09 04:34:46 UTC	257	IN	Data Raw: 65 28 73 65 28 29 2c 64 5b 61 5d 2c 21 30 29 3b 61 3d 30 3b 66 6f 72 28 62 3d 63 2e 6c 65 6e 67 74 68 3b 61 3c 62 3b 2b 2b 61 29 76 65 28 73 65 28 29 2c 63 5b 61 5d 2c 21 30 29 7d 3b 5f 2e 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 73 65 28 29 3b 69 66 28 21 61 29 72 65 74 75 72 6e 20 63 3b 61 3d 61 2e 73 70 6c 69 74 28 22 2f 22 29 3b 66 6f 72 28 76 61 72 20 64 3d 30 2c 65 3d 61 2e 6c 65 6e 67 74 68 3b 63 26 26 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 63 26 26 64 3c 65 3b 2b 2b 64 29 63 3d 63 5b 61 5b 64 5d 5d 3b 72 65 74 75 72 6e 20 64 3d 3d 3d 61 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 63 3f 63 3a 62 7d 3b 0a 5f 2e 41 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3b 69 66 28 22 73 74 Data Ascii: e(se(),d[a],!0);a=0;for(b=c.length;a<b;++a)ve(se(),c[a],!0)};_.ze=function(a,b){var c=se();if(!a)return c;a=a.split("/");for(var d=0,e=a.length;c&&"object"===typeof c&&d<e;++d)c=c[a[d]];return d===a.length&&void 0!==c?c:b};_.Ae=function(a,b){var c;if("st
2022-12-09 04:34:46 UTC	258	IN	Data Raw: 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 22 74 6f 4a 53 4f 4e 22 29 7c 7c 28 65 21 3d 3d 53 65 7c 7c 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 41 72 72 61 79 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 4f 62 6a 65 63 74 29 26 26 28 65 21 3d 3d 52 65 7c 7c 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 41 72 72 61 79 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 4f 62 6a 65 63 74 29 26 26 65 21 3d 3d 51 65 26 26 65 21 3d 3d 4e 65 26 26 65 21 3d 3d 50 65 26 26 65 21 3d 3d 4f 65 29 29 72 65 74 75 72 6e 20 54 65 28 61 2e 74 6f 4a 53 4f 4e 2e 63 61 6c 6c 28 61 29 2c 63 29 3b 69 66 28 6e 75 6c 6c 3d 3d 0a 61 29 62 5b 62 2e 6c 65 6e 67 74 68 5d 3d 22 6e 75 6c 6c 22 3b 65 6c 73 65 20 69 66 28 65 3d 3d 3d 4e 65 29 61 3d 4e 75 6d 62 65 72 Data Ascii: operty.call(a,"toJSON")\|\|(e!==Se\|\|a.constructor!==Array&&a.constructor!==Object)&&(e!==Re\|\|a.constructor!==Array&&a.constructor!==Object)&&e!==Qe&&e!==Ne&&e!==Pe&&e!==Oe))return Te(a.toJSON.call(a),c);if(null==a)b[b.length]="null";else if(e===Ne)a=Number
2022-12-09 04:34:46 UTC	260	IN	Data Raw: 29 2a 5b 5e 22 5d 2a 22 28 5b 5e 22 5c 5c 5d 7c 5c 5c 2e 29 2a 5b 5c 30 2d 5c 78 31 66 5d 2f 3b 57 65 3d 2f 5e 28 5b 5e 22 5d 2a 22 28 5b 5e 5c 5c 22 5d 7c 5c 5c 2e 29 2a 22 29 2a 5b 5e 22 5d 2a 22 28 5b 5e 22 5c 5c 5d 7c 5c 5c 2e 29 2a 5c 5c 5b 5e 5c 5c 5c 2f 22 62 66 6e 72 74 75 5d 2f 3b 58 65 3d 2f 5e 28 5b 5e 22 5d 2a 22 28 5b 5e 5c 5c 22 5d 7c 5c 5c 2e 29 2a 22 29 2a 5b 5e 22 5d 2a 22 28 5b 5e 22 5c 5c 5d 7c 5c 5c 2e 29 2a 5c 5c 75 28 5b 30 2d 39 61 2d 66 41 2d 46 5d 7b 30 2c 33 7d 5b 5e 30 2d 39 61 2d 66 41 2d 46 5d 29 2f 3b 59 65 3d 2f 22 28 5b 5e 5c 30 2d 5c 78 31 66 5c 5c 22 5d 7c 5c 5c 5b 5c 5c 5c 2f 22 62 66 6e 72 74 5d 7c 5c 5c 75 5b 30 2d 39 61 2d 66 41 2d 46 5d 7b 34 7d 29 2a 22 2f 67 3b 5a 65 3d 2f 2d 3f 28 30 7c 5b 31 2d 39 5d 5b 30 2d 39 Data Ascii: )[^"]"([^"\\]\|\\.)[\0-\x1f]/;We=/^([^"]"([^\\"]\|\\.)")[^"]"([^"\\]\|\\.)\\[^\\\/"bfnrtu]/;Xe=/^([^"]"([^\\"]\|\\.)")[^"]"([^"\\]\|\\.)\\u([0-9a-fA-F]{0,3}[^0-9a-fA-F])/;Ye=/"([^\0-\x1f\\"]\|\\[\\\/"bfnrt]\|\\u[0-9a-fA-F]{4})"/g;Ze=/-?(0\|[1-9][0-9
2022-12-09 04:34:46 UTC	261	IN	Data Raw: 20 44 61 74 65 28 30 29 5d 2c 63 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 29 26 26 21 30 3d 3d 3d 4c 65 28 22 74 72 75 65 22 29 26 26 33 3d 3d 3d 4c 65 28 27 5b 7b 22 61 22 3a 33 7d 5d 27 29 5b 30 5d 2e 61 7d 63 61 74 63 68 28 62 29 7b 7d 49 65 3d 4b 65 26 26 21 4c 65 28 22 5b 30 30 5d 22 29 26 26 21 4c 65 28 27 22 5c 75 30 30 30 37 22 27 29 26 26 21 4c 65 28 27 22 5c 5c 30 22 27 29 26 26 21 4c 65 28 27 22 5c 5c 76 22 27 29 7d 66 69 6e 61 6c 6c 79 7b 4a 65 3d 61 7d 7d 7d 3b 5f 2e 6e 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 2d 31 3d 3d 3d 4a 65 29 72 65 74 75 72 6e 21 31 3b 6d 66 28 29 3b 72 65 74 75 72 6e 28 49 65 3f 4c 65 3a 6c 66 29 28 61 29 7d 3b 0a 5f 2e 6f 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 2d 31 21 3d 3d 4a 65 29 72 65 74 Data Ascii: Date(0)],c:function(){}})&&!0===Le("true")&&3===Le('[{"a":3}]')[0].a}catch(b){}Ie=Ke&&!Le("[00]")&&!Le('"\u0007"')&&!Le('"\\0"')&&!Le('"\\v"')}finally{Je=a}}};_.nf=function(a){if(-1===Je)return!1;mf();return(Ie?Le:lf)(a)};_.of=function(a){if(-1!==Je)ret
2022-12-09 04:34:46 UTC	262	IN	Data Raw: 62 6c 6f 63 6b 53 69 7a 65 3b 2b 2b 61 29 74 68 69 73 2e 4f 79 5b 61 5d 3d 30 3b 74 68 69 73 2e 75 41 3d 74 68 69 73 2e 6b 70 3d 30 3b 74 68 69 73 2e 72 65 73 65 74 28 29 7d 3b 5f 2e 24 61 28 69 67 2c 68 67 29 3b 69 67 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 47 63 5b 30 5d 3d 31 37 33 32 35 38 34 31 39 33 3b 74 68 69 73 2e 47 63 5b 31 5d 3d 34 30 32 33 32 33 33 34 31 37 3b 74 68 69 73 2e 47 63 5b 32 5d 3d 32 35 36 32 33 38 33 31 30 32 3b 74 68 69 73 2e 47 63 5b 33 5d 3d 32 37 31 37 33 33 38 37 38 3b 74 68 69 73 2e 47 63 5b 34 5d 3d 33 32 38 35 33 37 37 35 32 30 3b 74 68 69 73 2e 75 41 3d 74 68 69 73 2e 6b 70 3d 30 7d 3b 0a 76 61 72 20 6a 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 7c Data Ascii: blockSize;++a)this.Oy[a]=0;this.uA=this.kp=0;this.reset()};_.$a(ig,hg);ig.prototype.reset=function(){this.Gc[0]=1732584193;this.Gc[1]=4023233417;this.Gc[2]=2562383102;this.Gc[3]=271733878;this.Gc[4]=3285377520;this.uA=this.kp=0};var jg=function(a,b,c){c\|
2022-12-09 04:34:46 UTC	263	IN	Data Raw: 63 6b 53 69 7a 65 29 7b 6a 67 28 74 68 69 73 2c 65 29 3b 66 3d 30 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 66 6f 72 28 3b 64 3c 62 3b 29 69 66 28 65 5b 66 5d 3d 61 5b 64 5d 2c 2b 2b 66 2c 2b 2b 64 2c 66 3d 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 29 7b 6a 67 28 74 68 69 73 2c 65 29 3b 66 3d 30 3b 62 72 65 61 6b 7d 7d 74 68 69 73 2e 6b 70 3d 66 3b 74 68 69 73 2e 75 41 2b 3d 62 7d 7d 3b 0a 69 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 69 67 65 73 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5b 5d 2c 62 3d 38 2a 74 68 69 73 2e 75 41 3b 35 36 3e 74 68 69 73 2e 6b 70 3f 74 68 69 73 2e 75 70 64 61 74 65 28 74 68 69 73 2e 4f 79 2c 35 36 2d 74 68 69 73 2e 6b 70 29 3a 74 68 69 73 2e 75 70 64 61 74 65 28 74 68 69 73 2e 4f 79 2c 74 68 69 73 2e 62 6c 6f 63 Data Ascii: ckSize){jg(this,e);f=0;break}}else for(;d<b;)if(e[f]=a[d],++f,++d,f==this.blockSize){jg(this,e);f=0;break}}this.kp=f;this.uA+=b}};ig.prototype.digest=function(){var a=[],b=8*this.uA;56>this.kp?this.update(this.Oy,56-this.kp):this.update(this.Oy,this.bloc
2022-12-09 04:34:46 UTC	265	IN	Data Raw: 61 72 20 62 3d 5f 2e 76 68 28 22 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6e 66 69 67 2f 73 65 73 73 69 6f 6e 49 6e 64 65 78 22 29 3b 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 62 26 26 32 35 34 3c 62 2e 6c 65 6e 67 74 68 26 26 28 62 3d 6e 75 6c 6c 29 3b 6e 75 6c 6c 3d 3d 62 26 26 28 62 3d 77 69 6e 64 6f 77 2e 5f 5f 58 5f 47 4f 4f 47 5f 41 55 54 48 55 53 45 52 29 3b 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 62 26 26 32 35 34 3c 62 2e 6c 65 6e 67 74 68 26 26 28 62 3d 6e 75 6c 6c 29 3b 69 66 28 6e 75 6c 6c 3d 3d 62 29 7b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 3b 63 26 26 28 62 3d 63 2e 61 75 74 68 75 73 65 72 29 7d 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 62 26 26 32 35 34 3c 62 2e 6c 65 6e 67 74 68 26 26 Data Ascii: ar b=_.vh("googleapis.config/sessionIndex");"string"===typeof b&&254<b.length&&(b=null);null==b&&(b=window.__X_GOOG_AUTHUSER);"string"===typeof b&&254<b.length&&(b=null);if(null==b){var c=window.google;c&&(b=c.authuser)}"string"===typeof b&&254<b.length&&
2022-12-09 04:34:46 UTC	266	IN	Data Raw: 52 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 62 7c 7c 22 22 29 3b 7d 3b 53 6b 3d 2f 26 2f 67 3b 54 6b 3d 2f 3c 2f 67 3b 55 6b 3d 2f 3e 2f 67 3b 56 6b 3d 2f 22 2f 67 3b 57 6b 3d 2f 27 2f 67 3b 58 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 53 74 72 69 6e 67 28 61 29 2e 72 65 70 6c 61 63 65 28 53 6b 2c 22 26 61 6d 70 3b 22 29 2e 72 65 70 6c 61 63 65 28 54 6b 2c 22 26 6c 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 55 6b 2c 22 26 67 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 56 6b 2c 22 26 71 75 6f 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 57 6b 2c 22 26 23 33 39 3b 22 29 7d 3b 59 6b 3d 2f 5b 5c 75 64 38 30 30 2d 5c 75 64 62 66 66 5d 5b 5c 75 64 63 30 30 2d 5c 75 64 66 66 66 5d 7c 5b 5e 21 2d Data Ascii: Rk=function(a,b){if(!a)throw Error(b\|\|"");};Sk=/&/g;Tk=/</g;Uk=/>/g;Vk=/"/g;Wk=/'/g;Xk=function(a){return String(a).replace(Sk,"&").replace(Tk,"<").replace(Uk,">").replace(Vk,""").replace(Wk,"'")};Yk=/[\ud800-\udbff][\udc00-\udfff]\|[^!-
2022-12-09 04:34:46 UTC	267	IN	Data Raw: 6e 20 63 7d 3b 0a 5f 2e 64 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 61 3d 61 6c 28 61 29 3b 61 2e 71 75 65 72 79 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2e 71 75 65 72 79 2c 63 6c 28 62 2c 64 29 29 3b 61 2e 69 69 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2e 69 69 2c 63 6c 28 63 2c 64 29 29 3b 72 65 74 75 72 6e 20 62 6c 28 61 29 7d 3b 0a 5f 2e 65 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 6c 28 62 29 3b 62 3d 63 2e 58 71 3b 63 2e 71 75 65 72 79 2e 6c 65 6e 67 74 68 26 26 28 62 2b 3d 22 3f 22 2b 63 2e 71 75 65 72 79 2e 6a 6f 69 6e 28 22 22 29 29 3b 63 2e 69 69 2e 6c 65 6e 67 74 68 26 26 28 62 2b 3d 22 23 22 2b 63 2e 69 69 2e 6a 6f 69 6e 28 22 22 29 29 3b 76 61 72 20 64 3d 22 22 3b 32 45 33 3c 62 2e 6c 65 6e 67 74 68 Data Ascii: n c};_.dl=function(a,b,c,d){a=al(a);a.query.push.apply(a.query,cl(b,d));a.ii.push.apply(a.ii,cl(c,d));return bl(a)};_.el=function(a,b){var c=al(b);b=c.Xq;c.query.length&&(b+="?"+c.query.join(""));c.ii.length&&(b+="#"+c.ii.join(""));var d="";2E3<b.length
2022-12-09 04:34:46 UTC	268	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 62 5b 63 5d 3d 64 7d 3b 61 2e 72 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 64 65 6c 65 74 65 20 62 5b 63 5d 7d 7d 72 65 74 75 72 6e 20 61 7d 3b 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 2e 6f 6e 6c 6f 61 64 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 62 3f 28 6b 6c 28 29 2e 61 28 61 2c 62 29 2c 62 29 3a 6e 75 6c 6c 7d 3b 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 52 6b 28 2f 5e 5c 77 2b 24 2f 2e 74 65 73 74 28 61 29 2c 22 55 6e 73 75 70 70 6f 72 74 65 64 20 69 64 20 2d 20 22 2b 61 29 3b 72 65 74 75 72 6e 27 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 5f 5f 5f 6a 73 6c 2e 6f 6e 6c 2e 65 28 26 23 33 34 3b 27 2b 61 2b 27 26 23 33 34 3b 29 22 27 7d 3b 6e 6c 3d Data Ascii: unction(c,d){b[c]=d};a.r=function(c){delete b[c]}}return a};ll=function(a,b){b=b.onload;return"function"===typeof b?(kl().a(a,b),b):null};ml=function(a){_.Rk(/^\w+$/.test(a),"Unsupported id - "+a);return'onload="window.___jsl.onl.e("'+a+'")"'};nl=
2022-12-09 04:34:46 UTC	269	IN	Data Raw: 74 57 69 74 68 4a 73 6f 6e 50 61 72 61 6d 26 26 28 68 3d 7b 7d 2c 68 2e 6a 63 70 3d 5f 2e 6f 66 28 6b 29 2c 6b 3d 68 29 3b 68 3d 5f 2e 6b 65 28 62 2c 22 72 70 63 74 6f 6b 65 6e 22 29 7c 7c 65 2e 72 70 63 74 6f 6b 65 6e 7c 7c 66 2e 72 70 63 74 6f 6b 65 6e 3b 68 7c 7c 28 68 3d 64 2e 72 70 63 74 6f 6b 65 6e 7c 7c 53 74 72 69 6e 67 28 4d 61 74 68 2e 72 6f 75 6e 64 28 31 45 38 2a 5f 2e 55 68 28 29 29 29 2c 6b 2e 72 70 63 74 6f 6b 65 6e 3d 68 29 3b 64 2e 72 70 63 74 6f 6b 65 6e 3d 68 3b 5f 2e 69 65 28 6b 2c 64 2e 63 6f 6e 6e 65 63 74 57 69 74 68 51 75 65 72 79 50 61 72 61 6d 73 3f 65 3a 66 29 3b 6b 3d 61 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3b 61 3d 5f 2e 67 65 28 29 3b 28 68 3d 5f 2e 6b 65 28 6b 2c 22 5f 62 73 68 22 2c 5f 2e 71 65 2e 62 73 68 29 29 26 26 Data Ascii: tWithJsonParam&&(h={},h.jcp=_.of(k),k=h);h=_.ke(b,"rpctoken")\|\|e.rpctoken\|\|f.rpctoken;h\|\|(h=d.rpctoken\|\|String(Math.round(1E8*_.Uh())),k.rpctoken=h);d.rpctoken=h;_.ie(k,d.connectWithQueryParams?e:f);k=a.location.href;a=_.ge();(h=_.ke(k,"_bsh",_.qe.bsh))&&
2022-12-09 04:34:46 UTC	271	IN	Data Raw: 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 53 74 72 69 6e 67 28 63 29 29 2b 22 2f 22 29 3b 64 26 26 28 65 2b 3d 22 62 2f 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 53 74 72 69 6e 67 28 64 29 29 2b 22 2f 22 29 3b 63 3d 65 7c 7c 6e 75 6c 6c 3b 28 65 3d 28 64 3d 21 31 3d 3d 3d 5f 2e 76 68 28 22 69 73 4c 6f 67 67 65 64 49 6e 22 29 29 3f 22 5f 2f 69 6d 2f 22 3a 22 22 29 26 26 28 63 3d 22 22 29 3b 76 61 72 20 66 3d 5f 2e 76 68 28 22 69 66 72 61 6d 65 73 2f 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 22 29 2c 68 3d 5f 2e 76 68 28 22 69 66 72 61 6d 65 73 2f 3a 69 6d 5f 73 6f 63 69 61 6c 68 6f 73 74 3a 22 29 3b 72 65 74 75 72 6e 20 67 6c 3d 7b 73 6f 63 69 61 6c 68 6f 73 74 3a 66 2c 63 74 78 5f 73 6f 63 69 61 6c 68 6f 73 74 3a 64 3f 68 3a 66 2c 73 65 73 73 69 Data Ascii: RIComponent(String(c))+"/");d&&(e+="b/"+encodeURIComponent(String(d))+"/");c=e\|\|null;(e=(d=!1===_.vh("isLoggedIn"))?"_/im/":"")&&(c="");var f=_.vh("iframes/:socialhost:"),h=_.vh("iframes/:im_socialhost:");return gl={socialhost:f,ctx_socialhost:d?h:f,sessi
2022-12-09 04:34:46 UTC	272	IN	Data Raw: 6c 65 6e 67 74 68 3b 6b 2b 2b 29 6d 3d 68 5b 6b 5d 2e 73 70 6c 69 74 28 22 3d 22 2c 32 29 2c 66 2e 70 75 73 68 28 5b 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6d 5b 30 5d 29 2c 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6d 5b 31 5d 29 5d 29 3b 63 2e 71 75 65 72 79 3d 5b 5d 3b 68 3d 62 6c 28 63 29 3b 5f 2e 52 6b 28 5f 2e 66 6c 2e 74 65 73 74 28 68 29 2c 22 49 6e 76 61 6c 69 64 20 55 52 4c 3a 20 22 2b 68 29 3b 63 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 66 6f 72 6d 22 29 3b 63 2e 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 3b 63 2e 74 61 72 67 65 74 3d 65 3b 63 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 6e 6f 6e 65 22 3b 65 3d 68 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 77 63 3f 68 3a 5f 2e 44 63 28 68 29 3b 63 2e Data Ascii: length;k++)m=h[k].split("=",2),f.push([decodeURIComponent(m[0]),decodeURIComponent(m[1])]);c.query=[];h=bl(c);_.Rk(_.fl.test(h),"Invalid URL: "+h);c=d.createElement("form");c.method="POST";c.target=e;c.style.display="none";e=h instanceof _.wc?h:_.Dc(h);c.
2022-12-09 04:34:46 UTC	273	IN	Data Raw: 26 22 68 74 74 70 73 22 21 3d 3d 63 26 26 22 63 68 72 6f 6d 65 2d 65 78 74 65 6e 73 69 6f 6e 22 21 3d 3d 63 26 26 22 6d 6f 7a 2d 65 78 74 65 6e 73 69 6f 6e 22 21 3d 3d 63 26 26 22 66 69 6c 65 22 21 3d 3d 63 26 26 22 61 6e 64 72 6f 69 64 2d 61 70 70 22 21 3d 3d 63 26 26 22 63 68 72 6f 6d 65 2d 73 65 61 72 63 68 22 21 3d 3d 0a 63 26 26 22 63 68 72 6f 6d 65 2d 75 6e 74 72 75 73 74 65 64 22 21 3d 3d 63 26 26 22 63 68 72 6f 6d 65 22 21 3d 3d 63 26 26 22 61 70 70 22 21 3d 3d 63 26 26 22 64 65 76 74 6f 6f 6c 73 22 21 3d 3d 63 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 41 60 22 2b 63 29 3b 61 3d 22 22 3b 76 61 72 20 64 3d 62 2e 69 6e 64 65 78 4f 66 28 22 3a 22 29 3b 69 66 28 2d 31 21 3d 64 29 7b 76 61 72 20 65 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 64 2b 31 29 3b Data Ascii: &"https"!==c&&"chrome-extension"!==c&&"moz-extension"!==c&&"file"!==c&&"android-app"!==c&&"chrome-search"!==c&&"chrome-untrusted"!==c&&"chrome"!==c&&"app"!==c&&"devtools"!==c)throw Error("A`"+c);a="";var d=b.indexOf(":");if(-1!=d){var e=b.substring(d+1);
2022-12-09 04:34:46 UTC	274	IN	Data Raw: 61 29 7b 74 68 69 73 2e 4f 2e 68 65 69 67 68 74 3d 61 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 67 2e 44 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 4f 2e 68 65 69 67 68 74 7d 3b 5f 2e 67 2e 4d 68 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 4f 2e 73 74 79 6c 65 3d 61 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 67 2e 67 65 74 53 74 79 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 4f 2e 73 74 79 6c 65 7d 3b 0a 5f 2e 64 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 4f 3d 61 7c 7c 7b 7d 7d 3b 5f 2e 67 3d 5f 2e 64 6a 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 67 2e 76 61 6c 75 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 4f 7d 3b 5f 2e 67 2e Data Ascii: a){this.O.height=a;return this};_.g.Dc=function(){return this.O.height};_.g.Mh=function(a){this.O.style=a;return this};_.g.getStyle=function(){return this.O.style};_.dj=function(a){this.O=a\|\|{}};_.g=_.dj.prototype;_.g.value=function(){return this.O};_.g.
2022-12-09 04:34:46 UTC	276	IN	Data Raw: 61 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 72 65 74 75 72 6e 21 21 61 2e 24 67 6f 6f 67 5f 54 68 65 6e 61 62 6c 65 7d 63 61 74 63 68 28 62 29 7b 72 65 74 75 72 6e 21 31 7d 7d 3b 6d 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 63 58 3d 61 3b 74 68 69 73 2e 47 33 3d 62 3b 74 68 69 73 2e 7a 79 3d 30 3b 74 68 69 73 2e 75 66 3d 6e 75 6c 6c 7d 3b 0a 6d 6a 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 30 3c 74 68 69 73 2e 7a 79 29 7b 74 68 69 73 2e 7a 79 2d 2d 3b 76 61 72 20 61 3d 74 68 69 73 2e 75 66 3b 74 68 69 73 2e 75 66 3d 61 2e 6e 65 78 74 3b 61 2e 6e 65 78 74 3d 6e 75 6c 6c 7d 65 6c 73 65 20 61 3d 74 68 69 73 2e 63 58 28 29 3b 72 65 74 75 72 6e 20 61 7d 3b 6d 6a 2e 70 72 6f Data Ascii: a){if(!a)return!1;try{return!!a.$goog_Thenable}catch(b){return!1}};mj=function(a,b){this.cX=a;this.G3=b;this.zy=0;this.uf=null};mj.prototype.get=function(){if(0<this.zy){this.zy--;var a=this.uf;this.uf=a.next;a.next=null}else a=this.cX();return a};mj.pro
2022-12-09 04:34:46 UTC	277	IN	Data Raw: 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 76 6f 69 64 20 30 21 3d 3d 63 2e 6e 65 78 74 29 7b 63 3d 63 2e 6e 65 78 74 3b 76 61 72 20 65 3d 63 2e 63 62 3b 63 2e 63 62 3d 6e 75 6c 6c 3b 65 28 29 7d 7d 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 2e 6e 65 78 74 3d 7b 63 62 3a 65 7d 3b 64 3d 64 2e 6e 65 78 74 3b 62 2e 70 6f 72 74 32 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 30 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 5f 2e 58 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 65 2c 30 29 7d 7d 3b 6e 6a 3d 5f 2e 6a 6a 3b 5f 2e 6c 69 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6e 6a 3d 61 7d 29 3b 0a 76 61 72 20 72 6a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 4b 41 3d 74 68 69 73 2e 49 71 3d 6e 75 6c 6c 7d 3b 72 Data Ascii: ssage=function(){if(void 0!==c.next){c=c.next;var e=c.cb;c.cb=null;e()}};return function(e){d.next={cb:e};d=d.next;b.port2.postMessage(0)}}return function(e){_.Xa.setTimeout(e,0)}};nj=_.jj;_.li(function(a){nj=a});var rj=function(){this.KA=this.Iq=null};r
2022-12-09 04:34:46 UTC	278	IN	Data Raw: 41 6a 28 63 2c 33 2c 64 29 7d 29 7d 63 61 74 63 68 28 64 29 7b 41 6a 28 74 68 69 73 2c 33 2c 64 29 7d 7d 3b 43 6a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6e 65 78 74 3d 74 68 69 73 2e 63 6f 6e 74 65 78 74 3d 74 68 69 73 2e 4b 70 3d 74 68 69 73 2e 64 74 3d 74 68 69 73 2e 57 6c 3d 6e 75 6c 6c 3b 74 68 69 73 2e 55 71 3d 21 31 7d 3b 43 6a 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 63 6f 6e 74 65 78 74 3d 74 68 69 73 2e 4b 70 3d 74 68 69 73 2e 64 74 3d 74 68 69 73 2e 57 6c 3d 6e 75 6c 6c 3b 74 68 69 73 2e 55 71 3d 21 31 7d 3b 44 6a 3d 6e 65 77 20 6d 6a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 6a 7d 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 72 65 73 65 74 28 29 Data Ascii: Aj(c,3,d)})}catch(d){Aj(this,3,d)}};Cj=function(){this.next=this.context=this.Kp=this.dt=this.Wl=null;this.Uq=!1};Cj.prototype.reset=function(){this.context=this.Kp=this.dt=this.Wl=null;this.Uq=!1};Dj=new mj(function(){return new Cj},function(a){a.reset()
2022-12-09 04:34:46 UTC	279	IN	Data Raw: 61 72 20 64 3d 30 2c 65 3d 6e 75 6c 6c 2c 66 3d 6e 75 6c 6c 2c 68 3d 63 2e 72 6b 3b 68 26 26 28 68 2e 55 71 7c 7c 28 64 2b 2b 2c 68 2e 57 6c 3d 3d 61 26 26 28 65 3d 68 29 2c 21 28 65 26 26 31 3c 64 29 29 29 3b 68 3d 68 2e 6e 65 78 74 29 65 7c 7c 28 66 3d 68 29 3b 65 26 26 28 30 3d 3d 63 2e 44 61 26 26 31 3d 3d 64 3f 56 6a 28 63 2c 62 29 3a 28 66 3f 28 64 3d 66 2c 64 2e 6e 65 78 74 3d 3d 63 2e 71 6f 26 26 28 63 2e 71 6f 3d 64 29 2c 64 2e 6e 65 78 74 3d 64 2e 6e 65 78 74 2e 6e 65 78 74 29 3a 57 6a 28 63 29 2c 58 6a 28 63 2c 65 2c 33 2c 62 29 29 29 7d 61 2e 44 62 3d 6e 75 6c 6c 7d 65 6c 73 65 20 41 6a 28 61 2c 33 2c 62 29 7d 2c 53 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 72 6b 7c 7c 32 21 3d 61 2e 44 61 26 26 33 21 3d 61 2e 44 61 7c 7c 59 6a 28 Data Ascii: ar d=0,e=null,f=null,h=c.rk;h&&(h.Uq\|\|(d++,h.Wl==a&&(e=h),!(e&&1<d)));h=h.next)e\|\|(f=h);e&&(0==c.Da&&1==d?Vj(c,b):(f?(d=f,d.next==c.qo&&(c.qo=d),d.next=d.next.next):Wj(c),Xj(c,e,3,b)))}a.Db=null}else Aj(a,3,b)},Sj=function(a,b){a.rk\|\|2!=a.Da&&3!=a.Da\|\|Yj(
2022-12-09 04:34:46 UTC	280	IN	Data Raw: 28 61 2e 79 43 3d 21 30 2c 5f 2e 79 6a 28 61 2e 63 77 2c 61 29 29 7d 2c 57 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 2e 72 6b 26 26 28 62 3d 61 2e 72 6b 2c 61 2e 72 6b 3d 62 2e 6e 65 78 74 2c 62 2e 6e 65 78 74 3d 6e 75 6c 6c 29 3b 61 2e 72 6b 7c 7c 28 61 2e 71 6f 3d 6e 75 6c 6c 29 3b 72 65 74 75 72 6e 20 62 7d 3b 5f 2e 42 6a 2e 70 72 6f 74 6f 74 79 70 65 2e 63 77 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3b 61 3d 57 6a 28 74 68 69 73 29 3b 29 58 6a 28 74 68 69 73 2c 61 2c 74 68 69 73 2e 44 61 2c 74 68 69 73 2e 53 65 29 3b 74 68 69 73 2e 79 43 3d 21 31 7d 3b 0a 76 61 72 20 58 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 69 66 28 33 3d 3d 63 26 26 62 2e 4b 70 26 26 21 62 2e 55 71 29 66 Data Ascii: (a.yC=!0,_.yj(a.cw,a))},Wj=function(a){var b=null;a.rk&&(b=a.rk,a.rk=b.next,b.next=null);a.rk\|\|(a.qo=null);return b};_.Bj.prototype.cw=function(){for(var a;a=Wj(this);)Xj(this,a,this.Da,this.Se);this.yC=!1};var Xj=function(a,b,c,d){if(3==c&&b.Kp&&!b.Uq)f
2022-12-09 04:34:46 UTC	282	IN	Data Raw: 2e 70 65 28 74 68 69 73 2e 4a 66 2c 22 6d 65 73 73 61 67 65 22 2c 61 29 3b 5f 2e 66 65 28 5f 2e 71 65 2c 22 52 50 4d 51 22 2c 5b 5d 29 2e 70 75 73 68 28 61 29 3b 74 68 69 73 2e 4a 66 21 3d 74 68 69 73 2e 4a 66 2e 70 61 72 65 6e 74 26 26 6b 6b 28 74 68 69 73 2c 74 68 69 73 2e 4a 66 2e 70 61 72 65 6e 74 2c 74 68 69 73 2e 53 45 28 74 68 69 73 2e 4a 66 2e 6e 61 6d 65 29 2c 22 2a 22 29 7d 3b 6c 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 53 45 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 27 7b 22 68 22 3a 22 27 2b 65 73 63 61 70 65 28 61 29 2b 27 22 7d 27 7d 3b 76 61 72 20 6d 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 75 6c 6c 3b 30 3d 3d 3d 61 2e 69 6e 64 65 78 4f 66 28 27 7b 22 68 22 3a 22 27 29 26 26 61 2e 69 6e 64 65 78 4f 66 28 27 Data Ascii: .pe(this.Jf,"message",a);_.fe(_.qe,"RPMQ",[]).push(a);this.Jf!=this.Jf.parent&&kk(this,this.Jf.parent,this.SE(this.Jf.name),"*")};lk.prototype.SE=function(a){return'{"h":"'+escape(a)+'"}'};var mk=function(a){var b=null;0===a.indexOf('{"h":"')&&a.indexOf('
2022-12-09 04:34:46 UTC	283	IN	Data Raw: 6b 2c 47 6b 2c 49 6b 2c 6a 6b 2c 4b 6b 2c 4a 6b 2c 42 6b 2c 43 6b 2c 4c 6b 2c 66 6b 2c 4d 6b 2c 4e 6b 3b 6f 6b 3d 30 3b 70 6b 3d 5b 5d 3b 71 6b 3d 7b 7d 3b 72 6b 3d 7b 7d 3b 73 6b 3d 5f 2e 62 65 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3b 74 6b 3d 5f 2e 6b 65 28 73 6b 2c 22 72 70 63 74 6f 6b 65 6e 22 29 3b 75 6b 3d 5f 2e 6b 65 28 73 6b 2c 22 70 61 72 65 6e 74 22 29 7c 7c 5f 2e 63 65 2e 72 65 66 65 72 72 65 72 3b 65 6b 3d 5f 2e 6b 65 28 73 6b 2c 22 72 6c 79 22 29 3b 68 6b 3d 65 6b 7c 7c 28 5f 2e 62 65 21 3d 3d 5f 2e 62 65 2e 74 6f 70 7c 7c 5f 2e 62 65 2e 6f 70 65 6e 65 72 29 26 26 5f 2e 62 65 2e 6e 61 6d 65 7c 7c 22 2e 2e 22 3b 76 6b 3d 6e 75 6c 6c 3b 77 6b 3d 7b 7d 3b 78 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 5f 2e 79 6b 3d 7b 73 65 6e 64 3a 78 6b Data Ascii: k,Gk,Ik,jk,Kk,Jk,Bk,Ck,Lk,fk,Mk,Nk;ok=0;pk=[];qk={};rk={};sk=_.be.location.href;tk=_.ke(sk,"rpctoken");uk=_.ke(sk,"parent")\|\|_.ce.referrer;ek=_.ke(sk,"rly");hk=ek\|\|(_.be!==_.be.top\|\|_.be.opener)&&_.be.name\|\|"..";vk=null;wk={};xk=function(){};_.yk={send:xk
2022-12-09 04:34:46 UTC	284	IN	Data Raw: 63 2c 64 2b 22 5f 5f 63 62 22 2c 6e 75 6c 6c 2c 62 29 3b 5f 2e 48 6b 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 65 29 7d 7d 3b 6a 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 6b 3d 61 7d 3b 4b 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 77 6b 5b 61 5d 7c 7c 28 77 6b 5b 61 5d 3d 5f 2e 62 65 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 6b 5b 61 5d 3d 21 31 3b 4a 6b 28 61 29 7d 2c 30 29 29 7d 3b 4a 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 71 6b 5b 61 5d 3b 69 66 28 62 26 26 62 2e 72 65 61 64 79 29 7b 76 61 72 20 63 3d 62 2e 56 46 3b 66 6f 72 28 62 2e 56 46 3d 5b 5d 3b 63 2e 6c 65 6e 67 74 68 3b 29 5f 2e 79 6b 2e 73 65 6e 64 28 61 2c 5f 2e 6f 66 28 63 2e 73 68 69 66 74 28 29 29 2c 62 2e 6f 72 69 67 69 6e 29 7d 7d 3b 42 6b Data Ascii: c,d+"__cb",null,b);_.Hk.apply(null,e)}};jk=function(a){vk=a};Kk=function(a){wk[a]\|\|(wk[a]=_.be.setTimeout(function(){wk[a]=!1;Jk(a)},0))};Jk=function(a){var b=qk[a];if(b&&b.ready){var c=b.VF;for(b.VF=[];c.length;)_.yk.send(a,_.of(c.shift()),b.origin)}};Bk
2022-12-09 04:34:46 UTC	285	IN	Data Raw: 28 66 3d 66 2e 73 72 63 2c 64 3d 5f 2e 66 67 28 66 29 2c 63 3d 63 7c 7c 5f 2e 6b 65 28 66 2c 22 72 70 63 74 6f 6b 65 6e 22 29 29 7d 22 2a 22 3d 3d 3d 65 2e 6f 72 69 67 69 6e 26 26 64 7c 7c 28 64 3d 65 2e 6f 72 69 67 69 6e 29 3b 71 6b 5b 61 5d 3d 7b 74 41 3a 63 2c 56 46 3a 5b 5d 2c 6f 72 69 67 69 6e 3a 64 2c 54 33 3a 62 2c 48 51 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 61 3b 71 6b 5b 68 5d 2e 72 65 61 64 79 3d 31 3b 4a 6b 28 68 29 7d 7d 3b 5f 2e 79 6b 2e 47 62 28 61 2c 71 6b 5b 61 5d 2e 48 51 29 7d 72 65 74 75 72 6e 20 71 6b 5b 61 5d 2e 48 51 7d 3b 0a 5f 2e 48 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 61 3d 61 7c 7c 22 2e 2e 22 3b 5f 2e 4f 6b 28 61 29 3b 61 3d 61 2e 73 70 6c 69 74 28 22 7c 22 2c 31 29 5b 30 5d 3b 76 61 72 20 Data Ascii: (f=f.src,d=_.fg(f),c=c\|\|_.ke(f,"rpctoken"))}"*"===e.origin&&d\|\|(d=e.origin);qk[a]={tA:c,VF:[],origin:d,T3:b,HQ:function(){var h=a;qk[h].ready=1;Jk(h)}};_.yk.Gb(a,qk[a].HQ)}return qk[a].HQ};_.Hk=function(a,b,c,d){a=a\|\|"..";_.Ok(a);a=a.split("\|",1)[0];var
2022-12-09 04:34:46 UTC	287	IN	Data Raw: 6c 6c 29 29 3f 66 2e 6f 76 65 72 66 6c 6f 77 59 3a 6e 75 6c 6c 29 3b 69 66 28 22 76 69 73 69 62 6c 65 22 21 3d 66 26 26 22 69 6e 68 65 72 69 74 22 21 3d 66 26 26 28 66 3d 64 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 2c 66 7c 7c 28 66 3d 28 66 3d 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 64 2c 6e 75 6c 6c 29 29 3f 66 2e 68 65 69 67 68 74 3a 22 22 29 2c 30 3c 66 2e 6c 65 6e 67 74 68 26 26 22 61 75 74 6f 22 21 3d 66 29 29 63 6f 6e 74 69 6e 75 65 7d 66 6f 72 28 64 3d 30 3b 64 3c 65 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 66 3d 65 5b 64 5d 3b 0a 69 66 28 22 75 6e 64 65 66 69 6e Data Ascii: ll))?f.overflowY:null);if("visible"!=f&&"inherit"!=f&&(f=d.style.height,f\|\|(f=(f=document.defaultView.getComputedStyle(d,null))?f.height:""),0<f.length&&"auto"!=f))continue}for(d=0;d<e.length;d++){f=e[d];if("undefin
2022-12-09 04:34:46 UTC	287	IN	Data Raw: 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 66 2e 6f 66 66 73 65 74 54 6f 70 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 66 2e 6f 66 66 73 65 74 48 65 69 67 68 74 29 7b 76 61 72 20 68 3d 66 2e 6f 66 66 73 65 74 54 6f 70 2b 66 2e 6f 66 66 73 65 74 48 65 69 67 68 74 2b 61 28 66 2c 22 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 22 29 3b 62 3d 4d 61 74 68 2e 6d 61 78 28 62 2c 68 29 7d 63 2e 70 75 73 68 28 66 29 7d 7d 72 65 74 75 72 6e 20 62 2b 61 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2c 22 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 22 29 2b 61 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2c 22 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 22 29 2b 61 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2c 22 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 22 29 7d 3b 0a Data Ascii: ed"!==typeof f.offsetTop&&"undefined"!==typeof f.offsetHeight){var h=f.offsetTop+f.offsetHeight+a(f,"margin-bottom");b=Math.max(b,h)}c.push(f)}}return b+a(document.body,"border-bottom")+a(document.body,"margin-bottom")+a(document.body,"padding-bottom")};
2022-12-09 04:34:46 UTC	288	IN	Data Raw: 2c 65 5d 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 6e 65 63 74 49 66 72 61 6d 65 73 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 61 28 29 2e 43 6f 6e 74 65 78 74 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 6e 65 63 74 49 66 72 61 6d 65 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 0a 5b 63 2c 64 5d 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 46 72 61 6d 65 4e 61 6d 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 28 29 2e 43 6f 6e 74 65 78 74 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 46 72 61 6d 65 4e 61 6d 65 2e 61 70 70 6c 79 28 74 68 69 73 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 47 6c 6f 62 61 6c 50 61 72 61 6d 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 61 28 29 2e 43 6f 6e 74 65 78 74 2e 70 72 6f 74 6f 74 79 70 65 Data Ascii: ,e])};b.prototype.connectIframes=function(c,d){a().Context.prototype.connectIframes.apply(this,[c,d])};b.prototype.getFrameName=function(){return a().Context.prototype.getFrameName.apply(this)};b.prototype.getGlobalParam=function(c){a().Context.prototype
2022-12-09 04:34:46 UTC	289	IN	Data Raw: 65 6c 66 46 69 6c 74 65 72 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 61 28 29 2e 43 6f 6e 74 65 78 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 52 65 73 74 79 6c 65 53 65 6c 66 46 69 6c 74 65 72 2e 61 70 70 6c 79 28 74 68 69 73 2c 5b 63 5d 29 7d 3b 72 65 74 75 72 6e 20 62 7d 2c 46 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 65 2c 66 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 28 61 28 29 2e 49 66 72 61 6d 65 29 28 63 2c 64 2c 65 2c 66 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 61 70 70 6c 79 49 66 72 61 6d 65 73 41 70 69 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 61 28 29 2e 49 66 72 61 6d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 61 70 70 6c 79 49 66 72 61 6d 65 73 41 70 69 28 63 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 Data Ascii: elfFilter=function(c){a().Context.prototype.setRestyleSelfFilter.apply(this,[c])};return b},Fl=function(a){var b=function(c,d,e,f){return new (a().Iframe)(c,d,e,f)};b.prototype.applyIframesApi=function(c){a().Iframe.prototype.applyIframesApi(c)};b.prototy
2022-12-09 04:34:46 UTC	290	IN	Data Raw: 79 70 65 2e 72 65 67 69 73 74 65 72 2e 61 70 70 6c 79 28 74 68 69 73 2c 5b 63 2c 64 2c 65 5d 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 67 69 73 74 65 72 57 61 73 43 6c 6f 73 65 64 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 61 28 29 2e 49 66 72 61 6d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 67 69 73 74 65 72 57 61 73 43 6c 6f 73 65 64 2e 61 70 70 6c 79 28 74 68 69 73 2c 5b 63 2c 64 5d 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 67 69 73 74 65 72 57 61 73 52 65 73 74 79 6c 65 64 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 61 28 29 2e 49 66 72 61 6d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 67 69 73 74 65 72 57 61 73 52 65 73 74 79 6c 65 64 2e 61 70 70 6c 79 28 74 68 69 73 2c 0a 5b 63 2c 64 5d 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e Data Ascii: ype.register.apply(this,[c,d,e])};b.prototype.registerWasClosed=function(c,d){a().Iframe.prototype.registerWasClosed.apply(this,[c,d])};b.prototype.registerWasRestyled=function(c,d){a().Iframe.prototype.registerWasRestyled.apply(this,[c,d])};b.prototype.
2022-12-09 04:34:46 UTC	292	IN	Data Raw: 66 28 74 68 69 73 5b 62 5d 3d 3d 3d 61 29 72 65 74 75 72 6e 20 62 3b 72 65 74 75 72 6e 2d 31 7d 3b 5f 2e 51 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 29 7b 5f 2e 52 6b 28 5f 2e 4f 6c 28 61 29 2c 22 61 72 72 61 79 46 6f 72 45 61 63 68 20 77 61 73 20 63 61 6c 6c 65 64 20 77 69 74 68 20 61 20 6e 6f 6e 20 61 72 72 61 79 20 76 61 6c 75 65 22 29 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 62 2e 63 61 6c 6c 28 63 2c 61 5b 64 5d 2c 64 29 7d 7d 3b 5f 2e 52 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 29 69 66 28 5f 2e 4f 6c 28 61 29 29 5f 2e 51 6c 28 61 2c 62 2c 63 29 3b 65 6c 73 65 7b 5f 2e 52 6b 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 61 2c 22 6f 62 6a 65 63 74 Data Ascii: f(this[b]===a)return b;return-1};_.Ql=function(a,b,c){if(a){_.Rk(_.Ol(a),"arrayForEach was called with a non array value");for(var d=0;d<a.length;d++)b.call(c,a[d],d)}};_.Rl=function(a,b,c){if(a)if(_.Ol(a))_.Ql(a,b,c);else{_.Rk("object"===typeof a,"object
2022-12-09 04:34:46 UTC	293	IN	Data Raw: 6e 28 29 7d 3b 5f 2e 66 6d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 67 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 5f 2e 67 65 28 29 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 62 5b 61 5b 63 5d 5d 3d 21 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 21 21 62 5b 64 2e 41 64 5d 7d 7d 3b 0a 6b 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 61 6d 5b 61 5d 3b 69 66 28 21 61 29 72 65 74 75 72 6e 5b 5d 3b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 65 3d 30 3b 65 3c 61 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 64 2e 70 75 73 68 28 5f 2e 46 6a 28 61 5b 65 5d 2e 63 61 6c 6c 28 63 2c 62 2c 63 29 29 29 3b 72 65 74 75 72 6e 20 64 7d 3b 6c 6d 3d 66 75 6e 63 Data Ascii: n()};_.fm=function(){return!0};_.gm=function(a){for(var b=_.ge(),c=0;c<a.length;c++)b[a[c]]=!0;return function(d){return!!b[d.Ad]}};km=function(a,b,c){a=am[a];if(!a)return[];for(var d=[],e=0;e<a.length;e++)d.push(_.Fj(a[e].call(c,b,c)));return d};lm=func
2022-12-09 04:34:46 UTC	294	IN	Data Raw: 20 63 7d 29 7d 3b 75 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 52 66 3d 61 3b 74 68 69 73 2e 43 6f 6e 74 65 78 74 3d 45 6c 28 61 29 3b 74 68 69 73 2e 49 66 72 61 6d 65 3d 46 6c 28 61 29 7d 3b 5f 2e 67 3d 75 6d 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 67 2e 43 52 4f 53 53 5f 4f 52 49 47 49 4e 5f 49 46 52 41 4d 45 53 5f 46 49 4c 54 45 52 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 52 66 28 29 2e 43 52 4f 53 53 5f 4f 52 49 47 49 4e 5f 49 46 52 41 4d 45 53 5f 46 49 4c 54 45 52 28 61 29 7d 3b 5f 2e 67 2e 53 41 4d 45 5f 4f 52 49 47 49 4e 5f 49 46 52 41 4d 45 53 5f 46 49 4c 54 45 52 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 52 66 28 29 2e 53 41 4d 45 5f 4f 52 49 47 49 4e 5f 49 46 52 41 Data Ascii: c})};um=function(a){this.Rf=a;this.Context=El(a);this.Iframe=Fl(a)};_.g=um.prototype;_.g.CROSS_ORIGIN_IFRAMES_FILTER=function(a){return this.Rf().CROSS_ORIGIN_IFRAMES_FILTER(a)};_.g.SAME_ORIGIN_IFRAMES_FILTER=function(a){return this.Rf().SAME_ORIGIN_IFRA
2022-12-09 04:34:46 UTC	295	IN	Data Raw: 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 70 72 69 6f 72 69 74 79 3c 63 3f 2d 31 3a 31 7d 29 3b 62 2e 48 68 2e 73 70 6c 69 63 65 28 64 2c 30 2c 61 29 7d 3b 0a 76 61 72 20 79 6d 3d 6e 65 77 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 3b 74 68 69 73 2e 76 4c 3d 6e 65 77 20 78 6d 3b 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 3d 6e 65 77 20 75 6d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 76 4c 2e 52 66 28 29 28 29 7d 29 7d 3b 7a 6d 28 7b 69 6e 73 74 61 6e 63 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 67 61 70 69 2e 69 66 72 61 6d 65 73 7d 2c 70 72 69 6f 72 69 74 79 3a 31 7d 29 3b 5f 2e 41 6d 3d 79 6d 2e 69 6e 73 74 61 6e 63 65 3b 0a 76 61 72 20 42 6d 2c 43 6d Data Ascii: ,function(e){return e.priority<c?-1:1});b.Hh.splice(d,0,a)};var ym=new function(){var a=this;this.vL=new xm;this.instance=new um(function(){return a.vL.Rf()()})};zm({instance:function(){return window.gapi.iframes},priority:1});_.Am=ym.instance;var Bm,Cm
2022-12-09 04:34:46 UTC	297	IN	Data Raw: 3b 47 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 49 66 72 61 6d 65 45 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 4f 2e 69 66 72 61 6d 65 45 6c 7d 3b 0a 76 61 72 20 4c 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 61 2e 56 66 28 29 2c 65 3d 62 2e 71 68 28 29 3b 4a 6d 28 49 6d 28 63 2c 61 2e 71 68 28 29 2b 22 2f 22 2b 62 2e 56 66 28 29 29 2c 65 2b 22 2f 22 2b 64 29 3b 48 6d 28 63 2c 62 2e 67 65 74 46 72 61 6d 65 4e 61 6d 65 28 29 29 2e 51 69 28 62 2e 67 65 74 4f 72 69 67 69 6e 28 29 29 7d 3b 0a 76 61 72 20 4e 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 62 2e 63 6c 6f 73 65 64 7c 7c 35 3d 3d 63 3f 4d 6d 28 62 29 3a 28 Data Ascii: ;Gm.prototype.getIframeEl=function(){return this.O.iframeEl};var Lm=function(a,b,c){var d=a.Vf(),e=b.qh();Jm(Im(c,a.qh()+"/"+b.Vf()),e+"/"+d);Hm(c,b.getFrameName()).Qi(b.getOrigin())};var Nm=function(a,b,c){a.setTimeout(function(){b.closed\|\|5==c?Mm(b):(
2022-12-09 04:34:46 UTC	298	IN	Data Raw: 7b 28 30 2c 74 68 69 73 2e 49 61 2e 4f 2e 5f 72 70 63 52 65 61 64 79 46 6e 29 28 29 7d 3b 0a 5f 2e 67 2e 73 65 74 50 61 72 61 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 49 61 2e 76 61 6c 75 65 28 29 5b 61 5d 3d 62 7d 3b 5f 2e 67 2e 67 65 74 50 61 72 61 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 49 61 2e 76 61 6c 75 65 28 29 5b 61 5d 7d 3b 5f 2e 67 2e 6c 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 49 61 2e 76 61 6c 75 65 28 29 7d 3b 5f 2e 67 2e 67 65 74 49 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 49 61 2e 67 65 74 49 64 28 29 7d 3b 5f 2e 67 2e 67 65 74 4f 72 69 67 69 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 Data Ascii: {(0,this.Ia.O._rpcReadyFn)()};_.g.setParam=function(a,b){this.Ia.value()[a]=b};_.g.getParam=function(a){return this.Ia.value()[a]};_.g.lc=function(){return this.Ia.value()};_.g.getId=function(){return this.Ia.getId()};_.g.getOrigin=function(){return this
2022-12-09 04:34:46 UTC	299	IN	Data Raw: 72 65 6e 74 3a 61 2e 66 72 61 6d 65 73 5b 64 5d 7d 72 65 74 75 72 6e 20 61 7d 3b 0a 76 61 72 20 51 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 7b 7d 3b 69 66 28 61 29 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 5f 2e 68 65 28 61 2c 63 29 26 26 5f 2e 68 65 28 42 6d 2c 63 29 26 26 43 6d 2e 74 65 73 74 28 61 5b 63 5d 29 26 26 28 62 5b 63 5d 3d 61 5b 63 5d 29 3b 72 65 74 75 72 6e 20 62 7d 3b 5f 2e 67 3d 5f 2e 4f 6d 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 67 2e 63 6c 6f 73 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 52 6d 28 74 68 69 73 2c 22 5f 67 5f 63 6c 6f 73 65 22 2c 61 2c 62 29 7d 3b 5f 2e 67 2e 72 65 73 74 79 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 52 6d 28 74 68 69 73 2c 22 5f 67 Data Ascii: rent:a.frames[d]}return a};var Qm=function(a){var b={};if(a)for(var c in a)_.he(a,c)&&_.he(Bm,c)&&Cm.test(a[c])&&(b[c]=a[c]);return b};_.g=_.Om.prototype;_.g.close=function(a,b){return Rm(this,"_g_close",a,b)};_.g.restyle=function(a,b){return Rm(this,"_g
2022-12-09 04:34:46 UTC	300	IN	Data Raw: 28 62 2c 0a 61 2c 74 68 69 73 29 7d 3b 5f 2e 67 2e 72 65 67 69 73 74 65 72 57 61 73 52 65 73 74 79 6c 65 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 72 65 67 69 73 74 65 72 28 22 5f 67 5f 77 61 73 52 65 73 74 79 6c 65 64 22 2c 61 2c 62 29 7d 3b 5f 2e 67 2e 72 65 67 69 73 74 65 72 57 61 73 43 6c 6f 73 65 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 72 65 67 69 73 74 65 72 28 22 5f 67 5f 77 61 73 43 6c 6f 73 65 64 22 2c 61 2c 62 29 7d 3b 5f 2e 67 2e 71 36 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 74 68 69 73 2e 67 65 74 43 6f 6e 74 65 78 74 28 29 2e 4f 66 5b 74 68 69 73 2e 67 65 74 46 72 61 6d 65 4e 61 6d 65 28 29 5d 3b 74 68 69 73 2e 67 65 74 43 6f 6e 74 65 78 74 28 29 2e 67 65 74 57 69 6e 64 6f 77 28 29 Data Ascii: (b,a,this)};_.g.registerWasRestyled=function(a,b){this.register("_g_wasRestyled",a,b)};_.g.registerWasClosed=function(a,b){this.register("_g_wasClosed",a,b)};_.g.q6=function(){delete this.getContext().Of[this.getFrameName()];this.getContext().getWindow()
2022-12-09 04:34:46 UTC	301	IN	Data Raw: 74 68 69 73 2e 62 32 26 26 74 68 69 73 2e 62 32 28 61 29 3b 72 65 74 75 72 6e 7d 5f 2e 52 6b 28 21 31 2c 22 55 6e 6b 6e 6f 77 6e 20 63 6f 6e 74 6f 6c 6c 65 64 20 69 66 72 61 6d 65 20 74 6f 20 64 69 73 70 6f 73 65 20 2d 20 22 2b 61 29 7d 3b 0a 5f 2e 67 2e 57 57 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 65 77 20 47 6d 28 61 29 3b 61 3d 6e 65 77 20 45 6d 28 62 2e 76 61 6c 75 65 28 29 29 3b 69 66 28 61 2e 4f 2e 73 65 6c 66 43 6f 6e 6e 65 63 74 29 76 61 72 20 63 3d 74 68 69 73 3b 65 6c 73 65 28 5f 2e 52 6b 28 71 6d 2e 74 65 73 74 28 62 2e 67 65 74 4f 72 69 67 69 6e 28 29 29 2c 22 49 6c 6c 65 67 61 6c 20 6f 72 69 67 69 6e 20 66 6f 72 20 63 6f 6e 6e 65 63 74 65 64 20 69 66 72 61 6d 65 20 2d 20 22 2b 62 2e 67 65 74 4f 72 69 67 69 6e 28 29 29 2c Data Ascii: this.b2&&this.b2(a);return}_.Rk(!1,"Unknown contolled iframe to dispose - "+a)};_.g.WW=function(a){var b=new Gm(a);a=new Em(b.value());if(a.O.selfConnect)var c=this;else(_.Rk(qm.test(b.getOrigin()),"Illegal origin for connected iframe - "+b.getOrigin()),
2022-12-09 04:34:46 UTC	303	IN	Data Raw: 7d 3b 66 6f 72 28 76 61 72 20 64 20 69 6e 20 63 29 5f 2e 68 65 28 63 2c 64 29 26 26 5f 2e 68 65 28 72 6d 2c 64 29 26 26 28 62 5b 64 5d 3d 63 5b 64 5d 29 3b 5f 2e 68 65 28 63 2c 22 73 74 79 6c 65 22 29 26 26 28 64 3d 63 2e 73 74 79 6c 65 2c 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 28 62 2e 73 74 79 6c 65 3d 51 6d 28 64 29 29 29 3b 61 2e 76 61 6c 75 65 28 29 2e 61 74 74 72 69 62 75 74 65 73 3d 62 7d 3b 0a 5f 2e 67 2e 42 32 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 6e 65 77 20 47 6d 28 61 29 3b 74 68 69 73 2e 6b 47 28 61 29 3b 76 61 72 20 62 3d 61 2e 4f 2e 5f 72 65 6c 61 79 65 64 44 65 70 74 68 7c 7c 30 3b 61 2e 4f 2e 5f 72 65 6c 61 79 65 64 44 65 70 74 68 3d 62 2b 31 3b 61 2e 4f 2e 6f 70 65 6e 65 72 49 66 72 61 6d 65 3d 74 68 69 73 Data Ascii: };for(var d in c)_.he(c,d)&&_.he(rm,d)&&(b[d]=c[d]);_.he(c,"style")&&(d=c.style,"object"===typeof d&&(b.style=Qm(d)));a.value().attributes=b};_.g.B2=function(a){a=new Gm(a);this.kG(a);var b=a.O._relayedDepth\|\|0;a.O._relayedDepth=b+1;a.O.openerIframe=this
2022-12-09 04:34:46 UTC	304	IN	Data Raw: 22 2e 2e 22 29 3b 4a 6d 28 62 2c 61 2e 5f 70 61 72 65 6e 74 52 65 74 41 64 64 72 7c 7c 74 68 69 73 2e 43 61 29 3b 62 2e 51 69 28 5f 2e 66 67 28 74 68 69 73 2e 47 46 7c 7c 74 68 69 73 2e 6b 64 29 29 3b 48 6d 28 62 2c 74 68 69 73 2e 71 51 29 3b 74 68 69 73 2e 44 62 3d 74 68 69 73 2e 61 74 74 61 63 68 28 62 2e 76 61 6c 75 65 28 29 29 7d 65 6c 73 65 20 74 68 69 73 2e 44 62 3d 6e 75 6c 6c 7d 3b 5f 2e 67 3d 5f 2e 53 6d 2e 70 72 6f 74 6f 74 79 70 65 3b 0a 5f 2e 67 2e 69 73 44 69 73 70 6f 73 65 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 76 67 7d 3b 5f 2e 67 2e 48 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 74 68 69 73 2e 69 73 44 69 73 70 6f 73 65 64 28 29 29 7b 66 6f 72 28 76 61 72 20 61 3d 5f 2e 70 61 28 4f 62 6a 65 63 74 Data Ascii: "..");Jm(b,a._parentRetAddr\|\|this.Ca);b.Qi(_.fg(this.GF\|\|this.kd));Hm(b,this.qQ);this.Db=this.attach(b.value())}else this.Db=null};_.g=_.Sm.prototype;_.g.isDisposed=function(){return this.vg};_.g.Ha=function(){if(!this.isDisposed()){for(var a=_.pa(Object
2022-12-09 04:34:46 UTC	305	IN	Data Raw: 7b 68 2e 72 65 67 69 73 74 65 72 28 6d 2c 6c 2c 6b 29 7d 29 3b 56 6c 28 61 29 26 26 68 2e 53 6a 28 29 3b 52 6d 28 68 2c 22 5f 67 5f 72 70 63 52 65 61 64 79 22 29 3b 72 65 74 75 72 6e 20 68 7d 3b 5f 2e 67 2e 6b 47 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 48 6d 28 61 2c 6e 75 6c 6c 29 3b 76 61 72 20 62 3d 61 2e 67 65 74 49 64 28 29 3b 21 62 7c 7c 64 6d 2e 74 65 73 74 28 62 29 26 26 21 74 68 69 73 2e 67 65 74 57 69 6e 64 6f 77 28 29 2e 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 7c 7c 28 5f 2e 73 66 2e 6c 6f 67 28 22 49 67 6e 6f 72 69 6e 67 20 72 65 71 75 65 73 74 65 64 20 69 66 72 61 6d 65 20 49 44 20 2d 20 22 2b 62 29 2c 61 2e 77 65 28 6e 75 6c 6c 29 29 7d 3b 76 61 72 20 62 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 Data Ascii: {h.register(m,l,k)});Vl(a)&&h.Sj();Rm(h,"_g_rpcReady");return h};_.g.kG=function(a){Hm(a,null);var b=a.getId();!b\|\|dm.test(b)&&!this.getWindow().document.getElementById(b)\|\|(_.sf.log("Ignoring requested iframe ID - "+b),a.we(null))};var bn=function(a,b){v
2022-12-09 04:34:46 UTC	306	IN	Data Raw: 28 29 2c 6b 3d 68 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 6b 3d 5f 2e 42 6c 28 65 29 2b 28 2f 23 2f 2e 74 65 73 74 28 65 29 3f 6b 2e 72 65 70 6c 61 63 65 28 2f 5e 23 2f 2c 22 26 22 29 3a 6b 29 3b 68 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 6b 29 3b 63 26 26 63 28 66 29 7d 7d 2c 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 62 2e 4f 2e 72 65 6c 61 79 4f 70 65 6e 3b 69 66 28 64 29 7b 76 61 72 20 65 3d 61 2e 67 65 74 50 61 72 65 6e 74 49 66 72 61 6d 65 28 29 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4f 6d 3f 0a 28 65 3d 64 2c 5f 2e 4a 6c 28 62 2c 30 29 29 3a 30 3c 4e 75 6d 62 65 72 28 64 29 26 26 5f 2e 4a 6c 28 62 2c 4e 75 6d 62 65 72 28 64 29 2d 31 29 3b 69 66 28 65 29 7b 5f 2e 52 6b 28 21 21 65 2e 6a 51 Data Ascii: (),k=h.location.hash;k=_.Bl(e)+(/#/.test(e)?k.replace(/^#/,"&"):k);h.location.replace(k);c&&c(f)}},en=function(a,b,c){var d=b.O.relayOpen;if(d){var e=a.getParentIframe();d instanceof _.Om?(e=d,_.Jl(b,0)):0<Number(d)&&_.Jl(b,Number(d)-1);if(e){_.Rk(!!e.jQ
2022-12-09 04:34:46 UTC	308	IN	Data Raw: 70 65 2e 67 65 74 50 61 72 65 6e 74 49 66 72 61 6d 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 44 62 7d 3b 76 61 72 20 67 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 50 61 72 65 6e 74 49 66 72 61 6d 65 28 29 2c 64 3d 21 30 3b 62 2e 66 69 6c 74 65 72 26 26 28 64 3d 62 2e 66 69 6c 74 65 72 2e 63 61 6c 6c 28 62 2e 77 69 2c 62 2e 70 61 72 61 6d 73 29 29 3b 72 65 74 75 72 6e 20 5f 2e 46 6a 28 64 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 63 3f 28 62 2e 6f 51 26 26 62 2e 6f 51 2e 63 61 6c 6c 28 61 2c 62 2e 70 61 72 61 6d 73 29 2c 65 3d 62 2e 73 65 6e 64 65 72 3f 62 2e 73 65 6e 64 65 72 28 62 2e 70 61 72 61 6d 73 29 3a 52 6d 28 63 2c 62 2e 6d 65 73 73 Data Ascii: pe.getParentIframe=function(){return this.Db};var gn=function(a,b){var c=a.getParentIframe(),d=!0;b.filter&&(d=b.filter.call(b.wi,b.params));return _.Fj(d).then(function(e){return e&&c?(b.oQ&&b.oQ.call(a,b.params),e=b.sender?b.sender(b.params):Rm(c,b.mess
2022-12-09 04:34:46 UTC	309	IN	Data Raw: 74 49 66 72 61 6d 65 28 29 3b 74 68 69 73 2e 61 64 64 4f 6e 4f 70 65 6e 65 72 48 61 6e 64 6c 65 72 28 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 5f 2e 52 6c 28 65 2c 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 6b 2e 72 65 67 69 73 74 65 72 28 6d 2c 6c 2c 64 29 7d 2c 74 68 69 73 29 3b 6b 21 3d 3d 66 26 26 6b 2e 73 65 6e 64 28 22 5f 72 65 61 64 79 22 2c 68 2c 76 6f 69 64 20 30 2c 64 29 7d 2c 76 6f 69 64 20 30 2c 64 29 3b 76 61 72 20 68 3d 61 7c 7c 7b 7d 3b 68 2e 68 65 69 67 68 74 3d 68 2e 68 65 69 67 68 74 7c 7c 22 61 75 74 6f 22 3b 74 68 69 73 2e 52 53 28 68 29 3b 66 26 26 66 2e 73 65 6e 64 28 22 5f 72 65 61 64 79 22 2c 68 2c 63 2c 5f 2e 66 6d 29 7d 3b 0a 5f 2e 53 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 6e 65 63 74 49 66 72 61 6d 65 73 3d 66 75 6e 63 74 69 6f Data Ascii: tIframe();this.addOnOpenerHandler(function(k){_.Rl(e,function(l,m){k.register(m,l,d)},this);k!==f&&k.send("_ready",h,void 0,d)},void 0,d);var h=a\|\|{};h.height=h.height\|\|"auto";this.RS(h);f&&f.send("_ready",h,c,_.fm)};_.Sm.prototype.connectIframes=functio
2022-12-09 04:34:46 UTC	310	IN	Data Raw: 7c 7c 5b 5d 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 63 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 63 5b 64 5d 3b 69 66 28 65 26 26 61 29 7b 76 61 72 20 66 3d 65 2e 4f 2e 66 69 6c 74 65 72 7c 7c 5f 2e 65 6d 3b 69 66 28 61 26 26 66 28 61 29 29 7b 66 3d 65 2e 4f 2e 61 70 69 73 7c 7c 5b 5d 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 66 2e 6c 65 6e 67 74 68 3b 68 2b 2b 29 61 2e 61 70 70 6c 79 49 66 72 61 6d 65 73 41 70 69 28 66 5b 68 5d 29 3b 65 2e 6e 62 28 29 26 26 65 2e 6e 62 28 29 28 61 2c 62 29 3b 65 2e 4f 2e 72 75 6e 4f 6e 63 65 26 26 28 63 2e 73 70 6c 69 63 65 28 64 2c 31 29 2c 2d 2d 64 29 7d 7d 7d 7d 3b 0a 5f 2e 53 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 4f 6e 4f 70 65 6e 65 72 48 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 Data Ascii: \|\|[];for(var d=0;d<c.length;d++){var e=c[d];if(e&&a){var f=e.O.filter\|\|_.em;if(a&&f(a)){f=e.O.apis\|\|[];for(var h=0;h<f.length;h++)a.applyIframesApi(f[h]);e.nb()&&e.nb()(a,b);e.O.runOnce&&(c.splice(d,1),--d)}}}};_.Sm.prototype.addOnOpenerHandler=function(
2022-12-09 04:34:46 UTC	311	IN	Data Raw: 63 65 28 22 2b 5f 2e 62 65 2e 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 6d 29 2e 72 65 70 6c 61 63 65 28 2f 23 2f 67 2c 22 5c 5c 78 32 33 22 29 2b 22 29 22 29 3b 69 66 28 65 29 7b 76 61 72 20 6e 3d 65 3b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 6d 29 7d 29 7d 65 6c 73 65 20 6e 3d 5f 2e 44 64 28 6d 2c 61 2c 68 2c 62 29 3b 72 65 74 75 72 6e 7b 69 64 3a 66 2c 68 54 3a 6e 7d 7d 3b 5f 2e 53 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 51 4e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 2e 4f 2e 6f 70 65 6e 41 73 57 69 6e 64 6f 77 29 7b 61 3d 68 6e 28 74 68 69 73 2c 61 2c 62 29 3b 76 61 72 20 63 3d 61 2e 69 64 3b 5f 2e 52 6b 28 21 21 61 2e 68 54 2c 22 4f 70 65 6e 20 70 6f 70 Data Ascii: ce("+_.be.JSON.stringify(m).replace(/#/g,"\\x23")+")");if(e){var n=e;setTimeout(function(){n.location.replace(m)})}else n=_.Dd(m,a,h,b);return{id:f,hT:n}};_.Sm.prototype.QN=function(a,b){if(b.O.openAsWindow){a=hn(this,a,b);var c=a.id;_.Rk(!!a.hT,"Open pop
2022-12-09 04:34:46 UTC	312	IN	Data Raw: 3a 32 7d 29 3b 0a 5f 2e 6e 6d 28 22 67 61 70 69 2e 6c 6f 61 64 22 2c 22 5f 67 5f 67 61 70 69 2e 6c 6f 61 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 42 6a 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 5f 2e 6a 65 2e 6c 6f 61 64 28 61 26 26 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 61 26 26 61 2e 66 65 61 74 75 72 65 73 7c 7c 22 22 2c 62 29 7d 29 7d 29 3b 0a 0a 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 63 72 65 61 74 65 22 2c 5f 2e 43 6c 29 3b 0a 0a 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 72 65 67 69 73 74 65 72 53 74 79 6c 65 22 2c 5f 2e 58 6d 29 3b 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 72 65 67 69 73 74 65 72 42 65 66 6f 72 65 4f 70 65 6e 53 74 79 6c 65 22 2c 5f 2e 24 Data Ascii: :2});_.nm("gapi.load","_g_gapi.load",function(a){return new _.Bj(function(b){_.je.load(a&&"object"===typeof a&&a.features\|\|"",b)})});_.u("gapi.iframes.create",_.Cl);_.u("gapi.iframes.registerStyle",_.Xm);_.u("gapi.iframes.registerBeforeOpenStyle",_.$
2022-12-09 04:34:46 UTC	314	IN	Data Raw: 79 70 65 2e 67 65 74 50 61 72 65 6e 74 49 66 72 61 6d 65 29 3b 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 43 6f 6e 74 65 78 74 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 6f 73 65 53 65 6c 66 22 2c 5f 2e 53 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 6f 73 65 53 65 6c 66 29 3b 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 43 6f 6e 74 65 78 74 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 73 74 79 6c 65 53 65 6c 66 22 2c 5f 2e 53 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 73 74 79 6c 65 53 65 6c 66 29 3b 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 43 6f 6e 74 65 78 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 43 6c 6f 73 65 53 65 6c 66 46 69 6c 74 65 72 22 2c 5f 2e 53 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 43 6c 6f 73 65 53 65 6c 66 46 Data Ascii: ype.getParentIframe);_.u("gapi.iframes.Context.prototype.closeSelf",_.Sm.prototype.closeSelf);_.u("gapi.iframes.Context.prototype.restyleSelf",_.Sm.prototype.restyleSelf);_.u("gapi.iframes.Context.prototype.setCloseSelfFilter",_.Sm.prototype.setCloseSelfF
2022-12-09 04:34:46 UTC	315	IN	Data Raw: 3b 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 49 66 72 61 6d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 61 70 70 6c 79 49 66 72 61 6d 65 73 41 70 69 22 2c 5f 2e 4f 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 61 70 70 6c 79 49 66 72 61 6d 65 73 41 70 69 29 3b 0a 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 49 66 72 61 6d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 49 66 72 61 6d 65 45 6c 22 2c 5f 2e 4f 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 49 66 72 61 6d 65 45 6c 29 3b 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 49 66 72 61 6d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 53 69 74 65 45 6c 22 2c 5f 2e 4f 6d 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 53 69 74 65 45 6c 29 3b 5f 2e 75 28 22 67 61 70 69 2e 69 66 72 61 6d 65 73 2e 49 66 72 Data Ascii: ;_.u("gapi.iframes.Iframe.prototype.applyIframesApi",_.Om.prototype.applyIframesApi);_.u("gapi.iframes.Iframe.prototype.getIframeEl",_.Om.prototype.getIframeEl);_.u("gapi.iframes.Iframe.prototype.getSiteEl",_.Om.prototype.getSiteEl);_.u("gapi.iframes.Ifr
2022-12-09 04:34:46 UTC	316	IN	Data Raw: 66 3d 63 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 2c 68 3d 63 2e 69 6e 64 65 78 4f 66 28 22 23 22 29 3b 63 3d 28 2d 31 3d 3d 3d 68 3f 63 2e 73 75 62 73 74 72 28 66 2b 31 29 3a 5b 63 2e 73 75 62 73 74 72 28 66 2b 31 2c 68 2d 66 2d 31 29 2c 22 26 22 2c 63 2e 73 75 62 73 74 72 28 68 2b 31 29 5d 2e 6a 6f 69 6e 28 22 22 29 29 2e 73 70 6c 69 74 28 22 26 22 29 3b 66 3d 77 69 6e 64 6f 77 2e 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 3f 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 3a 75 6e 65 73 63 61 70 65 3b 68 3d 30 3b 66 6f 72 28 76 61 72 20 6b 3d 63 2e 6c 65 6e 67 74 68 3b 68 3c 6b 3b 2b 2b 68 29 7b 76 61 72 20 6c 3d 63 5b 68 5d 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 3b 69 66 28 2d 31 21 3d 3d 6c 29 7b 76 61 72 20 6d 3d 63 5b 68 5d 2e 73 75 Data Ascii: f=c.indexOf("?"),h=c.indexOf("#");c=(-1===h?c.substr(f+1):[c.substr(f+1,h-f-1),"&",c.substr(h+1)].join("")).split("&");f=window.decodeURIComponent?decodeURIComponent:unescape;h=0;for(var k=c.length;h<k;++h){var l=c[h].indexOf("=");if(-1!==l){var m=c[h].su
2022-12-09 04:34:46 UTC	317	IN	Data Raw: 3b 76 61 72 20 63 3d 31 2c 64 3d 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 3f 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 3a 77 69 6e 64 6f 77 2e 6f 70 65 72 61 3f 77 69 6e 64 6f 77 2e 6f 70 65 72 61 2e 70 6f 73 74 45 72 72 6f 72 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 62 7d 29 28 29 3b 0a 0a 5f 2e 43 65 3d 5f 2e 43 65 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5b 5d 3b 5f 2e 43 65 2e 4f 66 61 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 61 2e 70 75 73 68 28 62 29 7d 3b 5f 2e 43 65 2e 5a 66 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 62 3d 30 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 62 3c 63 3b 2b 2b 62 29 61 5b 62 5d 28 29 7d 7d 29 28 29 3b 0a 0a 5f 2e 74 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e Data Ascii: ;var c=1,d=window.console?window.console:window.opera?window.opera.postError:void 0;return b})();_.Ce=_.Ce\|\|{};(function(){var a=[];_.Ce.Ofa=function(b){a.push(b)};_.Ce.Zfa=function(){for(var b=0,c=a.length;b<c;++b)a[b]()}})();_.tf=function(){var a=_.
2022-12-09 04:34:46 UTC	319	IN	Data Raw: 66 2e 49 6d 28 68 2e 66 29 3b 65 26 26 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 66 2e 6f 72 69 67 69 6e 3f 66 2e 6f 72 69 67 69 6e 21 3d 3d 6b 3a 66 2e 64 6f 6d 61 69 6e 21 3d 3d 2f 5e 2e 2b 3a 5c 2f 5c 2f 28 5b 5e 3a 5d 2b 29 2e 2a 2f 2e 65 78 65 63 28 6b 29 5b 31 5d 29 3f 5f 2e 45 65 28 22 49 6e 76 61 6c 69 64 20 72 70 63 20 6d 65 73 73 61 67 65 20 6f 72 69 67 69 6e 2e 20 22 2b 6b 2b 22 20 76 73 20 22 2b 28 66 2e 6f 72 69 67 69 6e 7c 7c 22 22 29 29 3a 0a 63 28 68 2c 66 2e 6f 72 69 67 69 6e 29 7d 7d 76 61 72 20 63 2c 64 2c 65 3d 21 30 3b 72 65 74 75 72 6e 7b 4f 4d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 Data Ascii: f.Im(h.f);e&&("undefined"!==typeof f.origin?f.origin!==k:f.domain!==/^.+:\/\/([^:]+).*/.exec(k)[1])?_.Ee("Invalid rpc message origin. "+k+" vs "+(f.origin\|\|"")):c(h,f.origin)}}var c,d,e=!0;return{OM:function(){retur
2022-12-09 04:34:46 UTC	319	IN	Data Raw: 6e 22 77 70 6d 22 7d 2c 4f 30 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 30 7d 2c 78 64 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 68 29 7b 5f 2e 48 65 2e 72 65 67 69 73 74 65 72 28 22 72 70 63 22 2c 6e 75 6c 6c 2c 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 22 74 72 75 65 22 3d 3d 3d 53 74 72 69 6e 67 28 28 6b 26 26 6b 2e 72 70 63 7c 7c 7b 7d 29 2e 64 69 73 61 62 6c 65 46 6f 72 63 65 53 65 63 75 72 65 29 26 26 28 65 3d 21 31 29 7d 29 3b 63 3d 66 3b 64 3d 68 3b 61 28 22 6d 65 73 73 61 67 65 22 2c 62 2c 21 31 29 3b 64 28 22 2e 2e 22 2c 21 30 29 3b 72 65 74 75 72 6e 21 30 7d 2c 47 62 3a 66 75 6e 63 74 69 6f 6e 28 66 29 7b 64 28 66 2c 21 30 29 3b 72 65 74 75 72 6e 21 30 7d 2c 63 61 6c 6c 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 6b 29 7b 76 61 72 20 6c 3d 5f Data Ascii: n"wpm"},O0:function(){return!0},xd:function(f,h){_.He.register("rpc",null,function(k){"true"===String((k&&k.rpc\|\|{}).disableForceSecure)&&(e=!1)});c=f;d=h;a("message",b,!1);d("..",!0);return!0},Gb:function(f){d(f,!0);return!0},call:function(f,h,k){var l=_
2022-12-09 04:34:46 UTC	320	IN	Data Raw: 43 61 2e 74 3d 42 5b 43 5d 3b 53 2e 63 61 6c 6c 28 43 2c 43 61 2e 66 2c 43 61 29 7d 4b 5b 43 5d 3d 5b 5d 7d 7d 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 66 75 6e 63 74 69 6f 6e 20 43 28 29 7b 63 62 3d 21 30 7d 71 61 7c 7c 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 75 6e 6c 6f 61 64 22 2c 43 2c 21 31 29 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 77 69 6e 64 6f 77 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 75 6e 6c 6f 61 64 22 2c 0a 43 29 2c 71 61 3d 21 30 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 43 2c 59 2c 53 2c Data Ascii: Ca.t=B[C];S.call(C,Ca.f,Ca)}K[C]=[]}}function b(){function C(){cb=!0}qa\|\|("undefined"!=typeof window.addEventListener?window.addEventListener("unload",C,!1):"undefined"!=typeof window.attachEvent&&window.attachEvent("onunload",C),qa=!0)}function c(C,Y,S,
2022-12-09 04:34:46 UTC	321	IN	Data Raw: 2f 22 29 29 3b 69 66 28 22 68 74 74 70 22 21 3d 3d 43 26 26 22 68 74 74 70 73 22 21 3d 3d 43 26 26 22 63 68 72 6f 6d 65 2d 65 78 74 65 6e 73 69 6f 6e 22 21 3d 3d 43 26 26 22 66 69 6c 65 22 21 3d 3d 43 26 26 22 61 6e 64 72 6f 69 64 2d 61 70 70 22 21 3d 3d 43 26 26 22 63 68 72 6f 6d 65 2d 73 65 61 72 63 68 22 21 3d 3d 43 26 26 22 63 68 72 6f 6d 65 2d 75 6e 74 72 75 73 74 65 64 22 21 3d 3d 43 26 26 22 63 68 72 6f 6d 65 22 21 3d 3d 43 26 26 22 64 65 76 74 6f 6f 6c 73 22 21 3d 3d 43 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 73 22 29 3b 53 3d 22 22 3b 76 61 72 20 6d 61 3d 59 2e 69 6e 64 65 78 4f 66 28 22 3a 22 29 3b 69 66 28 2d 31 21 3d 6d 61 29 7b 76 61 72 20 43 61 3d 59 2e 73 75 62 73 74 72 69 6e 67 28 6d 61 2b 31 29 3b 59 3d 59 2e 73 75 62 73 74 72 69 6e 67 Data Ascii: /"));if("http"!==C&&"https"!==C&&"chrome-extension"!==C&&"file"!==C&&"android-app"!==C&&"chrome-search"!==C&&"chrome-untrusted"!==C&&"chrome"!==C&&"devtools"!==C)throw Error("s");S="";var ma=Y.indexOf(":");if(-1!=ma){var Ca=Y.substring(ma+1);Y=Y.substring
2022-12-09 04:34:46 UTC	322	IN	Data Raw: 68 6f 73 74 2b 59 3a 2d 31 3d 3d 59 2e 69 6e 64 65 78 4f 66 28 22 3a 2f 2f 22 29 26 26 28 59 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 59 29 29 3b 77 5b 43 5d 3d 59 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 53 26 26 28 41 5b 43 5d 3d 21 21 53 29 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 43 2c 59 29 7b 59 3d 59 7c 7c 22 22 3b 42 5b 43 5d 3d 53 74 72 69 6e 67 28 59 29 3b 6b 28 43 2c 59 29 7d 66 75 6e 63 74 69 6f 6e 20 72 28 43 29 7b 43 3d 28 43 2e 70 61 73 73 52 65 66 65 72 72 65 72 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 3a 22 2c 32 29 3b 4a 3d 43 5b 30 5d 7c 7c 22 6e 6f 6e 65 22 3b 55 3d 43 5b 31 5d 7c 7c 22 6f 72 69 67 69 6e 22 7d 66 75 6e 63 74 69 6f 6e 20 70 28 43 29 7b 22 74 72 75 65 Data Ascii: host+Y:-1==Y.indexOf("://")&&(Y=window.location.protocol+"//"+Y));w[C]=Y;"undefined"!==typeof S&&(A[C]=!!S)}function n(C,Y){Y=Y\|\|"";B[C]=String(Y);k(C,Y)}function r(C){C=(C.passReferrer\|\|"").split(":",2);J=C[0]\|\|"none";U=C[1]\|\|"origin"}function p(C){"true
2022-12-09 04:34:46 UTC	324	IN	Data Raw: 66 20 77 69 6e 64 6f 77 2e 70 6f 73 74 4d 65 73 73 61 67 65 3f 0a 77 66 2e 70 4a 3a 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 70 6f 73 74 4d 65 73 73 61 67 65 3f 77 66 2e 70 4a 3a 77 69 6e 64 6f 77 2e 41 63 74 69 76 65 58 4f 62 6a 65 63 74 3f 77 66 2e 4a 50 3f 77 66 2e 4a 50 3a 77 66 2e 77 78 3a 30 3c 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 69 6e 64 65 78 4f 66 28 22 57 65 62 4b 69 74 22 29 3f 77 66 2e 63 52 3a 22 47 65 63 6b 6f 22 3d 3d 3d 6e 61 76 69 67 61 74 6f 72 2e 70 72 6f 64 75 63 74 3f 77 66 2e 66 72 61 6d 65 45 6c 65 6d 65 6e 74 3a 77 66 2e 77 78 3b 43 7c 7c 28 43 3d 53 61 29 3b 72 65 74 75 72 6e 20 43 7d 28 29 3b 71 5b 22 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 44 61 28 22 55 6e 6b 6e 6f 77 Data Ascii: f window.postMessage?wf.pJ:"object"===typeof window.postMessage?wf.pJ:window.ActiveXObject?wf.JP?wf.JP:wf.wx:0<navigator.userAgent.indexOf("WebKit")?wf.cR:"Gecko"===navigator.product?wf.frameElement:wf.wx;C\|\|(C=Sa);return C}();q[""]=function(){Da("Unknow
2022-12-09 04:34:46 UTC	325	IN	Data Raw: 2e 69 6e 64 65 78 4f 66 28 22 6c 65 67 61 63 79 5f 5f 22 29 26 26 28 74 61 3d 5a 2c 6a 61 2e 73 3d 59 2e 73 75 62 73 74 72 69 6e 67 28 38 29 2c 6a 61 2e 63 3d 6a 61 2e 63 3f 6a 61 2e 63 3a 46 29 2c 6a 61 2e 67 3d 21 30 2c 6a 61 2e 72 3d 43 61 2c 74 61 3f 28 41 5b 43 5d 26 26 28 74 61 3d 77 66 2e 77 78 29 2c 21 31 3d 3d 3d 74 61 2e 63 61 6c 6c 28 43 2c 43 61 2c 6a 61 29 26 26 28 58 5b 43 5d 3d 53 61 2c 5a 2e 63 61 6c 6c 28 43 2c 43 61 2c 6a 61 29 29 29 3a 4b 5b 43 5d 3f 4b 5b 43 5d 2e 70 75 73 68 28 6a 61 29 3a 4b 5b 43 5d 3d 5b 6a 61 5d 7d 2c 62 73 3a 6c 2c 53 69 3a 6d 2c 4b 7a 3a 6e 2c 53 74 3a 76 2c 77 6d 3a 66 75 6e 63 74 69 6f 6e 28 43 29 7b 72 65 74 75 72 6e 20 42 5b 43 5d 7d 2c 61 47 3a 66 75 6e 63 74 69 6f 6e 28 43 29 7b 64 65 6c 65 74 65 20 77 5b Data Ascii: .indexOf("legacy__")&&(ta=Z,ja.s=Y.substring(8),ja.c=ja.c?ja.c:F),ja.g=!0,ja.r=Ca,ta?(A[C]&&(ta=wf.wx),!1===ta.call(C,Ca,ja)&&(X[C]=Sa,Z.call(C,Ca,ja))):K[C]?K[C].push(ja):K[C]=[ja]},bs:l,Si:m,Kz:n,St:v,wm:function(C){return B[C]},aG:function(C){delete w[
2022-12-09 04:34:46 UTC	326	IN	Data Raw: 74 73 2e 72 70 63 2e 73 65 74 52 65 6c 61 79 55 72 6c 22 2c 5f 2e 78 66 2e 53 69 29 3b 5f 2e 75 28 22 67 61 64 67 65 74 73 2e 72 70 63 2e 73 65 74 41 75 74 68 54 6f 6b 65 6e 22 2c 5f 2e 78 66 2e 4b 7a 29 3b 5f 2e 75 28 22 67 61 64 67 65 74 73 2e 72 70 63 2e 73 65 74 75 70 52 65 63 65 69 76 65 72 22 2c 5f 2e 78 66 2e 53 74 29 3b 5f 2e 75 28 22 67 61 64 67 65 74 73 2e 72 70 63 2e 67 65 74 41 75 74 68 54 6f 6b 65 6e 22 2c 5f 2e 78 66 2e 77 6d 29 3b 0a 5f 2e 75 28 22 67 61 64 67 65 74 73 2e 72 70 63 2e 72 65 6d 6f 76 65 52 65 63 65 69 76 65 72 22 2c 5f 2e 78 66 2e 61 47 29 3b 5f 2e 75 28 22 67 61 64 67 65 74 73 2e 72 70 63 2e 67 65 74 52 65 6c 61 79 43 68 61 6e 6e 65 6c 22 2c 5f 2e 78 66 2e 6d 4e 29 3b 5f 2e 75 28 22 67 61 64 67 65 74 73 2e 72 70 63 2e 72 65 Data Ascii: ts.rpc.setRelayUrl",_.xf.Si);_.u("gadgets.rpc.setAuthToken",_.xf.Kz);_.u("gadgets.rpc.setupReceiver",_.xf.St);_.u("gadgets.rpc.getAuthToken",_.xf.wm);_.u("gadgets.rpc.removeReceiver",_.xf.aG);_.u("gadgets.rpc.getRelayChannel",_.xf.mN);_.u("gadgets.rpc.re
2022-12-09 04:34:46 UTC	327	IN	Data Raw: 6d 2e 73 63 72 65 65 6e 59 2b 6d 2e 63 6c 69 65 6e 74 59 3b 6e 2a 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 25 31 45 36 3b 66 3d 66 2a 6e 25 68 3b 30 3c 63 26 26 2b 2b 64 3d 3d 63 26 26 5f 2e 43 65 2e 6f 33 28 6b 29 7d 3b 0a 30 21 3d 63 26 26 5f 2e 43 65 2e 68 57 28 6b 29 3b 76 61 72 20 6c 3d 61 28 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 2b 22 7c 22 2b 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2b 22 7c 22 2b 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2b 22 7c 22 2b 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6d 3d 66 3b 6d 2b 3d 70 61 72 73 65 49 6e 74 28 6c 2e 73 75 62 73 74 72 28 30 2c 32 30 29 2c 31 36 29 3b 6c 3d 61 28 6c 29 3b 72 65 74 75 72 6e 20 6d 2f 28 68 2b 4d 61 Data Ascii: m.screenY+m.clientY;n=(new Date).getTime()%1E6;f=fn%h;0<c&&++d==c&&_.Ce.o3(k)};0!=c&&_.Ce.hW(k);var l=a(document.cookie+"\|"+document.location+"\|"+(new Date).getTime()+"\|"+e);return function(){var m=f;m+=parseInt(l.substr(0,20),16);l=a(l);return m/(h+Ma
2022-12-09 04:34:46 UTC	329	IN	Data Raw: 22 2e 22 29 5b 30 5d 3b 6c 3d 5f 2e 7a 65 28 22 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6e 66 69 67 2f 76 65 72 73 69 6f 6e 73 2f 22 2b 6b 29 7c 7c 5f 2e 7a 65 28 22 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6e 66 69 67 2f 76 65 72 73 69 6f 6e 73 2f 22 2b 0a 6c 29 7c 7c 22 76 31 22 3b 64 2e 70 75 73 68 28 7b 6a 73 6f 6e 72 70 63 3a 22 32 2e 30 22 2c 69 64 3a 68 2e 69 64 2c 6d 65 74 68 6f 64 3a 6b 2c 61 70 69 56 65 72 73 69 6f 6e 3a 53 74 72 69 6e 67 28 6c 29 2c 70 61 72 61 6d 73 3a 68 2e 70 61 72 61 6d 73 7d 29 7d 62 3d 6d 67 28 7b 68 74 74 70 4d 65 74 68 6f 64 3a 22 50 4f 53 54 22 2c 72 6f 6f 74 3a 61 2e 74 72 61 6e 73 70 6f 72 74 2e 72 6f 6f 74 2c 75 72 6c 3a 22 2f 72 70 63 3f 70 70 3d 30 22 2c 68 65 61 64 65 72 73 3a 7b 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: ".")[0];l=_.ze("googleapis.config/versions/"+k)\|\|_.ze("googleapis.config/versions/"+l)\|\|"v1";d.push({jsonrpc:"2.0",id:h.id,method:k,apiVersion:String(l),params:h.params})}b=mg({httpMethod:"POST",root:a.transport.root,url:"/rpc?pp=0",headers:{"Content-Typ

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3668, Parent PID: 2532

General

Target ID:	0
Start time:	05:34:07
Start date:	09/12/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700
Imagebase:	0x7ff6566b0000
File size:	2852640 bytes
MD5 hash:	7BC7B4AEDC055BB02BCB52710132E9E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4388, Parent PID: 3668

General

Target ID:	1
Start time:	05:34:09
Start date:	09/12/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1792,i,10598242960263132774,10547462125382206053,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6566b0000
File size:	2852640 bytes
MD5 hash:	7BC7B4AEDC055BB02BCB52710132E9E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 7zG.exePID: 5340, Parent PID: 3800

General

Target ID:	13
Start time:	05:35:15
Start date:	09/12/2022
Path:	C:\Program Files\7-Zip\7zG.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\" -an -ai#7zMap23795:90:7zEvent23411
Imagebase:	0xa90000
File size:	581632 bytes
MD5 hash:	04FB3AE7F05C8BC333125972BA907398
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: MiniNews.exePID: 3924, Parent PID: 3800

General

Target ID:	14
Start time:	05:35:42
Start date:	09/12/2022
Path:	C:\Users\user\Downloads\Utils\MiniNews.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Downloads\Utils\MiniNews.exe"
Imagebase:	0xa0000
File size:	4239872 bytes
MD5 hash:	5F855B18F8B30ACAF2E9764E99FEA3A3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 10%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: MiniNews.exePID: 5696, Parent PID: 3800

General

Target ID:	15
Start time:	05:35:56
Start date:	09/12/2022
Path:	C:\Users\user\Downloads\Utils\MiniNews.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Downloads\Utils\MiniNews.exe"
Imagebase:	0xa0000
File size:	4239872 bytes
MD5 hash:	5F855B18F8B30ACAF2E9764E99FEA3A3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: MiniNews.exePID: 3924, Parent PID: 3800COMMON

Execution Graph

Execution Coverage:	6.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	12.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	103

Executed Functions

Function 6E4EEF30 Relevance: 156.8, APIs: 30, Strings: 59, Instructions: 1015
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCommandLineW.KERNEL32(E97A779A), ref: 6E4EEF60
GetModuleFileNameW.KERNEL32(?,00000104), ref: 6E4EEFC2

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

Part of subcall function 6E4ED8F0: FindResourceExW.KERNEL32(00000000,00000006,000000AD,00000000,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A), ref: 6E4ED946
Part of subcall function 6E4ED8F0: FindResourceW.KERNEL32(00000000,?,00000006,000000FF), ref: 6E4ED984

SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,?,?,?,?,?,?,?), ref: 6E4EF0A9
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E4EF158
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E4EF161
PathCombineW.SHLWAPI(?,?,ComputerZ.set,?,?,?,?,?,?,?,?,?,?,?), ref: 6E4EF1CB
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E4EF211
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E4EF21E
PathAppendW.SHLWAPI(?,ComputerZ_CN.exe,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E4EF230
PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E4EF23D

Strings

InstallDate, xrefs: 6E4EF3AB, 6E4EF646, 6E4EF805, 6E4EFB55
Software\360Desktop, xrefs: 6E4EF8BA
SOFTWARE\QiLu Inc.\mininews\v2, xrefs: 6E4EF36D
SOFTWARE\QiLu Inc.\mininews\lds, xrefs: 6E4EF37C
360wp, xrefs: 6E4EF5E8
SOFTWARE\QiLu Inc.\mininews_bizhi, xrefs: 6E4EF617
SOFTWARE\QiLu Inc.\mininews_masterpdf\v2, xrefs: 6E4EFCE3
Date, xrefs: 6E4EFD12
ldslite_mini, xrefs: 6E4EF7E5
SOFTWARE\QiLu Inc.\mininews_lite, xrefs: 6E4EF7D6
ludashi\Log\DisPatchMini.log, xrefs: 6E4EF2FB
lds_mini, xrefs: 6E4EF38B
ldslite, xrefs: 6E4EF74A, 6E4EF7A7
VendorID, xrefs: 6E4EF29B, 6E4EF6F6
ComputerZ.set, xrefs: 6E4EF1B7
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360wpapp.exe, xrefs: 6E4EF64B
Q360ComputerzMiniNewsMutextNameLds, xrefs: 6E4EF3A1
Q360ComputerzMiniNewsMutextNameMasterPdf, xrefs: 6E4EFD08
bizhi_mini, xrefs: 6E4EF626
360Desktop.exe, xrefs: 6E4EF83E
SOFTWARE\QiLu Inc.\mininews_ldsgamemaster, xrefs: 6E4EFB26
SOFTWARE\QiLu Inc.\mininews_desktop, xrefs: 6E4EF995
MasterPDF.exe, xrefs: 6E4EFB9B
Software\LDSGameMaster, xrefs: 6E4EFA4B
MasterPDF, xrefs: 6E4EFCC3
ComputerZ_CN.exe, xrefs: 6E4EF224
desktop_mini, xrefs: 6E4EF9A4
360wp\Log\DisPatchMini.log, xrefs: 6E4EF597
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MasterPDF.exe, xrefs: 6E4EFC17, 6E4EFD17
MasterPDFData\Log\DisPatchMini.log, xrefs: 6E4EFC72
$, xrefs: 6E4EFD2F
xundu, xrefs: 6E4EFC66
LDSGameHall\LDSGameHall.exe, xrefs: 6E4EF9CF
ldslite\Log\DisPatchMini.log, xrefs: 6E4EF756
Software\360WallPaper, xrefs: 6E4EF53C
SOFTWARE\QiLu Inc.\mininews_bizhi\v2, xrefs: 6E4EF608
Pid, xrefs: 6E4EFC12
SOFTWARE\QiLu Inc.\mininews_desktop\v2, xrefs: 6E4EF986
SOFTWARE\QiLu Inc.\mininews_lite\v2, xrefs: 6E4EF7C7
masterpdf_mini, xrefs: 6E4EFCF2
360Desktop, xrefs: 6E4EF966
Q360ComputerzMiniNewsMutextNameLdsGameMaster, xrefs: 6E4EFB4B
SOFTWARE\Ludashi, xrefs: 6E4EF2A0, 6E4EF3B0
SOFTWARE\QiLu Inc.\mininews_ldsgamemaster\v2, xrefs: 6E4EFB17
gamemaster, xrefs: 6E4EFA9A
gamemaster_mini, xrefs: 6E4EFB35
LdsLite.exe, xrefs: 6E4EF67F
ludashi, xrefs: 6E4EF2EF, 6E4EF34D
bizhi, xrefs: 6E4EF58B
360Desktop\Log\DisPatchMini.log, xrefs: 6E4EF915
Q360ComputerzMiniNewsMutextName, xrefs: 6E4EF63C, 6E4EF9BA
Q360ComputerzMiniNewsMutextNameLiteLds, xrefs: 6E4EF7FB
LDSGameMaster\Log\DisPatchMini.log, xrefs: 6E4EFAA6
PID, xrefs: 6E4EF537, 6E4EF8B5, 6E4EFA46
360wpapp.exe, xrefs: 6E4EF4BF
SOFTWARE\LDSGameMaster, xrefs: 6E4EFB5A
SOFTWARE\LdsLite, xrefs: 6E4EF6FB, 6E4EF80A
360desktop, xrefs: 6E4EF909
LDSGameMaster, xrefs: 6E4EFAF7

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Path$File$RemoveSpec$FindResource$AppendCombineCommandExistsFolderHeapLineModuleNameProcessSpecial
String ID: $$360Desktop$360Desktop.exe$360Desktop\Log\DisPatchMini.log$360desktop$360wp$360wp\Log\DisPatchMini.log$360wpapp.exe$ComputerZ.set$ComputerZ_CN.exe$Date$InstallDate$LDSGameHall\LDSGameHall.exe$LDSGameMaster$LDSGameMaster\Log\DisPatchMini.log$LdsLite.exe$MasterPDF$MasterPDF.exe$MasterPDFData\Log\DisPatchMini.log$PID$Pid$Q360ComputerzMiniNewsMutextName$Q360ComputerzMiniNewsMutextNameLds$Q360ComputerzMiniNewsMutextNameLdsGameMaster$Q360ComputerzMiniNewsMutextNameLiteLds$Q360ComputerzMiniNewsMutextNameMasterPdf$SOFTWARE\LDSGameMaster$SOFTWARE\LdsLite$SOFTWARE\Ludashi$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360wpapp.exe$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MasterPDF.exe$SOFTWARE\QiLu Inc.\mininews\lds$SOFTWARE\QiLu Inc.\mininews\v2$SOFTWARE\QiLu Inc.\mininews_bizhi$SOFTWARE\QiLu Inc.\mininews_bizhi\v2$SOFTWARE\QiLu Inc.\mininews_desktop$SOFTWARE\QiLu Inc.\mininews_desktop\v2$SOFTWARE\QiLu Inc.\mininews_ldsgamemaster$SOFTWARE\QiLu Inc.\mininews_ldsgamemaster\v2$SOFTWARE\QiLu Inc.\mininews_lite$SOFTWARE\QiLu Inc.\mininews_lite\v2$SOFTWARE\QiLu Inc.\mininews_masterpdf\v2$Software\360Desktop$Software\360WallPaper$Software\LDSGameMaster$VendorID$bizhi$bizhi_mini$desktop_mini$gamemaster$gamemaster_mini$lds_mini$ldslite$ldslite\Log\DisPatchMini.log$ldslite_mini$ludashi$ludashi\Log\DisPatchMini.log$masterpdf_mini$xundu
API String ID: 2088768853-2175282626
Opcode ID: 68f97a9d5958728c2c85a7115d5dbeea2d6be25368bc8a6d5f9a58a37a70e178
Instruction ID: dd6cfb99b73f898429b57bad06db20666bcf40fba1b8be19e2c1c3447466556f
Opcode Fuzzy Hash: 68f97a9d5958728c2c85a7115d5dbeea2d6be25368bc8a6d5f9a58a37a70e178
Instruction Fuzzy Hash: 39928C71601609DBDB10DFF4CC88EDAB3F8BF44309F508A9DA1599B691EB71AA45CF80

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DEDB0 Relevance: 61.8, APIs: 26, Strings: 9, Instructions: 529
networkfilesynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E6E3DEDB0(void* __ecx, void* __fp0) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t180;
				signed int _t182;
				WCHAR* _t189;
				void* _t194;
				void* _t195;
				long _t197;
				void* _t200;
				void* _t201;
				void* _t202;
				void* _t203;
				intOrPtr _t204;
				long _t211;
				long _t215;
				void* _t217;
				void* _t220;
				long _t228;
				void* _t229;
				long _t230;
				long _t232;
				long _t239;
				long _t242;
				signed int _t247;
				long _t249;
				long _t254;
				void* _t264;
				long _t276;
				void* _t279;
				long _t283;
				intOrPtr* _t288;
				void* _t289;
				long _t293;
				long _t302;
				intOrPtr _t329;
				long _t341;
				void* _t347;
				void* _t354;
				intOrPtr _t356;
				void* _t357;
				void* _t360;
				void* _t362;
				long _t365;
				void* _t366;
				void* _t370;
				WCHAR* _t373;
				long _t376;
				void* _t377;
				void* _t378;
				void* _t379;
				long _t382;
				void* _t383;
				void* _t386;
				void* _t388;
				signed int _t389;
				void* _t394;

				_t394 = __fp0;
				_push(0xffffffff);
				_push(E6E3FA7B7);
				_push( *[fs:0x0]);
				_t389 = _t388 - 0xb8;
				_t180 =  *0x6e405204; // 0x2276585c
				 *(_t389 + 0xb4) = _t180 ^ _t389;
				_t182 =  *0x6e405204; // 0x2276585c
				_push(_t182 ^ _t389);
				 *[fs:0x0] = _t389 + 0xcc;
				_t356 =  *((intOrPtr*)(_t389 + 0xdc));
				_t386 = __ecx;
				 *((intOrPtr*)(_t389 + 0x3c)) =  *((intOrPtr*)(_t389 + 0xe0));
				 *(_t389 + 0x30) = 0;
				 *(_t389 + 0x44) = 4;
				InternetQueryOptionW(0, 0x49, _t389 + 0x24, _t389 + 0x34);
				if( *(_t389 + 0x20) < 5) {
					 *(_t389 + 0x24) = 5;
					InternetSetOptionW(0, 0x49, _t389 + 0x24, 4);
				}
				_t288 = _t386 + 0x55c0;
				E6E3DCF30(_t288);
				if( *((intOrPtr*)(_t386 + 0x7628)) != 0) {
					 *(_t389 + 0x30) = 0;
					_t373 = _t386 + 0x4dc0;
					_t189 = _t373;
					_t344 =  &(_t189[1]);
					do {
						_t293 =  *_t189;
						_t189 =  &(_t189[1]);
						__eflags = _t293;
					} while (_t293 != 0);
					__eflags = _t189 - _t344;
					if(__eflags == 0) {
						L9:
						_push(_t386);
						_push(_t386 + 0x564);
						_push(_t386 + 0x45c0);
						 *((intOrPtr*)(_t389 + 0x54)) = 0;
						 *(_t389 + 0x5c) = 0;
						 *(_t389 + 0x44) = 0;
						 *((char*)(_t389 + 0x33)) = 0;
						 *((char*)(_t389 + 0x3b)) = 0;
						E6E3DE9B0(_t386, __eflags, _t389 + 0x50, _t389 + 0x54, _t389 + 0x38, _t356);
						__eflags =  *(_t389 + 0x38);
						if( *(_t389 + 0x38) == 0) {
							L56:
							__eflags =  *(_t386 + 0xe4);
							_t357 = _t386 + 0xe4;
							if( *(_t386 + 0xe4) != 0) {
								L61:
								__eflags =  *((char*)(_t389 + 0x17));
								if( *((char*)(_t389 + 0x17)) != 0) {
									 *(_t386 + 0xc0) = 0;
								} else {
									__eflags =  *(_t386 + 0xc0);
									if( *(_t386 + 0xc0) == 0) {
										 *(_t386 + 0xc0) = GetLastError();
									}
									_t215 =  *(_t386 + 0x762c);
									__eflags = _t215;
									if(_t215 != 0) {
										 *(_t386 + 0xc0) = _t215;
									}
								}
								_t194 =  *(_t389 + 0x30);
								__eflags = _t194;
								if(_t194 != 0) {
									CloseHandle(_t194);
								}
								_t195 =  *(_t389 + 0x28);
								__eflags = _t195;
								if(_t195 == 0) {
									SetEvent( *(_t386 + 0x7630));
								} else {
									_t211 = InternetCloseHandle(_t195);
									__eflags = _t211;
									if(_t211 == 0) {
										_push(GetLastError());
										E6E3D7C70(_t288, _t357, _t386, 0x6e4064d8, "[%u] [WARN] Close Request Handle failed %d", _t386);
										_t389 = _t389 + 0x10;
									}
								}
								_t197 = GetTickCount();
								_t344 =  *(_t386 + 0x7630);
								_t358 = _t197;
								_t376 = WaitForSingleObject( *(_t386 + 0x7630), 0xffffffff);
								_t200 = GetTickCount() - _t197;
								__eflags = _t200 - 0x2710;
								if(_t200 <= 0x2710) {
									__eflags = _t200 - 0x64;
									if(_t200 <= 0x64) {
										goto L78;
									}
									_push(_t376);
									_push(_t200);
									_push(_t386);
									_push("[%u] Wait FinalClean cost %d ms, result %d");
									goto L77;
								} else {
									_push(_t376);
									_push(_t200);
									_push(_t386);
									_push("[%u] [WARN] Wait FinalClean cost %d ms, result %d");
									L77:
									_push(0x6e4064d8);
									E6E3D7C70(_t288, _t358, _t386);
									_t389 = _t389 + 0x14;
									L78:
									_t201 =  *(_t389 + 0x40);
									__eflags = _t201;
									if(_t201 != 0) {
										InternetCloseHandle(_t201);
									}
									_t377 =  *(_t389 + 0x38);
									__eflags = _t377;
									if(_t377 != 0) {
										__imp__InternetSetStatusCallbackA(_t377, 0);
										InternetCloseHandle(_t377);
									}
									_t202 =  *(_t288 + 0x2068);
									__eflags = _t202;
									if(_t202 != 0) {
										CloseHandle(_t202);
										 *(_t288 + 0x2068) = 0;
									}
									_t203 =  *(_t288 + 0x2070);
									__eflags = _t203;
									if(_t203 != 0) {
										CloseHandle(_t203);
										 *(_t288 + 0x2070) = 0;
									}
									_t204 =  *((intOrPtr*)(_t389 + 0x17));
									goto L87;
								}
							}
							_t379 = _t386 + 0x75e8;
							_t217 = _t379;
							_t347 = _t217 + 1;
							do {
								_t302 =  *_t217;
								_t217 = _t217 + 1;
								__eflags = _t302;
							} while (_t302 != 0);
							__eflags = _t217 != _t347;
							if(_t217 != _t347) {
								memcpy(_t357, _t379, 0x10 << 2);
								_t389 = _t389 + 0xc;
								_t357 = _t379 + 0x20;
							}
							goto L61;
						}
						__eflags =  *(_t389 + 0x40);
						if( *(_t389 + 0x40) == 0) {
							goto L56;
						}
						_t220 =  *(_t389 + 0x28);
						__eflags = _t220;
						if(_t220 == 0) {
							goto L56;
						}
						_t362 = _t386 + 0x25c0;
						 *(_t389 + 0x34) = 0;
						 *(_t389 + 0x2c) = 0x1fff;
						HttpQueryInfoA(_t220, 0x80000016, _t362, _t389 + 0x1c, _t389 + 0x24);
						_push( *((intOrPtr*)(_t389 + 0xe4)));
						_push( *(_t389 + 0x2c));
						_push( *(_t389 + 0x28));
						 *(_t389 + 0x2c) = E6E3DD4B0(_t386, _t394);
						 *(_t389 + 0x2c) = 0;
						 *(_t389 + 0x38) = 0x1fff;
						HttpQueryInfoA( *(_t389 + 0x34), 0x80000016, _t362, _t389 + 0x28, _t389 + 0x18);
						E6E3E2850( *(_t389 + 0x34), _t389 + 0x8c, 0, 0x40);
						_t228 = E6E3DD380(__eflags,  *(_t389 + 0x34), _t389 + 0x98, 0x40);
						_t389 = _t389 + 0x18;
						__eflags = _t228;
						if(_t228 != 0) {
							__eflags =  *(_t389 + 0x88);
							if( *(_t389 + 0x88) == 0) {
								L21:
								__eflags =  *(_t386 + 0x762c);
								if( *(_t386 + 0x762c) != 0) {
									goto L56;
								}
								__eflags =  *(_t389 + 0x2c);
								if( *(_t389 + 0x2c) == 0) {
									goto L56;
								}
								_t229 = _t386 + 0xbc;
								 *_t229 = 0;
								 *(_t389 + 0x5c) = 4;
								_t230 = HttpQueryInfoA( *(_t389 + 0x28), 0x20000013, _t229, _t389 + 0x4c, 0);
								__eflags = _t230;
								if(_t230 == 0) {
									goto L56;
								}
								_t352 =  *(_t389 + 0x28);
								_t364 = _t386 + 0x5c0;
								 *(_t389 + 0x2c) = 0;
								 *(_t389 + 0x38) = 0x2000;
								_t232 = HttpQueryInfoA( *(_t389 + 0x28), 0x16, _t386 + 0x5c0, _t389 + 0x28, _t389 + 0x18);
								__eflags = _t232;
								if(_t232 == 0) {
									goto L56;
								}
								E6E3D54D0(_t389 + 0x20);
								 *(_t389 + 0x1c) = _t389;
								 *((intOrPtr*)(_t389 + 0xdc)) = 0;
								E6E3D6400(_t386, _t364);
								E6E3D6000(_t389 + 0x24, _t352, _t389 + 0x20);
								 *(_t389 + 0x1c) = _t389;
								E6E3D6400(_t386, "Content-Length");
								E6E3D6530(_t288, _t389 + 0x28, __eflags, _t389 + 0x40, _t389 + 0x24);
								 *((char*)(_t389 + 0xd8)) = 1;
								_t239 = E6E3E3F7F( *((intOrPtr*)(_t389 + 0x3c)));
								 *(_t389 + 0x1c) = _t389;
								 *(_t386 + 0x12c) = _t239;
								 *((intOrPtr*)(_t386 + 0xcc)) = 0;
								E6E3D6400(_t386, "Transfer-Encoding");
								_t353 = _t389 + 0x48;
								_push(_t389 + 0x48);
								E6E3D6530(_t288, _t389 + 0x28, __eflags);
								_t242 =  *(_t386 + 0x12c);
								 *(_t389 + 0xd4) = 2;
								__eflags = _t242;
								if(_t242 == 0) {
									L28:
									_push(0x4000);
									L29:
									E6E3DDAB0(_t386 + 0x5a4);
									 *(_t389 + 0x1c) = _t389;
									E6E3D6400(_t386, "Content-Encoding");
									E6E3D6530(_t288, _t389 + 0x28, __eflags, _t389 + 0x38, _t386 + 0x5a4);
									 *((char*)(_t389 + 0xd8)) = 3;
									_t247 = E6E3D4EA0(_t389 + 0x38, "gzip");
									asm("sbb eax, eax");
									_t249 =  ~_t247 + 1;
									__eflags = _t249;
									 *(_t386 + 0xd0) = _t249;
									 *(_t386 + 0x13c) = 0;
									E6E3DD000(_t389 + 0x50, _t249, L"gzip");
									 *(_t389 + 0xd4) = 4;
									GetTickCount();
									_t365 =  *(_t386 + 4);
									 *(_t389 + 0x24) = _t365;
									while(1) {
										 *((intOrPtr*)(_t288 + 4)) = 0;
										 *((intOrPtr*)(_t288 + 8)) = 0;
										 *((intOrPtr*)(_t288 + 0xc)) = 0;
										 *((intOrPtr*)(_t288 + 0x10)) = 0;
										 *((intOrPtr*)(_t288 + 0x14)) = 0;
										 *((intOrPtr*)(_t288 + 0x18)) = 0;
										 *((intOrPtr*)(_t288 + 0x1c)) = 0;
										 *((intOrPtr*)(_t288 + 0x20)) = 0;
										 *((intOrPtr*)(_t288 + 0x24)) = 0;
										 *_t288 = 0x28;
										 *((intOrPtr*)(_t386 + 0x55d4)) = _t386 + 0x55e8;
										 *(_t386 + 0x55d8) = 0x2000;
										__eflags =  *(_t365 + 0x4c);
										if( *(_t365 + 0x4c) != 0) {
											 *(_t386 + 0x55d8) = 0x400;
										}
										_t254 = WaitForSingleObject( *(_t386 + 0x59c), 0);
										__eflags = _t254;
										if(_t254 == 0) {
											break;
										}
										_t353 =  *(_t389 + 0x28);
										__imp__InternetReadFileExA( *(_t389 + 0x28), _t288, 0, 0); // executed
										__eflags = _t254;
										if(_t254 != 0) {
											L35:
											_t382 =  *(_t386 + 0x55d8);
											__eflags = _t382;
											if(_t382 == 0) {
												 *((char*)(_t389 + 0x1f)) = 1;
												break;
											}
											 *(_t386 + 0x13c) =  *(_t386 + 0x13c) + _t382;
											E6E3D4C00(_t382);
											E6E3D7E10(_t365 + 0x40, _t382);
											E6E3D7E10(_t386 + 0x50, _t382);
											__eflags =  *(_t386 + 0xd0);
											_t366 = _t386 + 0x55e8;
											if( *(_t386 + 0xd0) == 0) {
												L39:
												_t264 =  *(_t389 + 0x30);
												__eflags = _t264;
												if(_t264 == 0) {
													E6E3D8C60(_t386 + 0x5a4, _t366, _t382);
													L43:
													__eflags =  *(_t386 + 0xd0);
													if( *(_t386 + 0xd0) != 0) {
														__eflags =  *(_t386 + 0x55c);
														if( *(_t386 + 0x55c) != 0) {
															__eflags = _t366;
															if(__eflags != 0) {
																_push(_t366);
																E6E3E27B2(_t288, _t366, _t382, __eflags);
																_t389 = _t389 + 4;
															}
														}
													}
													 *((intOrPtr*)(_t386 + 0xcc)) =  *((intOrPtr*)(_t386 + 0xcc)) + _t382;
													E6E3D86B0(_t394,  *(_t389 + 0x24) + 0x40);
													_t365 =  *(_t389 + 0x24);
													continue;
												}
												 *(_t389 + 0x40) = 0;
												WriteFile(_t264, _t366, _t382, _t389 + 0x30, 0);
												__eflags =  *(_t389 + 0x2c) - _t382;
												if( *(_t389 + 0x2c) != _t382) {
													break;
												}
												goto L43;
											}
											__eflags =  *(_t386 + 0x55c);
											if( *(_t386 + 0x55c) == 0) {
												goto L39;
											}
											_push(_t382);
											_push(_t386 + 0x55e8);
											_t366 = E6E3DD070(_t288, _t389 + 0x54, _t353, _t382, _t386);
											_t382 = E6E3DD1B0(_t366);
											__eflags = _t366;
											if(_t366 == 0) {
												_t353 =  *(_t389 + 0x4c);
												_push( *(_t389 + 0x4c));
												_push( *((intOrPtr*)(_t386 + 0xcc)));
												E6E3D7C70(_t288, _t366, _t386, 0x6e4064d8, "[%u] gzip uncompress error, offset %d, zlib_code:%d", _t386);
												_t389 = _t389 + 0x14;
												 *(_t386 + 0xc0) = 0xc353;
												break;
											}
											goto L39;
										}
										_t276 = E6E3DD3C0(_t386);
										__eflags = _t276;
										if(_t276 == 0) {
											break;
										}
										goto L35;
									}
									__eflags =  *(_t386 + 0xc0);
									if( *(_t386 + 0xc0) != 0) {
										L55:
										E6E3F6DD0(_t389 + 0x50);
										_t389 = _t389 + 4;
										E6E3D4ED0(_t389 + 0x34, _t353);
										E6E3D4ED0(_t389 + 0x44, _t353);
										E6E3D4ED0(_t389 + 0x3c, _t353);
										 *(_t389 + 0xd4) = 0xffffffff;
										E6E3D4ED0(_t389 + 0x20, _t353);
										goto L56;
									}
									__eflags =  *((char*)(_t389 + 0x1f));
									if( *((char*)(_t389 + 0x1f)) == 0) {
										goto L55;
									}
									_t329 =  *((intOrPtr*)(_t389 + 0x3c));
									__eflags =  *(_t329 - 0xc);
									if( *(_t329 - 0xc) == 0) {
										L54:
										 *((char*)(_t389 + 0x17)) = 1;
										goto L55;
									}
									_t353 =  *(_t386 + 0x13c);
									__eflags =  *(_t386 + 0x13c) -  *(_t386 + 0x12c);
									if( *(_t386 + 0x13c) <  *(_t386 + 0x12c)) {
										goto L55;
									}
									goto L54;
								}
								__eflags =  *(_t389 + 0x30);
								if( *(_t389 + 0x30) != 0) {
									goto L28;
								}
								_push(_t242 + 0x40);
								goto L29;
							}
							_t383 = _t389 + 0x88;
							L20:
							memcpy(_t386 + 0xe4, _t383, 0x10 << 2);
							_t389 = _t389 + 0xc;
							goto L21;
						}
						__eflags =  *(_t386 + 0xe4) - _t228;
						if( *(_t386 + 0xe4) != _t228) {
							goto L21;
						}
						_t354 = _t386 + 0x75e8;
						_t279 = _t354;
						_t370 = _t279 + 1;
						do {
							_t341 =  *_t279;
							_t279 = _t279 + 1;
							__eflags = _t341;
						} while (_t341 != 0);
						__eflags = _t279 == _t370;
						if(_t279 == _t370) {
							goto L21;
						}
						_t383 = _t354;
						goto L20;
					}
					_push(0);
					_push(_t293);
					 *(_t389 + 0x20) = _t389;
					E6E3D7A20(_t373);
					E6E3DE7E0();
					_t389 = _t389 + 8;
					_t283 = CreateFileW(_t373, 0xc0000000, 1, 0, 2, 0x80, 0);
					 *(_t389 + 0x30) = _t283;
					__eflags = _t283 - 0xffffffff;
					if(__eflags != 0) {
						goto L9;
					} else {
						 *(_t386 + 0xc0) = GetLastError();
						_t204 = 0;
						goto L87;
					}
				} else {
					 *(_t386 + 0xc0) = 8;
					_t204 = 0;
					L87:
					 *[fs:0x0] =  *((intOrPtr*)(_t389 + 0xcc));
					_pop(_t360);
					_pop(_t378);
					_pop(_t289);
					return E6E3E2840(_t204, _t289,  *(_t389 + 0xb4) ^ _t389, _t344, _t360, _t378);
				}
			}

0x6e3dedb0
0x6e3dedb0
0x6e3dedb2
0x6e3dedbd
0x6e3dedbe
0x6e3dedc4
0x6e3dedcb
0x6e3dedd6
0x6e3deddd
0x6e3dede5
0x6e3dedf2
0x6e3dedf9
0x6e3dee0a
0x6e3dee0e
0x6e3dee12
0x6e3dee1a
0x6e3dee29
0x6e3dee2d
0x6e3dee39
0x6e3dee39
0x6e3dee3f
0x6e3dee47
0x6e3dee52
0x6e3dee65
0x6e3dee69
0x6e3dee6f
0x6e3dee71
0x6e3dee74
0x6e3dee74
0x6e3dee77
0x6e3dee7a
0x6e3dee7a
0x6e3dee7f
0x6e3dee83
0x6e3deed1
0x6e3deed1
0x6e3deed8
0x6e3deedf
0x6e3deef4
0x6e3deef8
0x6e3deefc
0x6e3def00
0x6e3def05
0x6e3def0a
0x6e3def0f
0x6e3def13
0x6e3df3a2
0x6e3df3a2
0x6e3df3a9
0x6e3df3af
0x6e3df3d2
0x6e3df3d2
0x6e3df3dd
0x6e3df402
0x6e3df3df
0x6e3df3df
0x6e3df3e6
0x6e3df3ea
0x6e3df3ea
0x6e3df3f0
0x6e3df3f6
0x6e3df3f8
0x6e3df3fa
0x6e3df3fa
0x6e3df3f8
0x6e3df40c
0x6e3df410
0x6e3df412
0x6e3df415
0x6e3df415
0x6e3df41b
0x6e3df41f
0x6e3df421
0x6e3df44d
0x6e3df423
0x6e3df424
0x6e3df42a
0x6e3df42c
0x6e3df430
0x6e3df43c
0x6e3df441
0x6e3df441
0x6e3df42c
0x6e3df453
0x6e3df459
0x6e3df462
0x6e3df46a
0x6e3df472
0x6e3df474
0x6e3df479
0x6e3df485
0x6e3df488
0x00000000
0x00000000
0x6e3df48a
0x6e3df48b
0x6e3df48c
0x6e3df48d
0x00000000
0x6e3df47b
0x6e3df47b
0x6e3df47c
0x6e3df47d
0x6e3df47e
0x6e3df492
0x6e3df492
0x6e3df497
0x6e3df49c
0x6e3df49f
0x6e3df49f
0x6e3df4a5
0x6e3df4a7
0x6e3df4aa
0x6e3df4aa
0x6e3df4b0
0x6e3df4b4
0x6e3df4b6
0x6e3df4ba
0x6e3df4c1
0x6e3df4c1
0x6e3df4c7
0x6e3df4cd
0x6e3df4cf
0x6e3df4d2
0x6e3df4d8
0x6e3df4d8
0x6e3df4de
0x6e3df4e4
0x6e3df4e6
0x6e3df4e9
0x6e3df4ef
0x6e3df4ef
0x6e3df4f5
0x00000000
0x6e3df4f5
0x6e3df479
0x6e3df3b1
0x6e3df3b7
0x6e3df3b9
0x6e3df3c0
0x6e3df3c0
0x6e3df3c2
0x6e3df3c3
0x6e3df3c3
0x6e3df3c7
0x6e3df3c9
0x6e3df3d0
0x6e3df3d0
0x6e3df3d0
0x6e3df3d0
0x00000000
0x6e3df3c9
0x6e3def19
0x6e3def1d
0x00000000
0x00000000
0x6e3def23
0x6e3def27
0x6e3def29
0x00000000
0x00000000
0x6e3def39
0x6e3def45
0x6e3def50
0x6e3def58
0x6e3def69
0x6e3def6a
0x6e3def6b
0x6e3def73
0x6e3def8c
0x6e3def94
0x6e3def9c
0x6e3defaa
0x6e3defba
0x6e3defbf
0x6e3defc2
0x6e3defc4
0x6e3defef
0x6e3deff7
0x6e3df013
0x6e3df013
0x6e3df01a
0x00000000
0x00000000
0x6e3df020
0x6e3df025
0x00000000
0x00000000
0x6e3df036
0x6e3df043
0x6e3df049
0x6e3df051
0x6e3df053
0x6e3df055
0x00000000
0x00000000
0x6e3df05b
0x6e3df069
0x6e3df073
0x6e3df07b
0x6e3df083
0x6e3df085
0x6e3df087
0x00000000
0x00000000
0x6e3df091
0x6e3df099
0x6e3df0a0
0x6e3df0a7
0x6e3df0b0
0x6e3df0b8
0x6e3df0c1
0x6e3df0cf
0x6e3df0d9
0x6e3df0e1
0x6e3df0e8
0x6e3df0f1
0x6e3df0f7
0x6e3df0fd
0x6e3df102
0x6e3df106
0x6e3df10b
0x6e3df110
0x6e3df116
0x6e3df11e
0x6e3df120
0x6e3df12e
0x6e3df12e
0x6e3df133
0x6e3df139
0x6e3df141
0x6e3df14a
0x6e3df158
0x6e3df166
0x6e3df16e
0x6e3df175
0x6e3df177
0x6e3df177
0x6e3df181
0x6e3df187
0x6e3df18d
0x6e3df192
0x6e3df19a
0x6e3df1a0
0x6e3df1a3
0x6e3df1a7
0x6e3df1a9
0x6e3df1ac
0x6e3df1af
0x6e3df1b2
0x6e3df1b5
0x6e3df1b8
0x6e3df1bb
0x6e3df1be
0x6e3df1c1
0x6e3df1ca
0x6e3df1d0
0x6e3df1d6
0x6e3df1e0
0x6e3df1e4
0x6e3df1e6
0x6e3df1e6
0x6e3df1f9
0x6e3df1ff
0x6e3df201
0x00000000
0x00000000
0x6e3df207
0x6e3df211
0x6e3df217
0x6e3df219
0x6e3df22a
0x6e3df22a
0x6e3df230
0x6e3df232
0x6e3df309
0x00000000
0x6e3df309
0x6e3df238
0x6e3df245
0x6e3df24e
0x6e3df257
0x6e3df25c
0x6e3df263
0x6e3df269
0x6e3df297
0x6e3df297
0x6e3df29b
0x6e3df29d
0x6e3df2c7
0x6e3df2cc
0x6e3df2cc
0x6e3df2d3
0x6e3df2d5
0x6e3df2dc
0x6e3df2de
0x6e3df2e0
0x6e3df2e2
0x6e3df2e3
0x6e3df2e8
0x6e3df2e8
0x6e3df2e0
0x6e3df2dc
0x6e3df2ef
0x6e3df2fb
0x6e3df300
0x00000000
0x6e3df300
0x6e3df2a9
0x6e3df2b1
0x6e3df2b7
0x6e3df2bb
0x00000000
0x00000000
0x00000000
0x6e3df2bd
0x6e3df26b
0x6e3df272
0x00000000
0x00000000
0x6e3df274
0x6e3df27b
0x6e3df285
0x6e3df291
0x6e3df293
0x6e3df295
0x6e3df310
0x6e3df31a
0x6e3df31b
0x6e3df327
0x6e3df32c
0x6e3df32f
0x00000000
0x6e3df32f
0x00000000
0x6e3df295
0x6e3df21d
0x6e3df222
0x6e3df224
0x00000000
0x00000000
0x00000000
0x6e3df224
0x6e3df339
0x6e3df340
0x6e3df366
0x6e3df36b
0x6e3df370
0x6e3df377
0x6e3df380
0x6e3df389
0x6e3df392
0x6e3df39d
0x00000000
0x6e3df39d
0x6e3df342
0x6e3df347
0x00000000
0x00000000
0x6e3df349
0x6e3df34d
0x6e3df351
0x6e3df361
0x6e3df361
0x00000000
0x6e3df361
0x6e3df353
0x6e3df359
0x6e3df35f
0x00000000
0x00000000
0x00000000
0x6e3df35f
0x6e3df122
0x6e3df126
0x00000000
0x00000000
0x6e3df12b
0x00000000
0x6e3df12b
0x6e3deff9
0x6e3df000
0x6e3df00b
0x6e3df00b
0x00000000
0x6e3df00d
0x6e3defc6
0x6e3defcc
0x00000000
0x00000000
0x6e3defce
0x6e3defd4
0x6e3defd6
0x6e3defe0
0x6e3defe0
0x6e3defe2
0x6e3defe3
0x6e3defe3
0x6e3defe7
0x6e3defe9
0x00000000
0x00000000
0x6e3defeb
0x00000000
0x6e3defeb
0x6e3dee85
0x6e3dee87
0x6e3dee8a
0x6e3dee8f
0x6e3dee94
0x6e3dee99
0x6e3deeaf
0x6e3deeb5
0x6e3deeb9
0x6e3deebc
0x00000000
0x6e3deebe
0x6e3deec4
0x6e3deeca
0x00000000
0x6e3deeca
0x6e3dee54
0x6e3dee54
0x6e3dee5e
0x6e3df4f9
0x6e3df500
0x6e3df508
0x6e3df509
0x6e3df50b
0x6e3df520
0x6e3df520

APIs

InternetQueryOptionW.WININET ref: 6E3DEE1A
InternetSetOptionW.WININET(00000000,00000049,00000000,00000004), ref: 6E3DEE39
CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 6E3DEEAF
GetLastError.KERNEL32 ref: 6E3DEEBE

Part of subcall function 6E3DE9B0: InternetOpenW.WININET(00000000,00000001,00000000,00000000,10000000), ref: 6E3DEA4A
Part of subcall function 6E3DE9B0: InternetSetStatusCallbackA.WININET(00000000,6E3DD1E0), ref: 6E3DEA60
Part of subcall function 6E3DE9B0: InternetSetOptionW.WININET(?,00000002,?,00000004), ref: 6E3DEA95
Part of subcall function 6E3DE9B0: InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 6E3DEAA3
Part of subcall function 6E3DE9B0: InternetSetOptionW.WININET(?,00000005,?,00000004), ref: 6E3DEAB1
Part of subcall function 6E3DE9B0: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 6E3DEACA

HttpQueryInfoA.WININET(?,80000016,?,?,00000000), ref: 6E3DEF58

Part of subcall function 6E3DD4B0: SetLastError.KERNEL32(00000000,?,70C92000,?,?,6E3DEF73,?,00001FFF,?), ref: 6E3DD4D3
Part of subcall function 6E3DD4B0: HttpSendRequestA.WININET(\Xv",00000000,00000000,?,?), ref: 6E3DD4F2

HttpQueryInfoA.WININET(?,80000016,?,?,?), ref: 6E3DEF9C
_memset.LIBCMT ref: 6E3DEFAA

Part of subcall function 6E3DD380: GetLastError.KERNEL32(?,?,00000049,6E3DD5AD,00000049,00000000,00000040,?,?,6E3DEF73,?,00001FFF,?), ref: 6E3DD389
Part of subcall function 6E3DD380: GetLastError.KERNEL32(?,?), ref: 6E3DD3A6
Part of subcall function 6E3DD380: SetLastError.KERNEL32(00000000,?,?), ref: 6E3DD3AD

HttpQueryInfoA.WININET(?,20000013,?,?,00000000), ref: 6E3DF051
HttpQueryInfoA.WININET(?,00000016,?,?,?), ref: 6E3DF083
GetTickCount.KERNEL32 ref: 6E3DF19A
WaitForSingleObject.KERNEL32(?,00000000,?,00004000,?), ref: 6E3DF1F9
InternetReadFileExA.WININET(?,?,00000000,00000000), ref: 6E3DF211
WriteFile.KERNEL32(?,00000000,00000000,?,00000000,00000000,?,00000400,00000400,00000400,?,00004000,?), ref: 6E3DF2B1
GetLastError.KERNEL32(?,?,?,?,?,?), ref: 6E3DF3E8
CloseHandle.KERNEL32(?,?,?,?,?,?,?), ref: 6E3DF415
InternetCloseHandle.WININET(?), ref: 6E3DF424
GetLastError.KERNEL32 ref: 6E3DF42E
SetEvent.KERNEL32(?,?,?,?,?,?,?), ref: 6E3DF44D
GetTickCount.KERNEL32 ref: 6E3DF453
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6E3DF464
GetTickCount.KERNEL32 ref: 6E3DF46C
InternetCloseHandle.WININET(?), ref: 6E3DF4AA
InternetSetStatusCallbackA.WININET(?,00000000), ref: 6E3DF4BA
InternetCloseHandle.WININET(?), ref: 6E3DF4C1
CloseHandle.KERNEL32(?), ref: 6E3DF4D2
CloseHandle.KERNEL32(?), ref: 6E3DF4E9

Strings

[%u] gzip uncompress error, offset %d, zlib_code:%d, xrefs: 6E3DF31D
[%u] [WARN] Close Request Handle failed %d, xrefs: 6E3DF432
gzip, xrefs: 6E3DF178
Transfer-Encoding, xrefs: 6E3DF0EC
gzip, xrefs: 6E3DF15D
Content-Length, xrefs: 6E3DF0BC
[%u] Wait FinalClean cost %d ms, result %d, xrefs: 6E3DF48D
Content-Encoding, xrefs: 6E3DF145
[%u] [WARN] Wait FinalClean cost %d ms, result %d, xrefs: 6E3DF47E

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Internet$ErrorLast$CloseHandle$HttpOptionQuery$Info$CountFileTick$CallbackObjectSingleStatusWait$ConnectCreateEventOpenReadRequestSendWrite_memset
String ID: Content-Encoding$Content-Length$Transfer-Encoding$[%u] Wait FinalClean cost %d ms, result %d$[%u] [WARN] Close Request Handle failed %d$[%u] [WARN] Wait FinalClean cost %d ms, result %d$[%u] gzip uncompress error, offset %d, zlib_code:%d$gzip$gzip
API String ID: 700093313-3832658801
Opcode ID: 6e454f7316d0838d85b821c1aba26b2e21fda2084fe117c9ad6ee2faaf246f38
Instruction ID: f7bedba4fcd43ea63b848ee7dfd103db8563fb8403fe85a422c87735ae6e63e4
Opcode Fuzzy Hash: 6e454f7316d0838d85b821c1aba26b2e21fda2084fe117c9ad6ee2faaf246f38
Instruction Fuzzy Hash: 36228DB2504341AFD760CFA5CC94BDB7BE8EF85704F104A1DF9999B280DB719609CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E50F100 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 210
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?,?,?,?,?,?), ref: 6E50F153
GetProcAddress.KERNEL32(00000000), ref: 6E50F177
GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?), ref: 6E50F190
GetProcAddress.KERNEL32(00000000), ref: 6E50F1BC
GetSystemWindowsDirectoryW.KERNEL32(?,00000104), ref: 6E50F23D
PathCombineW.SHLWAPI(?,?,SysNative\ntoskrnl.exe,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F278
LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F28A
FindResourceW.KERNEL32(00000000,00000001,00000010,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F29F
SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F2B1
LoadResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F2C4
LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F2D5
FreeResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F314
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F31B
VerQueryValueW.VERSION(00000000,6E5507E8,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E50F34B

Strings

System32\ntoskrnl.exe, xrefs: 6E50F264
IsWow64Process, xrefs: 6E50F16A
ntdll, xrefs: 6E50F1B4
SysNative\ntoskrnl.exe, xrefs: 6E50F26B
kernel32, xrefs: 6E50F16F
RtlGetVersion, xrefs: 6E50F1AF

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Resource$AddressFreeLibraryLoadProc$CombineCurrentDirectoryFindLockPathProcessQuerySizeofSystemValueVersionWindows
String ID: IsWow64Process$RtlGetVersion$SysNative\ntoskrnl.exe$System32\ntoskrnl.exe$kernel32$ntdll
API String ID: 3969831563-3245574358
Opcode ID: 910cabbf01d97f226df8c480602740e57ac8392a5269876c8e699a54c6b6c4b9
Instruction ID: 2b270305807bb6a8788d94f59d405a62e7e41f620d055bc5432a7ed1e4215858
Opcode Fuzzy Hash: 910cabbf01d97f226df8c480602740e57ac8392a5269876c8e699a54c6b6c4b9
Instruction Fuzzy Hash: 86817C71D046199BEB619FA4CC44BEDB7F8EB45304F114095E90CAB241EB78AA81CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4ED8F0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 239COMMON

Download Yara Rule

APIs

Part of subcall function 6E505AE3: EnterCriticalSection.KERNEL32(6E568168,?,00000004,?,6E4ED921,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage), ref: 6E505AEE
Part of subcall function 6E505AE3: LeaveCriticalSection.KERNEL32(6E568168,?,6E4ED921,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A,000000A4), ref: 6E505B1A

FindResourceExW.KERNEL32(00000000,00000006,000000AD,00000000,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A), ref: 6E4ED946
FindResourceW.KERNEL32(00000000,?,00000006,000000FF), ref: 6E4ED984
GetPrivateProfileStringW.KERNEL32(three_end,act_time,6E544CD0,?,00000104,?), ref: 6E4EDAEF

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MasterPDF.exe, xrefs: 6E4EDAA4
act_time, xrefs: 6E4EDAE5
xundu, xrefs: 6E4EDA52
three_end, xrefs: 6E4EDAEA
ActDate, xrefs: 6E4EDA9F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalFindResourceSection$EnterLeavePrivateProfileString
String ID: ActDate$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MasterPDF.exe$act_time$three_end$xundu
API String ID: 584967792-1265186595
Opcode ID: 4f6e2f9bb2988ff5e702a1080173ed935b8732b2c6685fbd43e0269f576a55bd
Instruction ID: 26adf143b1b496040e640d36c3902fe5dedd9cdf6997c0983360790f3f9597c2
Opcode Fuzzy Hash: 4f6e2f9bb2988ff5e702a1080173ed935b8732b2c6685fbd43e0269f576a55bd
Instruction Fuzzy Hash: 6761E171A00115AFDB149FB8CC94FEA77E9EF85705F0005AAE905DB740EB319A41CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E512290 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 250fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000,E97A779A,?,000000FF,6E50EB03), ref: 6E51230A
DeviceIoControl.KERNEL32(00000000,002D1400,00000000,0000000C,?,000003E8,?,00000000), ref: 6E5123A3
CloseHandle.KERNEL32(00000000), ref: 6E5123B6

Part of subcall function 6E501DC0: GetLastError.KERNEL32(80070057,?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,6E5054BD), ref: 6E501DC0

InterlockedCompareExchange.KERNEL32(6E568534,00000001,6E568638), ref: 6E5124FD

Strings

\\.\PhysicalDrive%d, xrefs: 6E511CEE, 6E5122DF

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseCompareControlCreateDeviceErrorExchangeFileHandleInterlockedLast
String ID: \\.\PhysicalDrive%d
API String ID: 3857415243-2935326385
Opcode ID: 37a168d29989d74dae381a79d9b88a101a21ca89a3217a474c4ef2a571af223c
Instruction ID: 9272007cd4be02424afbfa7e8d298e55fc9fff0dbce1f6e0498849704cd43f01
Opcode Fuzzy Hash: 37a168d29989d74dae381a79d9b88a101a21ca89a3217a474c4ef2a571af223c
Instruction Fuzzy Hash: 70A1E474D09219DBFB60CF95CD84BE9B3F8EB46358F0042A9D918A7281EB749E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E513660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 148fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,00000000,00000000,00000000), ref: 6E5136D0
DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,?,00000000), ref: 6E513719
CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 6E513724
CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 6E513826

Strings

\\.\PhysicalDrive%d, xrefs: 6E5136A1

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseHandle$ControlCreateDeviceFile
String ID: \\.\PhysicalDrive%d
API String ID: 1755752497-2935326385
Opcode ID: 6477e30912ae8f0a06ef91e8446dab44c4b50cd949dbae131375fafaf0b30e4d
Instruction ID: 20558a0d51f98f3acf5e735e9b6fddd08b0f7230ebe3ca5f34f717fadcc0b3c1
Opcode Fuzzy Hash: 6477e30912ae8f0a06ef91e8446dab44c4b50cd949dbae131375fafaf0b30e4d
Instruction Fuzzy Hash: BE510631D44A589FEB20CFB48C55BEEB7F8AF56349F115295E90CA6182EB709BC58F00

Uniqueness

Uniqueness Score: -1.00%

Function 6E513D60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 6E513DCD
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00002710,?,00000000), ref: 6E513E4B
CloseHandle.KERNEL32(00000000,?,?,00002710), ref: 6E513EA6

Strings

\\.\PhysicalDrive%d, xrefs: 6E513DA1

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID: \\.\PhysicalDrive%d
API String ID: 33631002-2935326385
Opcode ID: 203b2dd6e6732cf794a9efa39517c921be8a6fc64aac7484f48510bc3ade714a
Instruction ID: 6cada401bd92ff315d4186c681049e128aeab98fa2a1b837a612d08de78ca8fb
Opcode Fuzzy Hash: 203b2dd6e6732cf794a9efa39517c921be8a6fc64aac7484f48510bc3ade714a
Instruction Fuzzy Hash: 40319971A44218ABFB10DFA4CC89FED77FCAB45704F4145A5BA08E61C0EBB45E858F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E515F00 Relevance: 6.1, APIs: 4, Instructions: 133networkCOMMON

Download Yara Rule

APIs

InternetGetConnectedState.WININET(?,00000000), ref: 6E515F54
GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 6E515F8E
GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 6E515FB4
InterlockedDecrement.KERNEL32(?), ref: 6E51607F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: AdaptersInfo$ConnectedDecrementInterlockedInternetState
String ID:
API String ID: 1113221663-0
Opcode ID: a4e4c294b52736f3d0d84adcdbbcc66e8d2fcd243515329b11153c03c2ff2c69
Instruction ID: 4eac90189e40ba85c3fe8e32c9b735ee3e9dc8ed07b95aabba5511f37c57fd79
Opcode Fuzzy Hash: a4e4c294b52736f3d0d84adcdbbcc66e8d2fcd243515329b11153c03c2ff2c69
Instruction Fuzzy Hash: 0941B0B1608706EBFB50CFA4C844BFA77F8AF85704F10492DE92597280DBB4E945C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DE9B0 Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 321
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E6E3DE9B0(long __ecx, void* __eflags, void** _a4, long* _a8, void** _a12, void* _a20) {
				long _v4;
				char _v12;
				void _v16;
				void _v32;
				void _v48;
				void** _v52;
				long _v56;
				char* _v60;
				short _v64;
				char* _v68;
				long _v72;
				void _v100;
				long _v104;
				char* _v108;
				void _v116;
				void _v128;
				char* _v132;
				void* _v144;
				void _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v196;
				void* _v212;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t79;
				long _t86;
				void* _t87;
				void* _t88;
				signed int _t90;
				void* _t92;
				int _t93;
				void* _t97;
				int _t99;
				signed int _t103;
				long _t104;
				void* _t108;
				int _t119;
				long _t120;
				long _t125;
				void** _t140;
				long _t154;
				void* _t156;
				long _t157;
				long _t175;
				void _t178;
				void** _t180;
				signed int _t184;
				void* _t189;
				void* _t191;
				void* _t193;
				signed int _t194;
				void* _t195;
				void* _t199;
				void* _t217;
				void* _t222;
				void* _t223;

				_push(0xffffffff);
				_push(E6E3FA758);
				_push( *[fs:0x0]);
				_t194 = _t193 - 0x3c;
				_push(_t189);
				_t79 =  *0x6e405204; // 0x2276585c
				_push(_t79 ^ _t194);
				 *[fs:0x0] =  &_v12;
				_t175 = __ecx;
				_v72 = __ecx;
				_t180 = _a4;
				_t140 = _a12;
				 *_t180 = 0;
				 *_a8 = 0;
				 *_t140 = 0;
				E6E3DDA20( &_v48);
				_t165 = _a20;
				_a4 = _t194;
				_v4 = 0;
				E6E3D6400(_t189, _a20);
				E6E3DDBC0(_t189,  &_v48,  &_v48);
				_t86 = 0;
				_t195 = _t194 + 8;
				if( *((intOrPtr*)(_t175 + 8)) != 0) {
					L2:
					_t86 = 1;
					L3:
					_t87 = InternetOpenW(0, _t86, 0, 0, 0x10000000);
					 *_t180 = _t87;
					if(_t87 == 0) {
						L40:
						_t88 = E6E3DD920( &_v68, _t165);
						 *[fs:0x0] = _v32;
						return _t88;
					}
					__imp__InternetSetStatusCallbackA(_t87, E6E3DD1E0);
					if(_t87 == 0xffffffff) {
						goto L40;
					}
					_t191 = InternetSetOptionW;
					_t90 =  *(_t175 + 0x540) * 0x3e8;
					_v16 = _t90;
					if(_t90 != 0) {
						InternetSetOptionW( *_t180, 2,  &_v16, 4);
						InternetSetOptionW( *_t180, 6,  &_v32, 4);
						InternetSetOptionW( *_t180, 5,  &_v48, 4);
					}
					_t165 =  *_t180;
					_t92 = InternetConnectA( *_t180, _v68, _v64, 0, 0, 3, 0, 0);
					 *_v52 = _t92;
					if(_t92 == 0) {
						goto L40;
					}
					_v56 = 0x8448c100;
					if(_v104 != 0) {
						_v56 = 0x84c8f100;
					}
					if( *((intOrPtr*)(_t175 + 0x550)) != 0 ||  *((intOrPtr*)(_t175 + 0x554)) == 1) {
						_v56 = _v56 | 0x00200000;
					}
					_v128 = 1;
					_t93 = InternetSetOptionW(_t92, 0x4d,  &_v128, 4);
					_t177 = GetLastError;
					if(_t93 == 0) {
						_t125 = GetLastError();
						_v56 = 0;
						InternetGetConnectedState( &_v56, 0);
						_push(_v64);
						_push(_t125);
						_t188 = _v156;
						E6E3D7C70(_t140, GetLastError, _t191, 0x6e4064d8, "[%u] IGNORE_OFFLINE failed: %d, ConnectedState: 0x%x", _v156);
						_t195 = _t195 + 0x14;
						if((_v64 & 0x00000020) != 0) {
							_v148 = 0;
							_v144 = 0;
							_v148 = 1;
							if(InternetSetOptionW(0, 0x32,  &_v148, 8) == 0) {
								_push(GetLastError());
								E6E3D7C70(_t140, GetLastError, _t191, 0x6e4064d8, "[%u] global connected state, error %d", _t188);
								_t195 = _t195 + 0x10;
							} else {
								E6E3D7C70(_t140, GetLastError, _t191, 0x6e4064d8, "[%u] global connected state.", _t188);
								_t195 = _t195 + 0xc;
							}
							SetLastError(0);
						}
					}
					_t165 = _v68;
					_v132 = "*/*";
					_v128 = 0;
					_t97 = HttpOpenRequestA( *_v68, _v60, _v108, "HTTP/1.1", 0,  &_v132, _v72, _v48);
					 *_t140 = _t97;
					if(_t97 == 0) {
						goto L40;
					} else {
						SetLastError(0);
						if(_v152 != 0) {
							_v100 = 0;
							_v104 = 4;
							InternetQueryOptionW( *_t140, 0x1f,  &_v100,  &_v104);
							_v116 = _v116 | 0x00003180;
							InternetSetOptionW( *_t140, 0x1f,  &_v116, 4);
						}
						_t165 =  *_t140;
						_v100 = 0;
						_v104 = 4;
						_t99 = InternetQueryOptionW( *_t140, 0x41,  &_v100,  &_v104);
						GetLastError();
						if(_t99 != 0 && _v116 != 0) {
							_v116 = 0;
							_t119 = InternetSetOptionW( *_t140, 0x41,  &_v116, 4);
							_t120 = GetLastError();
							_t165 = _v212;
							_push(_t120);
							_push(_t119);
							E6E3D7C70(_t140, _t177, _t191, 0x6e4064d8, "[%u] found AutoDecoding enable. try to disable, success=%d, err=%d", _v212);
							_t195 = _t195 + 0x14;
						}
						SetLastError(0);
						_t178 = _v100;
						_t184 = 0;
						_t103 =  *((intOrPtr*)(_t178 + 0x10)) -  *((intOrPtr*)(_t178 + 0xc)) >> 2;
						if(_t103 <= 0) {
							L31:
							_t104 =  *0x6e4050d0; // 0x0
							_t154 =  *0x6e4050ec; // 0x0
							if(_t104 != 0 || _t154 != 0) {
								_push(_t154);
								_push(_t104);
								E6E3D7C70(_t140, _t178, _t191, 0x6e4064d8, "[%u] [ProxyAuth] using saved info. user_len:%d, pwd_len:%d", _v196);
								_t104 =  *0x6e4050d0; // 0x0
								_t195 = _t195 + 0x14;
							}
							if( *((intOrPtr*)(_v196 + 8)) == 0) {
								_t156 =  *0x6e4050c0; // 0x0
								_t222 =  *0x6e4050d4 - 8; // 0x7
								if(_t222 < 0) {
									_t156 = 0x6e4050c0;
								}
								InternetSetOptionW( *_t140, 0x2b, _t156, _t104);
								_t108 =  *0x6e4050dc; // 0x0
								_t223 =  *0x6e4050f0 - 8; // 0x7
								if(_t223 < 0) {
									_t108 = 0x6e4050dc;
								}
								_t157 =  *0x6e4050ec; // 0x0
								_t165 =  *_t140;
								InternetSetOptionW( *_t140, 0x2c, _t108, _t157); // executed
							}
							goto L40;
						} else {
							_t217 = 0 - _t103;
							do {
								if(_t217 >= 0) {
									E6E3E3E0D();
								}
								_t165 =  *_t140;
								HttpAddRequestHeadersA( *_t140,  *( *((intOrPtr*)(_t178 + 0xc)) + _t184 * 4),  *( *( *((intOrPtr*)(_t178 + 0xc)) + _t184 * 4) - 0xc), 0xa0000000);
								_t184 = _t184 + 1;
							} while (_t184 <  *((intOrPtr*)(_t178 + 0x10)) -  *((intOrPtr*)(_t178 + 0xc)) >> 2);
							_t191 = InternetSetOptionW;
							goto L31;
						}
					}
				}
				_t199 =  *0x6e4064d4 - _t86; // 0x0
				if(_t199 == 0) {
					goto L3;
				}
				goto L2;
			}

0x6e3de9b0
0x6e3de9b2
0x6e3de9bd
0x6e3de9be
0x6e3de9c2
0x6e3de9c5
0x6e3de9cc
0x6e3de9d1
0x6e3de9d7
0x6e3de9d9
0x6e3de9dd
0x6e3de9e5
0x6e3de9e9
0x6e3de9ef
0x6e3de9f9
0x6e3de9ff
0x6e3dea04
0x6e3dea10
0x6e3dea15
0x6e3dea1d
0x6e3dea22
0x6e3dea27
0x6e3dea29
0x6e3dea2f
0x6e3dea39
0x6e3dea39
0x6e3dea3e
0x6e3dea4a
0x6e3dea50
0x6e3dea54
0x6e3ded8b
0x6e3ded8f
0x6e3ded98
0x6e3deda7
0x6e3deda7
0x6e3dea60
0x6e3dea69
0x00000000
0x00000000
0x6e3dea75
0x6e3dea7b
0x6e3dea81
0x6e3dea87
0x6e3dea95
0x6e3deaa3
0x6e3deab1
0x6e3deab1
0x6e3deabb
0x6e3deaca
0x6e3dead4
0x6e3dead8
0x00000000
0x00000000
0x6e3deae3
0x6e3deaeb
0x6e3deaed
0x6e3deaed
0x6e3deafc
0x6e3deb07
0x6e3deb07
0x6e3deb19
0x6e3deb21
0x6e3deb23
0x6e3deb2b
0x6e3deb31
0x6e3deb3c
0x6e3deb44
0x6e3deb4e
0x6e3deb4f
0x6e3deb50
0x6e3deb5f
0x6e3deb64
0x6e3deb6c
0x6e3deb79
0x6e3deb7e
0x6e3deb82
0x6e3deb8e
0x6e3deba7
0x6e3debb3
0x6e3debb8
0x6e3deb90
0x6e3deb9b
0x6e3deba0
0x6e3deba0
0x6e3debbd
0x6e3debbd
0x6e3deb6c
0x6e3debda
0x6e3debea
0x6e3debf2
0x6e3debfa
0x6e3dec00
0x6e3dec04
0x00000000
0x6e3dec0a
0x6e3dec0c
0x6e3dec1d
0x6e3dec2e
0x6e3dec36
0x6e3dec3e
0x6e3dec42
0x6e3dec54
0x6e3dec54
0x6e3dec56
0x6e3dec65
0x6e3dec6d
0x6e3dec75
0x6e3dec79
0x6e3dec7d
0x6e3dec92
0x6e3dec9a
0x6e3dec9e
0x6e3deca0
0x6e3deca4
0x6e3deca5
0x6e3decb1
0x6e3decb6
0x6e3decb6
0x6e3decbb
0x6e3decc1
0x6e3deccb
0x6e3deccd
0x6e3decd2
0x6e3ded0e
0x6e3ded0e
0x6e3ded13
0x6e3ded1b
0x6e3ded21
0x6e3ded22
0x6e3ded32
0x6e3ded37
0x6e3ded3c
0x6e3ded3c
0x6e3ded47
0x6e3ded49
0x6e3ded54
0x6e3ded5a
0x6e3ded5c
0x6e3ded5c
0x6e3ded68
0x6e3ded6a
0x6e3ded6f
0x6e3ded75
0x6e3ded77
0x6e3ded77
0x6e3ded7c
0x6e3ded82
0x6e3ded89
0x6e3ded89
0x00000000
0x6e3decd4
0x6e3decda
0x6e3decdc
0x6e3decdc
0x6e3decde
0x6e3decde
0x6e3dece6
0x6e3decf8
0x6e3ded00
0x6e3ded04
0x6e3ded08
0x00000000
0x6e3ded08
0x6e3decd2
0x6e3dec04
0x6e3dea31
0x6e3dea37
0x00000000
0x00000000
0x00000000

APIs

InternetOpenW.WININET(00000000,00000001,00000000,00000000,10000000), ref: 6E3DEA4A
InternetSetStatusCallbackA.WININET(00000000,6E3DD1E0), ref: 6E3DEA60
InternetSetOptionW.WININET(?,00000002,?,00000004), ref: 6E3DEA95
InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 6E3DEAA3
InternetSetOptionW.WININET(?,00000005,?,00000004), ref: 6E3DEAB1
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 6E3DEACA
InternetSetOptionW.WININET(00000000,0000004D,?,00000004), ref: 6E3DEB21
GetLastError.KERNEL32 ref: 6E3DEB31
InternetGetConnectedState.WININET(?,00000000), ref: 6E3DEB44
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 6E3DEB8A
GetLastError.KERNEL32 ref: 6E3DEBA5
SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 6E3DEBBD
HttpOpenRequestA.WININET(?,?,?,HTTP/1.1,00000000,?,00200000,?), ref: 6E3DEBFA
SetLastError.KERNEL32(00000000), ref: 6E3DEC0C
InternetQueryOptionW.WININET(00000000,0000001F,?,00200000), ref: 6E3DEC3E
InternetSetOptionW.WININET(?,0000001F,?,00000004), ref: 6E3DEC54
InternetQueryOptionW.WININET(?,00000041,?,00200000), ref: 6E3DEC75
GetLastError.KERNEL32(?,00000041,?,00200000), ref: 6E3DEC79
InternetSetOptionW.WININET(?,00000041,?,00000004), ref: 6E3DEC9A
GetLastError.KERNEL32(?,00000041,?,00000004,?,00000041,?,00200000), ref: 6E3DEC9E
SetLastError.KERNEL32(00000000,?,00000041,?,00200000), ref: 6E3DECBB
HttpAddRequestHeadersA.WININET(?,?,00000000,A0000000), ref: 6E3DECF8
InternetSetOptionW.WININET(?,0000002B,00000000,00000000), ref: 6E3DED68
InternetSetOptionW.WININET(?,0000002C,00000000,00000000), ref: 6E3DED89

Strings

[%u] global connected state., xrefs: 6E3DEB91
[%u] found AutoDecoding enable. try to disable, success=%d, err=%d, xrefs: 6E3DECA7
[%u] [ProxyAuth] using saved info. user_len:%d, pwd_len:%d, xrefs: 6E3DED28
, xrefs: 6E3DEB67
[%u] IGNORE_OFFLINE failed: %d, ConnectedState: 0x%x, xrefs: 6E3DEB55
[%u] global connected state, error %d, xrefs: 6E3DEBA9
HTTP/1.1, xrefs: 6E3DEBE0

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Internet$Option$ErrorLast$HttpOpenQueryRequest$CallbackConnectConnectedHeadersStateStatus
String ID: $HTTP/1.1$[%u] IGNORE_OFFLINE failed: %d, ConnectedState: 0x%x$[%u] [ProxyAuth] using saved info. user_len:%d, pwd_len:%d$[%u] found AutoDecoding enable. try to disable, success=%d, err=%d$[%u] global connected state, error %d$[%u] global connected state.
API String ID: 1742170103-1703051109
Opcode ID: 67d3e4210cb96b2467a4d4406d2b1b7e1eb0e5b5ec1d3bf25acf4c65799867b7
Instruction ID: 6f5e0120b1a6e429acd0e34fef845eb6ef7f6ee2426cbb762f1e79896209b503
Opcode Fuzzy Hash: 67d3e4210cb96b2467a4d4406d2b1b7e1eb0e5b5ec1d3bf25acf4c65799867b7
Instruction Fuzzy Hash: 3BC19FB1548701AFE710DBA5CC85F6BBBE8FB85704F104A1DF6959B290DB70E804CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F5370 Relevance: 54.4, APIs: 21, Strings: 10, Instructions: 165
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00000104,?,00000000,00000000), ref: 6E4F53BA
PathRemoveFileSpecW.SHLWAPI(?), ref: 6E4F53CD
PathAppendW.SHLWAPI(?,360NetUL.dll), ref: 6E4F53E1
PathFileExistsW.SHLWAPI(?), ref: 6E4F53EA
PathRemoveFileSpecW.SHLWAPI(?), ref: 6E4F53FF
PathRemoveFileSpecW.SHLWAPI(?), ref: 6E4F5408
PathAppendW.SHLWAPI(?,360NetUL.dll), ref: 6E4F5416
PathFileExistsW.SHLWAPI(?), ref: 6E4F541F
PathRemoveFileSpecW.SHLWAPI(?), ref: 6E4F5430
PathAppendW.SHLWAPI(?,DrvMgr\360NetUL.dll), ref: 6E4F543E
PathFileExistsW.SHLWAPI(?), ref: 6E4F5447
PathRemoveFileSpecW.SHLWAPI(?), ref: 6E4F5458
PathRemoveFileSpecW.SHLWAPI(?), ref: 6E4F5461
PathAppendW.SHLWAPI(?,wallpaperhelper\360NetUL.dll), ref: 6E4F546F
PathFileExistsW.SHLWAPI(?), ref: 6E4F5478
LoadLibraryW.KERNEL32(?), ref: 6E4F54A9
GetProcAddress.KERNEL32(00000000,HttpInit), ref: 6E4F54C1
GetProcAddress.KERNEL32(00000000,HttpUninit), ref: 6E4F54CD
GetProcAddress.KERNEL32(00000000,zlib_uncompress), ref: 6E4F54D9
GetProcAddress.KERNEL32(00000000,zlib_compress), ref: 6E4F54E5
GetProcAddress.KERNEL32(00000000,zlib_compressBound), ref: 6E4F54F1

Strings

HttpUninit, xrefs: 6E4F54C3
HttpInit, xrefs: 6E4F54BB
360NetUL.dll, xrefs: 6E4F53DB, 6E4F540A
zlib_uncompress, xrefs: 6E4F54CF
DrvMgr\360NetUL.dll, xrefs: 6E4F5432
wallpaperhelper\360NetUL.dll, xrefs: 6E4F5463
zlib_compress, xrefs: 6E4F54DB
ungzip, xrefs: 6E4F5519
gzip, xrefs: 6E4F5527
zlib_compressBound, xrefs: 6E4F54E7

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Path$File$RemoveSpec$AddressProc$AppendExists$LibraryLoadModuleName
String ID: 360NetUL.dll$DrvMgr\360NetUL.dll$HttpInit$HttpUninit$gzip$ungzip$wallpaperhelper\360NetUL.dll$zlib_compress$zlib_compressBound$zlib_uncompress
API String ID: 1896185339-1066436602
Opcode ID: bbd2c9951c4c0d77a05820b98b05dcfb881e1d1f791fe01dc6d60aefa5576509
Instruction ID: 859eee5b14ecaf67f5acd6c62f3deb2e750a8f6cbf5a22c9fd6b1925831c6c3b
Opcode Fuzzy Hash: bbd2c9951c4c0d77a05820b98b05dcfb881e1d1f791fe01dc6d60aefa5576509
Instruction Fuzzy Hash: A1515AB5A02219EBCB10DFF5CC48E99BBBCAF44704F1085A6E519D7241EB34EA51CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E4EE6F0 Relevance: 51.2, APIs: 13, Strings: 16, Instructions: 439
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

Part of subcall function 6E503B40: GetLocalTime.KERNEL32(?), ref: 6E503B81

SHGetValueW.SHLWAPI(80000001,SOFTWARE\QiLu Inc.\mininews\v2,showtime,00000001,?,?,?,?,?,?), ref: 6E4EE808
StrStrIW.SHLWAPI(?,?,?,?,?,?), ref: 6E4EE817
SHGetValueW.SHLWAPI(80000001,SOFTWARE\QiLu Inc.\mininews_bizhi\v2,showtime,00000001,?,?,?,?,?,?), ref: 6E4EE8D1
StrStrIW.SHLWAPI(?,?,?,?,?,?), ref: 6E4EE8E0
SHGetValueW.SHLWAPI(80000001,SOFTWARE\QiLu Inc.\mininews_lite\v2,showtime,00000001,?,?,?,?,?,?), ref: 6E4EE996
StrStrIW.SHLWAPI(?,?,?,?,?,?), ref: 6E4EE9A5
SHGetValueW.SHLWAPI(80000001,SOFTWARE\QiLu Inc.\mininews_desktop\v2,showtime,00000001,?,?,?,?,?,?), ref: 6E4EEA61
StrStrIW.SHLWAPI(?,?,?,?,?,?), ref: 6E4EEA70
SHGetValueW.SHLWAPI(80000001,SOFTWARE\QiLu Inc.\mininews_ldsgamemaster\v2,showtime,00000001,?,?,?,?,?,?), ref: 6E4EEB26
StrStrIW.SHLWAPI(?,?,?,?,?,?), ref: 6E4EEB35
SHGetValueW.SHLWAPI(80000001,SOFTWARE\QiLu Inc.\mininews_masterpdf\v2,showtime,00000001,?,?,?,?,?,?), ref: 6E4EEBF1
StrStrIW.SHLWAPI(?,?,?,?,?,?), ref: 6E4EEC00
SHGetValueW.SHLWAPI(80000001,SOFTWARE\QiLu Inc.\bizhi_newsplugin,Date,00000001,?,?,?,?,?,?), ref: 6E4EEC7C

Strings

ldslite, xrefs: 6E4EE910, 6E4EE9C7
SOFTWARE\QiLu Inc.\mininews\v2, xrefs: 6E4EE7FE
SOFTWARE\QiLu Inc.\mininews_desktop\v2, xrefs: 6E4EEA57
SOFTWARE\QiLu Inc.\mininews_bizhi\v2, xrefs: 6E4EE8C7
SOFTWARE\QiLu Inc.\mininews_lite\v2, xrefs: 6E4EE98C
ludashi, xrefs: 6E4EE77A, 6E4EE839
bizhi, xrefs: 6E4EE847, 6E4EE902
SOFTWARE\QiLu Inc.\mininews_masterpdf\v2, xrefs: 6E4EEBE7
Date, xrefs: 6E4EEC6D
SOFTWARE\QiLu Inc.\mininews_ldsgamemaster\v2, xrefs: 6E4EEB1C
gamemaster, xrefs: 6E4EEAA0, 6E4EEB57
showtime, xrefs: 6E4EE7F9, 6E4EE8C2, 6E4EE987, 6E4EEA52, 6E4EEB17, 6E4EEBE2
SOFTWARE\QiLu Inc.\bizhi_newsplugin, xrefs: 6E4EEC72
360desktop, xrefs: 6E4EE9D5, 6E4EEA92
bizhinewsplugin, xrefs: 6E4EECAF
xundu, xrefs: 6E4EEB65, 6E4EEC22

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Value$HeapLocalProcessTime
String ID: 360desktop$Date$SOFTWARE\QiLu Inc.\bizhi_newsplugin$SOFTWARE\QiLu Inc.\mininews\v2$SOFTWARE\QiLu Inc.\mininews_bizhi\v2$SOFTWARE\QiLu Inc.\mininews_desktop\v2$SOFTWARE\QiLu Inc.\mininews_ldsgamemaster\v2$SOFTWARE\QiLu Inc.\mininews_lite\v2$SOFTWARE\QiLu Inc.\mininews_masterpdf\v2$bizhi$bizhinewsplugin$gamemaster$ldslite$ludashi$showtime$xundu
API String ID: 1902114348-227975663
Opcode ID: 22fb19afe2bfc99a5a02cf1d56b0ed6ed09b7c0f413b701383925658fd6b554d
Instruction ID: 827b81e3b4aa1dde28d710956c7b342096a70e29155e085f168af7a8903e9425
Opcode Fuzzy Hash: 22fb19afe2bfc99a5a02cf1d56b0ed6ed09b7c0f413b701383925658fd6b554d
Instruction Fuzzy Hash: 43F1E871A40119DAEB50DFA0CC84FEE73F9EF14309F4005AAE605AB791EB71DA85CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E4EE280 Relevance: 45.8, APIs: 14, Strings: 12, Instructions: 346
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileVersionInfoSizeW.VERSION(?,?,E97A779A,00000010,?), ref: 6E4EE2BE
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?), ref: 6E4EE2E8
LoadLibraryW.KERNEL32(ntdll.dll,?,00000000,00000000,00000000,?), ref: 6E4EE329
GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 6E4EE33B
FreeLibrary.KERNEL32(00000000), ref: 6E4EE35E
GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,00000000,00000000,00000000,?), ref: 6E4EE3BD
GetProcAddress.KERNEL32(00000000), ref: 6E4EE3C0
GetNativeSystemInfo.KERNEL32(?), ref: 6E4EE3E0
GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 6E4EE410
GetProcAddress.KERNEL32(00000000), ref: 6E4EE413
GetCurrentProcess.KERNEL32(00000000,00000000), ref: 6E4EE423
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,6E53DB48,?,00000000,00000000,00000000,?), ref: 6E4EE487
VerQueryValueW.VERSION(?,000000FF,00000000,?,?,00000000,00000000,00000000,?), ref: 6E4EE4EC
VerQueryValueW.VERSION(?,6E544CF0,00000000,?,?,00000000,00000000,00000000,?), ref: 6E4EE68C

Strings

kernel32, xrefs: 6E4EE3FD
3NPn, xrefs: 6E4EE56C, 6E4EE561
\StringFileInfo\%04x%04x\FileVersion, xrefs: 6E4EE4C4
IsWow64Process2, xrefs: 6E4EE3F8
kernel32.dll, xrefs: 6E4EE3B8
3NPn, xrefs: 6E4EE29E, 6E4EE6D2
ntdll.dll, xrefs: 6E4EE308
GetNativeSystemInfo, xrefs: 6E4EE3B3
\VarFileInfo\Translation, xrefs: 6E4EE481
3NPn, xrefs: 6E4EE66D, 6E4EE517, 6E4EE522, 6E4EE62E, 6E4EE5C8, 6E4EE6B1
%d.%d.%d.%d, xrefs: 6E4EE6AC
RtlGetNtVersionNumbers, xrefs: 6E4EE335

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: AddressInfoProcQueryValue$FileHandleLibraryModuleVersion$CurrentFreeLoadNativeProcessSizeSystem
String ID: %d.%d.%d.%d$3NPn$3NPn$3NPn$GetNativeSystemInfo$IsWow64Process2$RtlGetNtVersionNumbers$\StringFileInfo\%04x%04x\FileVersion$\VarFileInfo\Translation$kernel32$kernel32.dll$ntdll.dll
API String ID: 4129056613-71736675
Opcode ID: b5de5487fa7118fe46ee86c2548f67d041ff27b1b8a222477abb003aa3cf719a
Instruction ID: be9f05a194d66c99af9d310ccee30a700f9ad5b79c65bf7b51ee6ffb5f1852f0
Opcode Fuzzy Hash: b5de5487fa7118fe46ee86c2548f67d041ff27b1b8a222477abb003aa3cf719a
Instruction Fuzzy Hash: 54D1BD7190060AEBDB11CFF4C884FEEB7B5EF48315F10455AE814AB790DB35AA42CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E5115D0 Relevance: 38.8, APIs: 13, Strings: 9, Instructions: 250
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E50FC30: GetModuleHandleW.KERNEL32(Advapi32.dll,?,6E568638,?,00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FC54
Part of subcall function 6E50FC30: RegCloseKey.ADVAPI32(00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FCB7

RegEnumKeyExW.KERNEL32(00000000,00000000,?,00000104,00000000,00000000,00000000,?,?,80000002,SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318},00000008,75A9E170,00000000), ref: 6E511687
RegOpenKeyExW.KERNEL32(00000000,?,00000000,00000001,?), ref: 6E5116BA
RegQueryValueExW.KERNEL32(?,NetCfgInstanceId,00000000,?,?,?), ref: 6E511707
RegCloseKey.ADVAPI32(?), ref: 6E51176E
RegCloseKey.ADVAPI32(00000000), ref: 6E51199D

Strings

SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}, xrefs: 6E5115FC
Wireless, xrefs: 6E511915
vwifi, xrefs: 6E51195C
wlan, xrefs: 6E511946
NetCfgInstanceId, xrefs: 6E511701
BusType, xrefs: 6E5117B4
LowerRange, xrefs: 6E5118C3
DriverDesc, xrefs: 6E511811
NDI\Interfaces, xrefs: 6E511865

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Close$EnumHandleModuleOpenQueryValue
String ID: BusType$DriverDesc$LowerRange$NDI\Interfaces$NetCfgInstanceId$SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}$Wireless$vwifi$wlan
API String ID: 439532376-339742451
Opcode ID: 7ba39131f22b0e9029b693e1605ceed6e5648b075f2c5ebb4a07f6a3dcd9cad7
Instruction ID: dd9b471f0e5f251e6d2dba84c6040eb3ac7096cdeeb0cb815caec5482309ded9
Opcode Fuzzy Hash: 7ba39131f22b0e9029b693e1605ceed6e5648b075f2c5ebb4a07f6a3dcd9cad7
Instruction Fuzzy Hash: D4A15E71A0562C9AFB60CF94CD94BEAB3F9AF95304F0040D5E918E7241EB729E98CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E502D30 Relevance: 26.7, APIs: 5, Strings: 10, Instructions: 412
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

Part of subcall function 6E4ED8F0: FindResourceExW.KERNEL32(00000000,00000006,000000AD,00000000,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A), ref: 6E4ED946
Part of subcall function 6E4ED8F0: FindResourceW.KERNEL32(00000000,?,00000006,000000FF), ref: 6E4ED984

RegCloseKey.ADVAPI32(00000000,?,80000002,?,00020219,SOFTWARE\Microsoft\Internet Explorer,?,?,00000001), ref: 6E502EAD
RegQueryValueExW.KERNEL32(00000000,Version,00000000,?,?,?,?,?,00000001), ref: 6E502F35
RegCloseKey.ADVAPI32(00000000,?,?,?,00000001), ref: 6E502FB7
RegCloseKey.ADVAPI32(00000000,?,other,00000005,?,?,?,0000FDE9,?,?,00000001), ref: 6E503345

Strings

ie11, xrefs: 6E503291
SOFTWARE\Microsoft\Internet Explorer, xrefs: 6E502E0B, 6E502E1B
ie8, xrefs: 6E50312C
Version, xrefs: 6E502F2F
ie10, xrefs: 6E50329A
svcVersion, xrefs: 6E50316A
ie6, xrefs: 6E503114
ie9, xrefs: 6E5032A3
ie7, xrefs: 6E503120
other, xrefs: 6E502D9B, 6E502DAB, 6E503288, 6E5032E1

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Close$FindResource$HeapProcessQueryValue
String ID: SOFTWARE\Microsoft\Internet Explorer$Version$ie10$ie11$ie6$ie7$ie8$ie9$other$svcVersion
API String ID: 3218798391-3997539874
Opcode ID: d58ca994f8ad21fe8c1582a1c9fe02c8cccaacdbc9d034aa4ddd1e55eab010fa
Instruction ID: f0c9c2a91b7f75ba0085fa93cad2c6445424fd90a5cf27f438af12511f610d43
Opcode Fuzzy Hash: d58ca994f8ad21fe8c1582a1c9fe02c8cccaacdbc9d034aa4ddd1e55eab010fa
Instruction Fuzzy Hash: 1A02AD70900259DBEB60DBA4CD9CBDEB7F8AF41308F0045D9E508AB291DB749E88CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D2ED0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 126
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6E3D2ED0() {
				int _v4;
				void* _v8;
				void* _v12;
				long _t31;
				long _t34;
				long _t35;
				void* _t53;
				void* _t73;

				_v12 = 0;
				_v4 = 0;
				if(RegOpenKeyExW(0x80000002, L"SOFTWARE\\LiveUpdate360", 0, 0xf003f,  &_v12) != 0) {
					_t31 = RegCreateKeyExW(0x80000002, L"SOFTWARE\\LiveUpdate360", 0, 0, 0, 0xf003f, 0,  &_v12,  &_v4); // executed
					__eflags = _t31;
					if(_t31 == 0) {
						L8:
						return _v12;
					} else {
						_t34 = RegOpenKeyExW(0x80000001, L"SOFTWARE\\LiveUpdate360", 0, 0xf003f,  &_v12);
						__eflags = _t34;
						if(_t34 == 0) {
							goto L8;
						} else {
							_t35 = RegCreateKeyExW(0x80000001, L"SOFTWARE\\LiveUpdate360", 0, 0, 0, 0xf003f, 0,  &_v12,  &_v4); // executed
							__eflags = _t35;
							if(_t35 != 0) {
								__eflags = 0;
								return 0;
							} else {
								__eflags = _v4 - 1;
								if(_v4 == 1) {
									_v8 = _t35;
									__eflags = RegOpenKeyExW(0x80000002, L"SOFTWARE\\LiveUpdate360", 0, 0x20019,  &_v8);
									if(__eflags == 0) {
										E6E3D2E00(_t53, _t73, __eflags, _v12, _v8, L"Intranet");
										E6E3D2E00(_t53, _t73, __eflags, _v12, _v8, L"Neverup");
										E6E3D2E00(_t53, _t73, __eflags, _v12, _v8, L"proxytype");
										E6E3D2E00(_t53, _t73, __eflags, _v12, _v8, L"customproxytype");
										E6E3D2E00(_t53, _t73, __eflags, _v12, _v8, L"ieproxy");
										E6E3D2E00(_t53, _t73, __eflags, _v12, _v8, L"customhttp");
										E6E3D2E00(_t53, _t73, __eflags, _v12, _v8, L"customsocks");
										RegCloseKey(_v8);
									}
								}
								goto L8;
							}
						}
					}
				} else {
					return _v12;
				}
			}

0x6e3d2ef0
0x6e3d2ef8
0x6e3d2f04
0x6e3d2f37
0x6e3d2f39
0x6e3d2f3b
0x6e3d3058
0x6e3d3061
0x6e3d2f41
0x6e3d2f57
0x6e3d2f59
0x6e3d2f5b
0x00000000
0x6e3d2f61
0x6e3d2f82
0x6e3d2f84
0x6e3d2f86
0x6e3d3063
0x6e3d3069
0x6e3d2f8c
0x6e3d2f8c
0x6e3d2f91
0x6e3d2f97
0x6e3d2fb3
0x6e3d2fb5
0x6e3d2fca
0x6e3d2fde
0x6e3d2ff2
0x6e3d3006
0x6e3d301a
0x6e3d302e
0x6e3d3045
0x6e3d3052
0x6e3d3052
0x6e3d2fb5
0x00000000
0x6e3d2f91
0x6e3d2f86
0x6e3d2f5b
0x6e3d2f06
0x6e3d2f0e
0x6e3d2f0e

APIs

RegOpenKeyExW.ADVAPI32 ref: 6E3D2F00
RegCreateKeyExW.KERNEL32(80000002,SOFTWARE\LiveUpdate360,00000000,00000000,00000000,000F003F,00000000,000F003F,00000000), ref: 6E3D2F37
RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\LiveUpdate360,00000000,000F003F,?), ref: 6E3D2F57
RegCreateKeyExW.KERNEL32(80000001,SOFTWARE\LiveUpdate360,00000000,00000000,00000000,000F003F,00000000,000F003F,00000000), ref: 6E3D2F82
RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\LiveUpdate360,00000000,00020019,000F003F), ref: 6E3D2FB1
RegCloseKey.ADVAPI32(?), ref: 6E3D3052

Strings

proxytype, xrefs: 6E3D2FEB
Neverup, xrefs: 6E3D2FD7
Intranet, xrefs: 6E3D2FC3
customproxytype, xrefs: 6E3D2FFF
customhttp, xrefs: 6E3D3027
SOFTWARE\LiveUpdate360, xrefs: 6E3D2EE6, 6E3D2F2D, 6E3D2F4D, 6E3D2F78, 6E3D2FA7
ieproxy, xrefs: 6E3D3013
customsocks, xrefs: 6E3D303E

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Open$Create$Close
String ID: Intranet$Neverup$SOFTWARE\LiveUpdate360$customhttp$customproxytype$customsocks$ieproxy$proxytype
API String ID: 744170003-1635914898
Opcode ID: 7d06c2710ddf77177019cd90bb58b86c25b425fc0eabe39423005583573ddc65
Instruction ID: 9da90aa059276c609c123b8c3aee2ce7d80f3ae37a7ad81834f28ffbac80da04
Opcode Fuzzy Hash: 7d06c2710ddf77177019cd90bb58b86c25b425fc0eabe39423005583573ddc65
Instruction Fuzzy Hash: 474151B5604305BBE210DA94CD41F7B77ECEFC4B54F50491CFA846B249E771E8098BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E50E770 Relevance: 21.6, APIs: 9, Strings: 3, Instructions: 613
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E4E6440: __CxxThrowException@8.LIBVCRUNTIME ref: 6E4E6457

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

InterlockedCompareExchange.KERNEL32(6E568534,00000001,6E568638), ref: 6E50E92F
Sleep.KERNEL32(00000001), ref: 6E50E962
GetCurrentProcess.KERNEL32(00000008,?), ref: 6E50E9F2
OpenProcessToken.ADVAPI32(00000000), ref: 6E50E9F9
GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000000,00000004,?), ref: 6E50EA2F
CloseHandle.KERNEL32(00000000), ref: 6E50EA4A

Strings

eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4, xrefs: 6E50F045, 6E50F080, 6E50F0DB
GenuineIotel, xrefs: 6E50E803
GenuineIntel,50657,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, xrefs: 6E50E710, 6E50ED0E, 6E50ED22, 6E50ED4F, 6E50ED72, 6E50EDB1, 6E50EDBE, 6E50EDBF, 6E50F032

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Process$Token$CloseCompareCurrentException@8ExchangeHandleHeapInformationInterlockedOpenSleepThrow
String ID: GenuineIntel,50657,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$GenuineIotel$eeeeeeee6cfa339cef05e2eb639099b5e2fa29b329f4
API String ID: 3323879994-241389444
Opcode ID: 15d929e1c25c25afff4172af8227bd3c9c66f3ca0413261769ab8e4fae51e5bf
Instruction ID: 3579bfc5ec78553287d7305413da6414ee87a25f14a8b0f18f459f81a0fcec75
Opcode Fuzzy Hash: 15d929e1c25c25afff4172af8227bd3c9c66f3ca0413261769ab8e4fae51e5bf
Instruction Fuzzy Hash: 3C22B171901605DFDB50DFA8CC48BAAB7F8FF45314F204AAAF9199B250EB319D44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E4EFDD0 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 427
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E5044C0: SHGetValueW.SHLWAPI(00000004,00000004,?,?,00000000,?), ref: 6E5044F0

GetSystemMetrics.USER32(00000000), ref: 6E4EFE25
GetSystemMetrics.USER32(00000001), ref: 6E4EFE2B

Part of subcall function 6E504510: SHGetValueW.SHLWAPI(?,?,?,00000001,?,00000104), ref: 6E5045A2

Part of subcall function 6E505500: SHSetValueW.SHLWAPI(?,?,80000001,00000001,6E4EFE9A,6E4EFE98,?,?,6E4EFE9A,80000001,?,screensize,?), ref: 6E50552E

Part of subcall function 6E50CA10: EnterCriticalSection.KERNEL32(6E56845C,E97A779A,?,00000000,?), ref: 6E50CA51
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(00000010), ref: 6E50CAC7
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(0000005C), ref: 6E50CAFD

Part of subcall function 6E50CA10: LeaveCriticalSection.KERNEL32(6E56845C), ref: 6E50CBDD

EnterCriticalSection.KERNEL32(6E56503C,screen_resolution_change), ref: 6E4F00A9
LeaveCriticalSection.KERNEL32(6E56503C), ref: 6E4F00EC

Strings

screen_resolution_change, xrefs: 6E4F0079, 6E4F0089
screensize, xrefs: 6E4EFE43, 6E4EFE88
%d_%d, xrefs: 6E4EFE32
-> , xrefs: 6E4EFFA5
(null), xrefs: 6E4EFF92, 6E4EFF9E, 6E4EFFBA
screentype, xrefs: 6E4EFE03

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$Value$EnterInitializeLeaveMetricsSystem
String ID: -> $%d_%d$(null)$screen_resolution_change$screensize$screentype
API String ID: 1275082529-2808699054
Opcode ID: a0e30b701123d81423706316520550379d67eca79ad35bc2e376cb7b4594a2ea
Instruction ID: 916bf034f8fa66c5ce2463869604db6ac7f8e1f10cfae92b5cb8fb13e10d21cf
Opcode Fuzzy Hash: a0e30b701123d81423706316520550379d67eca79ad35bc2e376cb7b4594a2ea
Instruction Fuzzy Hash: E8F1BD70A01205DFDB00CFF8C984BADBBB5BF85718F14855AE515AB391EB34AE01CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E5100C0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 176
registrylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E50FC30: GetModuleHandleW.KERNEL32(Advapi32.dll,?,6E568638,?,00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FC54
Part of subcall function 6E50FC30: RegCloseKey.ADVAPI32(00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FCB7

GetModuleHandleW.KERNEL32(Advapi32.dll,80000002,00000202,E97A779A), ref: 6E510142
GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 6E510159
RegCreateKeyExW.KERNEL32(80000002,6E5507AC,00000000,00000000,00000000,00020206,00000000,00000000,000000FF,80000002,00000202,E97A779A), ref: 6E5101AE
RegCloseKey.ADVAPI32(00000000), ref: 6E5101C0
RegSetValueExW.ADVAPI32(00000000,m2_old,00000000,00000001,?,00000000), ref: 6E510242
RegSetValueExW.ADVAPI32(00000000,6E550938,00000000,00000001,?,00000000,80000002,00000202,E97A779A), ref: 6E510282
RegCloseKey.ADVAPI32(00000000,?,00000000,80000002,00000202,E97A779A), ref: 6E510294

Strings

m2_old, xrefs: 6E51023C
RegCreateKeyTransactedW, xrefs: 6E510153
Advapi32.dll, xrefs: 6E51013D

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Close$HandleModuleValue$AddressCreateProc
String ID: Advapi32.dll$RegCreateKeyTransactedW$m2_old
API String ID: 3144900509-1017559691
Opcode ID: d6ca52078a677f2e5b8ffa0c3632d3f75f508992106198785a5e4c814fb47453
Instruction ID: 977e67950eea397996bf2ea0d23a301766ffba3fda3b1980e8188ade560048d8
Opcode Fuzzy Hash: d6ca52078a677f2e5b8ffa0c3632d3f75f508992106198785a5e4c814fb47453
Instruction Fuzzy Hash: 3851BF34A48315EBFB508FD4CC55BFE77F8EB45704F10451AE915BB280EB74A911CAA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E512FD0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 166
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000000,00000008,?,00000000,00000000,00000000), ref: 6E51302D
RegEnumKeyExA.KERNEL32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 6E51305C
RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,?), ref: 6E513088
RegQueryValueExA.KERNEL32(?,ServiceName,00000000,00000001,?,?), ref: 6E5130C8
RegCloseKey.ADVAPI32(?), ref: 6E513160

Part of subcall function 6E5131F0: CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,75A9E1E0,75A9E170), ref: 6E51323B

lstrcmpA.KERNEL32(?,00000000), ref: 6E513112
RegEnumKeyExA.KERNEL32(?,00000001,?,00000104,00000000,00000000,00000000,00000000), ref: 6E51318A
RegCloseKey.ADVAPI32(?), ref: 6E51319E

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards, xrefs: 6E513023
ServiceName, xrefs: 6E5130BD

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseEnumOpen$CreateFileQueryValuelstrcmp
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName
API String ID: 4148603440-1795789498
Opcode ID: 7eeb515a73bb672f8314c2e63f66510e63b6c83bd22350f4c9387fbae4ad47c0
Instruction ID: 610caceaca38c151fdbd797611ee7c77fdddcc33996c69deb2acf368c2073f89
Opcode Fuzzy Hash: 7eeb515a73bb672f8314c2e63f66510e63b6c83bd22350f4c9387fbae4ad47c0
Instruction Fuzzy Hash: 99516271A44259EAFF21DFA1CC88FEABBBCAB45704F11019AE908B7140DB719E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D4200 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 99
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E3D2ED0: RegOpenKeyExW.ADVAPI32 ref: 6E3D2F00

GetLastError.KERNEL32 ref: 6E3D4224
RegQueryValueExW.KERNEL32(00000000,proxytype,00000000,?,?,?), ref: 6E3D4272
RegQueryValueExW.KERNEL32(00000000,customproxytype,00000000,?,?,?), ref: 6E3D428F
RegCloseKey.ADVAPI32(00000000), ref: 6E3D42E0

Strings

proxytype, xrefs: 6E3D4264
[proxy] reg open failed %d, xrefs: 6E3D422B
customproxytype, xrefs: 6E3D4289
customhttp, xrefs: 6E3D42CA
ieproxy, xrefs: 6E3D429F

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: QueryValue$CloseErrorLastOpen
String ID: [proxy] reg open failed %d$customhttp$customproxytype$ieproxy$proxytype
API String ID: 2240656346-2673210818
Opcode ID: 7d02cb1a308e73a2db60248c8acb8da30775f6b352f18f151a6d9e894616d690
Instruction ID: 6edaf6f82a9a481267694325b584eab075046b98bd5b53269f424e5260de7080
Opcode Fuzzy Hash: 7d02cb1a308e73a2db60248c8acb8da30775f6b352f18f151a6d9e894616d690
Instruction Fuzzy Hash: F43161B3804206AFD710DB95EC40EEBB7ACFF85358F40052AF545D6504E726A64ECBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6E4EDBB0 Relevance: 16.2, APIs: 3, Strings: 6, Instructions: 443COMMON

Download Yara Rule

APIs

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

GetModuleFileNameW.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,?,?), ref: 6E4EDE52
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?), ref: 6E4EDE5F
PathAppendW.SHLWAPI(?,Mininews.exe,?,?,?,?,?,?,?,?,?,?), ref: 6E4EDE71

Part of subcall function 6E4ED8F0: FindResourceExW.KERNEL32(00000000,00000006,000000AD,00000000,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A), ref: 6E4ED946
Part of subcall function 6E4ED8F0: FindResourceW.KERNEL32(00000000,?,00000006,000000FF), ref: 6E4ED984

Strings

http://media.ludashi.com/n/mini?pid=%s&appver=%s&modver=%s&from=%s&iever=%s&os=%s&mid=%s&mid2=%s&manual=%lu&showpro=%s&awake=%d&sc, xrefs: 6E4EE088
Mininews.exe, xrefs: 6E4EDE65
from, xrefs: 6E4EDF61
&atdate=, xrefs: 6E4EE138
&m_ver=, xrefs: 6E4EE159
&instdate=, xrefs: 6E4EE117

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: FileFindPathResource$AppendHeapModuleNameProcessRemoveSpec
String ID: &atdate=$&instdate=$&m_ver=$Mininews.exe$from$http://media.ludashi.com/n/mini?pid=%s&appver=%s&modver=%s&from=%s&iever=%s&os=%s&mid=%s&mid2=%s&manual=%lu&showpro=%s&awake=%d&sc
API String ID: 1068931541-234934968
Opcode ID: ba46d459ee4b7cef111185de075321ea528aada85e44477d6cde5c400cf8b1ff
Instruction ID: 7b6cb4b0a5de828f83eccc287d01d96194e26eb8172c58815eea129d619fe640
Opcode Fuzzy Hash: ba46d459ee4b7cef111185de075321ea528aada85e44477d6cde5c400cf8b1ff
Instruction Fuzzy Hash: 50128B70901659DFDB50CFA8CC88F9DB7B8EF44309F0086E9E409AB691DB749A84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E510DA0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 256registrystringCOMMON

Download Yara Rule

APIs

Part of subcall function 6E50FC30: GetModuleHandleW.KERNEL32(Advapi32.dll,?,6E568638,?,00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FC54
Part of subcall function 6E50FC30: RegCloseKey.ADVAPI32(00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FCB7

RegEnumKeyExW.KERNEL32(00000000,00000000,?,00000104,00000000,00000000,00000000,?,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000008,E97A779A,?,?), ref: 6E510E77
RegOpenKeyExW.KERNEL32(00000000,?,00000000,00000001,?), ref: 6E510EAE
RegQueryValueExW.KERNEL32(?,ServiceName,00000000,?,?,?), ref: 6E510EF9
RegCloseKey.ADVAPI32(?), ref: 6E511083

Part of subcall function 6E5115D0: RegCloseKey.ADVAPI32(00000000), ref: 6E51199D

lstrcmpA.KERNEL32(?,00000000), ref: 6E510FE1
lstrcmpA.KERNEL32(?,00000000), ref: 6E511030
RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000008,E97A779A,?,?), ref: 6E51111C

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards, xrefs: 6E510DF7
ServiceName, xrefs: 6E510EF3

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Close$lstrcmp$EnumHandleModuleOpenQueryValue
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName
API String ID: 696044940-1795789498
Opcode ID: 19754f28f34555259bccbdcc9de6e0d553ab6d52977d2b9d0228124fb3033bae
Instruction ID: eeb863410b0c656639eab18dcf3c66b41aa649a66c58e7adf101620953eb2674
Opcode Fuzzy Hash: 19754f28f34555259bccbdcc9de6e0d553ab6d52977d2b9d0228124fb3033bae
Instruction Fuzzy Hash: 14A18E71D08659DFEB61CEA4CD54BEAB7F8AB01705F1041DAD908E7280EB359E89CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E5086C0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 203encryptionCOMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI(6E562730,E97A779A,00000000,762C51B0,762C6060), ref: 6E508705
WinVerifyTrust.WINTRUST(00000000,00AAC56B,00000030), ref: 6E50880A
WTHelperProvDataFromStateData.WINTRUST(00000000,00000000,00AAC56B,00000030), ref: 6E508845
CertGetNameStringW.CRYPT32(00000001,00000004,00000000,00000000,?,00000200), ref: 6E5088DE
WinVerifyTrust.WINTRUST(00000000,00AAC56B,00000030,00000000,00AAC56B,00000030), ref: 6E5089EA

Strings

Beijing Qihu Technology Co., Ltd., xrefs: 6E50890C
Qihoo 360 Software (Beijing) Company Limited, xrefs: 6E508924
0, xrefs: 6E5089C0
Chengdu Qilu Technology Co. Ltd., xrefs: 6E5088F0

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: DataTrustVerify$CertExistsFileFromHelperNamePathProvStateString
String ID: 0$Beijing Qihu Technology Co., Ltd.$Chengdu Qilu Technology Co. Ltd.$Qihoo 360 Software (Beijing) Company Limited
API String ID: 3877264439-2906720276
Opcode ID: 7685d79ad645c219fbf950440fcb30bab1b4340e50cc73a5cabff68fa722b14c
Instruction ID: 8dc814731b90f5dd2b38551d1112a52984455cf9adf49d40581e49aeccda0f42
Opcode Fuzzy Hash: 7685d79ad645c219fbf950440fcb30bab1b4340e50cc73a5cabff68fa722b14c
Instruction Fuzzy Hash: A08155B1D002199BEF10DFD4CC94BEA77F8AF44709F0084E9E618A7241E7759A89CF96

Uniqueness

Uniqueness Score: -1.00%

Function 6E50E8B0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 135sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

InterlockedCompareExchange.KERNEL32(6E568534,00000001,6E568638), ref: 6E50E92F
Sleep.KERNEL32(00000001), ref: 6E50E962
GetCurrentProcess.KERNEL32(00000008,?), ref: 6E50E9F2
OpenProcessToken.ADVAPI32(00000000), ref: 6E50E9F9
GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000000,00000004,?), ref: 6E50EA2F
CloseHandle.KERNEL32(00000000), ref: 6E50EA4A

Strings

GenuineIntel, xrefs: 6E50EF5C
GenuineIotel, xrefs: 6E50E803, 6E50EF21
%s,%x,%s, xrefs: 6E50EF9F
GenuineIntel,50657,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, xrefs: 6E50ED0E, 6E50ED22, 6E50ED4F, 6E50ED72, 6E50EDB1, 6E50EDBE, 6E50EDBF, 6E50EFAC, 6E50F032

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Process$Token$CloseCompareCurrentExchangeHandleHeapInformationInterlockedOpenSleep
String ID: %s,%x,%s$GenuineIntel$GenuineIntel,50657,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$GenuineIotel
API String ID: 2953795439-1265826313
Opcode ID: 191bf633f3d4ac00d6aae4eaeada0635fd84af1312d6205bced4c60804d5bf49
Instruction ID: a62e1b8b9b7e3d60aa1c881c8390a43a2cec248e1c578ec2ee110e73a08cfe61
Opcode Fuzzy Hash: 191bf633f3d4ac00d6aae4eaeada0635fd84af1312d6205bced4c60804d5bf49
Instruction Fuzzy Hash: E241DF71901619DFDFA09FA4CC88BAAB7F8FB05318F1046A9E919A7290DF709E44CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E50BBC0 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 505COMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI(?,.asyn.on,00000008,?,?,?,E97A779A), ref: 6E50BDCE
PathFileExistsW.SHLWAPI(?,.asyn.debug.on,0000000E,?,?,?,?,?,?,E97A779A), ref: 6E50BEF1
PathFileExistsW.SHLWAPI(?,.on,00000003,?,?,?,?,?,?,?,?,?,E97A779A), ref: 6E50C009
PathFileExistsW.SHLWAPI(?,.debug.on,00000009,?,?,?,?,?,?,?,?,?,?,?,?,E97A779A), ref: 6E50C129

Strings

.debug.on, xrefs: 6E50C10C
.asyn.on, xrefs: 6E50BDB1
.asyn.debug.on, xrefs: 6E50BED4
.on, xrefs: 6E50BFEC

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ExistsFilePath
String ID: .asyn.debug.on$.asyn.on$.debug.on$.on
API String ID: 1174141254-3251590109
Opcode ID: f07622895c5726e6e1fb9055511ebe2f4d5ab910e06a7e4cc74fe1e593f2e7f5
Instruction ID: ac92e63a5703d44f5a7987414fcfbe69bde18eef8b28a5c907be9037b5169c54
Opcode Fuzzy Hash: f07622895c5726e6e1fb9055511ebe2f4d5ab910e06a7e4cc74fe1e593f2e7f5
Instruction Fuzzy Hash: AE12B071D00145DFEB14DFA8CC94BEDB7F4AF86318F108669E52AEB290DB349A84CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DD4B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 172
networkfileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3DD4B0(void* __ecx, void* __fp0) {
				struct _GOPHER_FIND_DATAA _t54;
				long _t55;
				void* _t56;
				int _t59;
				long _t61;
				long _t62;
				int _t65;
				long _t66;
				long _t73;
				long _t74;
				long _t76;
				void* _t85;
				intOrPtr _t92;
				long _t111;
				long _t112;
				void* _t113;
				intOrPtr _t114;
				void* _t115;

				_t120 = __fp0;
				_t113 = __ecx;
				_t114 =  *((intOrPtr*)(__ecx + 4));
				E6E3D86B0(__fp0, _t114);
				E6E3D86B0(__fp0, _t114 + 0x40);
				 *((intOrPtr*)(__ecx + 0x144)) = 0;
				SetLastError(0);
				_t111 =  *(_t115 + 0x1c);
				if(_t111 >= 0x400) {
					_t54 = _t113 + 0x55c0;
					 *((intOrPtr*)(_t54 + 4)) = 0;
					 *((intOrPtr*)(_t54 + 8)) = 0;
					 *((intOrPtr*)(_t54 + 0xc)) = 0;
					 *((intOrPtr*)(_t54 + 0x10)) = 0;
					 *((intOrPtr*)(_t54 + 0x14)) = 0;
					 *((intOrPtr*)(_t54 + 0x18)) = 0;
					 *((intOrPtr*)(_t54 + 0x1c)) = 0;
					 *((intOrPtr*)(_t54 + 0x20)) = 0;
					_t85 =  *(_t115 + 0x20);
					 *((intOrPtr*)(_t54 + 0x24)) = 0;
					 *_t54 = 0x28;
					 *((intOrPtr*)(_t113 + 0x55d4)) =  *((intOrPtr*)(_t115 + 0x24));
					 *(_t113 + 0x55dc) = _t111;
					_t55 = HttpSendRequestExA(_t85, _t54, 0, 0, 0);
					__eflags = _t55;
					if(_t55 != 0) {
						L6:
						__eflags =  *((char*)(_t113 + 0xe4));
						_t56 = _t113 + 0xe4;
						if(__eflags == 0) {
							E6E3DD380(__eflags, _t85, _t56, 0x40);
							_t115 = _t115 + 0xc;
						}
						GetTickCount();
						__eflags =  *((intOrPtr*)(_t113 + 0x55d8)) -  *(_t113 + 0x55dc);
						while( *((intOrPtr*)(_t113 + 0x55d8)) <  *(_t113 + 0x55dc)) {
							__eflags =  *(_t114 + 0xc);
							 *(_t115 + 0x18) = 0;
							_t112 = 0x2000;
							if( *(_t114 + 0xc) != 0) {
								_t112 = 0x200;
							}
							_t92 =  *((intOrPtr*)(_t113 + 0x55d8));
							_t62 =  *(_t113 + 0x55dc);
							__eflags = _t92 + _t112 - _t62;
							if(_t92 + _t112 > _t62) {
								_t74 = _t62 - _t92;
								__eflags = _t74;
								_t112 = _t74;
							}
							_t65 = InternetWriteFile(_t85,  *((intOrPtr*)(_t113 + 0x55d4)) + _t92, _t112, _t115 + 0x18); // executed
							__eflags = _t65;
							if(_t65 != 0) {
								L16:
								_t66 =  *(_t115 + 0x18);
								__eflags = _t112 - _t66;
								if(_t112 == _t66) {
									goto L17;
								}
							} else {
								_t73 = E6E3DD3C0(_t113);
								__eflags = _t73;
								if(_t73 != 0) {
									goto L16;
								}
							}
							goto L18;
							L17:
							E6E3D4C00(_t66);
							E6E3D7E10(_t114,  *(_t115 + 0x18));
							E6E3D7E10(_t113 + 0x10,  *(_t115 + 0x18));
							 *((intOrPtr*)(_t113 + 0x144)) =  *((intOrPtr*)(_t113 + 0x144)) +  *(_t115 + 0x18);
							E6E3D86B0(_t120, _t114);
							 *((intOrPtr*)(_t113 + 0x55d8)) =  *((intOrPtr*)(_t113 + 0x55d8)) +  *(_t115 + 0x18);
							__eflags =  *((intOrPtr*)(_t113 + 0x55d8)) -  *(_t113 + 0x55dc);
						}
						L18:
						__eflags =  *(_t113 + 0x55dc) -  *((intOrPtr*)(_t113 + 0x55d8));
						if( *(_t113 + 0x55dc) !=  *((intOrPtr*)(_t113 + 0x55d8))) {
							goto L23;
						} else {
							_t59 = HttpEndRequestA(_t85, 0, 8, 2);
							__eflags = _t59;
							if(_t59 != 0) {
								L21:
								return 1;
							} else {
								_t61 = E6E3DD3C0(_t113);
								__eflags = _t61;
								if(_t61 == 0) {
									goto L23;
								} else {
									goto L21;
								}
							}
						}
					} else {
						_t76 = E6E3DD3C0(_t113);
						__eflags = _t76;
						if(_t76 == 0) {
							L23:
							__eflags = 0;
							return 0;
						} else {
							goto L6;
						}
					}
				} else {
					_t6 = _t115 + 0x14; // 0x2276585c
					if(HttpSendRequestA( *_t6, 0, 0,  *(_t115 + 0x18), _t111) != 0 || E6E3DD3C0(_t113) != 0) {
						E6E3D4C00(_t111);
						E6E3D7E10(_t114, _t111);
						E6E3D7E10(_t113 + 0x10, _t111);
						 *((intOrPtr*)(_t113 + 0x144)) =  *((intOrPtr*)(_t113 + 0x144)) + _t111;
						return 1;
					} else {
						return 0;
					}
				}
			}

0x6e3dd4b0
0x6e3dd4b3
0x6e3dd4b5
0x6e3dd4bc
0x6e3dd4c7
0x6e3dd4cd
0x6e3dd4d3
0x6e3dd4d9
0x6e3dd4e3
0x6e3dd53a
0x6e3dd542
0x6e3dd545
0x6e3dd548
0x6e3dd54b
0x6e3dd54e
0x6e3dd552
0x6e3dd555
0x6e3dd559
0x6e3dd55d
0x6e3dd561
0x6e3dd56a
0x6e3dd570
0x6e3dd576
0x6e3dd57c
0x6e3dd582
0x6e3dd584
0x6e3dd595
0x6e3dd595
0x6e3dd59c
0x6e3dd5a2
0x6e3dd5a8
0x6e3dd5ad
0x6e3dd5ad
0x6e3dd5b0
0x6e3dd5bc
0x6e3dd5c2
0x6e3dd5d0
0x6e3dd5d4
0x6e3dd5dc
0x6e3dd5e1
0x6e3dd5e3
0x6e3dd5e3
0x6e3dd5e8
0x6e3dd5ee
0x6e3dd5f7
0x6e3dd5f9
0x6e3dd5fb
0x6e3dd5fb
0x6e3dd5fd
0x6e3dd5fd
0x6e3dd60f
0x6e3dd615
0x6e3dd617
0x6e3dd624
0x6e3dd624
0x6e3dd628
0x6e3dd62a
0x00000000
0x00000000
0x6e3dd619
0x6e3dd61b
0x6e3dd620
0x6e3dd622
0x00000000
0x00000000
0x6e3dd622
0x00000000
0x6e3dd62c
0x6e3dd633
0x6e3dd63f
0x6e3dd64c
0x6e3dd655
0x6e3dd65e
0x6e3dd667
0x6e3dd673
0x6e3dd673
0x6e3dd67f
0x6e3dd685
0x6e3dd68b
0x00000000
0x6e3dd68d
0x6e3dd694
0x6e3dd69a
0x6e3dd69c
0x6e3dd6ac
0x6e3dd6b2
0x6e3dd69e
0x6e3dd6a0
0x6e3dd6a5
0x6e3dd6a7
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3dd6a7
0x6e3dd69c
0x6e3dd586
0x6e3dd588
0x6e3dd58d
0x6e3dd58f
0x6e3dd6c1
0x6e3dd6c1
0x6e3dd6c4
0x00000000
0x00000000
0x00000000
0x6e3dd58f
0x6e3dd4e5
0x6e3dd4e9
0x6e3dd4fa
0x6e3dd512
0x6e3dd51a
0x6e3dd523
0x6e3dd528
0x6e3dd537
0x6e3dd6b8
0x6e3dd6bb
0x6e3dd6bb
0x6e3dd4fa

APIs

Part of subcall function 6E3D86B0: GetTickCount.KERNEL32 ref: 6E3D86C2
Part of subcall function 6E3D86B0: EnterCriticalSection.KERNEL32(?), ref: 6E3D86DE
Part of subcall function 6E3D86B0: LeaveCriticalSection.KERNEL32(?,00000000), ref: 6E3D86FA
Part of subcall function 6E3D86B0: WaitForSingleObject.KERNEL32(?,00000032), ref: 6E3D8709
Part of subcall function 6E3D86B0: GetTickCount.KERNEL32 ref: 6E3D8713
Part of subcall function 6E3D86B0: GetTickCount.KERNEL32 ref: 6E3D8720
Part of subcall function 6E3D86B0: GetTickCount.KERNEL32 ref: 6E3D8732
Part of subcall function 6E3D86B0: LeaveCriticalSection.KERNEL32(?,00000000), ref: 6E3D877F

SetLastError.KERNEL32(00000000,?,70C92000,?,?,6E3DEF73,?,00001FFF,?), ref: 6E3DD4D3
HttpSendRequestA.WININET(\Xv",00000000,00000000,?,?), ref: 6E3DD4F2

Part of subcall function 6E3DD3C0: GetLastError.KERNEL32(?,00000049,?), ref: 6E3DD3CD

HttpSendRequestExA.WININET(00000049,?,00000000,00000000,00000000), ref: 6E3DD57C
GetTickCount.KERNEL32 ref: 6E3DD5B0
InternetWriteFile.WININET(00000049,?,00002000,00000000), ref: 6E3DD60F
HttpEndRequestA.WININET(00000049,00000000,00000008,00000002), ref: 6E3DD694

Strings

\Xv", xrefs: 6E3DD4E9, 6E3DD4F1

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CountTick$CriticalHttpRequestSection$ErrorLastLeaveSend$EnterFileInternetObjectSingleWaitWrite
String ID: \Xv"
API String ID: 49278130-1849003930
Opcode ID: 26e3e62751091310e19284deced55cd3fd6f81a241e5faab3ed66cfecc5ab525
Instruction ID: 74129db4c14b06a6410c58009bc6111cc9a2f9befd5b26e95db31daded5bb99f
Opcode Fuzzy Hash: 26e3e62751091310e19284deced55cd3fd6f81a241e5faab3ed66cfecc5ab525
Instruction Fuzzy Hash: 3B515C72204B009BD324CF69D894B9BB7FEAB84315F91492DE55AC7251DB30A808CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E4D42 Relevance: 12.0, APIs: 8, Instructions: 42
threadCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E6E3E4D42(intOrPtr __edx, long _a4, char _a8, intOrPtr _a12, long _a16, DWORD* _a20) {
				struct _SECURITY_ATTRIBUTES* _v0;
				DWORD* _v12;
				void* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t27;
				void* _t33;
				DWORD* _t38;
				intOrPtr* _t40;
				void* _t42;
				void* _t48;
				long _t51;
				void* _t61;
				struct _SECURITY_ATTRIBUTES* _t62;
				intOrPtr* _t64;
				void* _t65;

				_t58 = __edx;
				_push(_t64);
				E6E3E8CFC();
				_t27 = E6E3E8CDC(E6E3E8CF6());
				if(_t27 != 0) {
					_t51 = _a4;
					 *((intOrPtr*)(_t27 + 0x54)) =  *((intOrPtr*)(_t51 + 0x54));
					 *((intOrPtr*)(_t27 + 0x58)) =  *((intOrPtr*)(_t51 + 0x58));
					_t58 =  *((intOrPtr*)(_t51 + 4));
					_push(_t51);
					 *((intOrPtr*)(_t27 + 4)) =  *((intOrPtr*)(_t51 + 4));
					E6E3E8F04(_t48, _t61, _t64, __eflags);
				} else {
					_t64 = _a4;
					if(E6E3E8D30(E6E3E8CF6(), _t64) == 0) {
						ExitThread(GetLastError());
					}
					 *_t64 = GetCurrentThreadId();
				}
				_t73 =  *0x6e3fc668;
				if( *0x6e3fc668 != 0) {
					_t42 = E6E3ED4B0(_t73, 0x6e3fc668);
					_pop(_t51);
					_t74 = _t42;
					if(_t42 != 0) {
						 *0x6e3fc668(); // executed
					}
				}
				E6E3E4D01(_t58, _t61, _t64, _t74); // executed
				asm("int3");
				_push(_t51);
				_push(_t48);
				_push(_t61);
				_t62 = _v0;
				_v20 = 0;
				_t75 = _t62;
				if(_t62 != 0) {
					_push(_t64);
					E6E3E8CFC();
					_t65 = E6E3E947F(1, 0x214);
					__eflags = _t65;
					if(__eflags == 0) {
						L16:
						_push(_t65);
						E6E3E27B2(0, _t62, _t65, __eflags);
						__eflags = _v12;
						if(_v12 != 0) {
							E6E3E5780(_v12);
						}
						_t33 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E6E3E8EEA(0, _t58, _t62, __eflags) + 0x6c)));
						_push(_t65);
						E6E3E8D8A(0, _t62, _t65, __eflags);
						 *(_t65 + 4) =  *(_t65 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t65 + 0x58)) = _a12;
						_t38 = _a20;
						 *((intOrPtr*)(_t65 + 0x54)) = _t62;
						__eflags = _t38;
						if(_t38 == 0) {
							_t38 =  &_a8;
						}
						_t33 = CreateThread(_v0, _a4, E6E3E4D42, _t65, _a16, _t38); // executed
						__eflags = _t33;
						if(__eflags == 0) {
							_v12 = GetLastError();
							goto L16;
						}
					}
				} else {
					_t40 = E6E3E575A(_t75);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t40 = 0x16;
					E6E3E3DE7(_t58, _t62, _t64);
					_t33 = 0;
				}
				return _t33;
			}

0x6e3e4d42
0x6e3e4d47
0x6e3e4d48
0x6e3e4d53
0x6e3e4d5a
0x6e3e4d86
0x6e3e4d8c
0x6e3e4d92
0x6e3e4d95
0x6e3e4d98
0x6e3e4d99
0x6e3e4d9c
0x6e3e4d5c
0x6e3e4d5c
0x6e3e4d6d
0x6e3e4d76
0x6e3e4d76
0x6e3e4d82
0x6e3e4d82
0x6e3e4da1
0x6e3e4da8
0x6e3e4daf
0x6e3e4db4
0x6e3e4db5
0x6e3e4db7
0x6e3e4db9
0x6e3e4db9
0x6e3e4db7
0x6e3e4dbf
0x6e3e4dc4
0x6e3e4dca
0x6e3e4dcb
0x6e3e4dcc
0x6e3e4dcd
0x6e3e4dd2
0x6e3e4dd5
0x6e3e4dd7
0x6e3e4df5
0x6e3e4df6
0x6e3e4e07
0x6e3e4e0b
0x6e3e4e0d
0x6e3e4e59
0x6e3e4e59
0x6e3e4e5a
0x6e3e4e60
0x6e3e4e63
0x6e3e4e68
0x6e3e4e6d
0x6e3e4e6e
0x6e3e4e6e
0x6e3e4e0f
0x6e3e4e14
0x6e3e4e17
0x6e3e4e18
0x6e3e4e20
0x6e3e4e24
0x6e3e4e27
0x6e3e4e2c
0x6e3e4e2f
0x6e3e4e31
0x6e3e4e33
0x6e3e4e33
0x6e3e4e46
0x6e3e4e4c
0x6e3e4e4e
0x6e3e4e56
0x00000000
0x6e3e4e56
0x6e3e4e4e
0x6e3e4dd9
0x6e3e4dd9
0x6e3e4dde
0x6e3e4ddf
0x6e3e4de0
0x6e3e4de1
0x6e3e4de2
0x6e3e4de3
0x6e3e4de9
0x6e3e4df1
0x6e3e4df1
0x6e3e4e74

APIs

___set_flsgetvalue.LIBCMT ref: 6E3E4D48

Part of subcall function 6E3E8CFC: TlsGetValue.KERNEL32(?,6E3E8E88), ref: 6E3E8D05
Part of subcall function 6E3E8CFC: __decode_pointer.LIBCMT ref: 6E3E8D17
Part of subcall function 6E3E8CFC: TlsSetValue.KERNEL32(00000000), ref: 6E3E8D26

___fls_getvalue@4.LIBCMT ref: 6E3E4D53

Part of subcall function 6E3E8CDC: TlsGetValue.KERNEL32(?,?,6E3E4D58,00000000), ref: 6E3E8CEA

___fls_setvalue@8.LIBCMT ref: 6E3E4D66

Part of subcall function 6E3E8D30: __decode_pointer.LIBCMT ref: 6E3E8D41

GetLastError.KERNEL32(00000000,?,00000000), ref: 6E3E4D6F
ExitThread.KERNEL32 ref: 6E3E4D76
GetCurrentThreadId.KERNEL32 ref: 6E3E4D7C
__freefls@4.LIBCMT ref: 6E3E4D9C
__IsNonwritableInCurrentImage.LIBCMT ref: 6E3E4DAF

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
String ID:
API String ID: 1925773019-0
Opcode ID: f3d5b35690a28e9724bb2003689a741780eece5d692f5ae1f6a70c10fb4650a8
Instruction ID: e1d657384f6096c3adb19af5131d13bfae6679cd45001e6c9f44981dc6a8f369
Opcode Fuzzy Hash: f3d5b35690a28e9724bb2003689a741780eece5d692f5ae1f6a70c10fb4650a8
Instruction Fuzzy Hash: D501A2708016219FD704AFF0D90898F7BEDAF4E348728881AE9459BA16DF35D842CB55

Uniqueness

Uniqueness Score: -1.00%

Function 6E50E800 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 210COMMON

Download Yara Rule

APIs

InterlockedCompareExchange.KERNEL32(6E568534,00000001,6E568638), ref: 6E50E92F
GetCurrentProcess.KERNEL32(00000008,?), ref: 6E50E9F2
OpenProcessToken.ADVAPI32(00000000), ref: 6E50E9F9
GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000000,00000004,?), ref: 6E50EA2F
CloseHandle.KERNEL32(00000000), ref: 6E50EA4A

Strings

GenuineIotel, xrefs: 6E50E803

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ProcessToken$CloseCompareCurrentExchangeHandleInformationInterlockedOpen
String ID: GenuineIotel
API String ID: 3852283532-510897538
Opcode ID: 84029501a202a3843f31d24f52251cd791d0cc55363f49e5d0e572a80c1648b7
Instruction ID: 8f8fb36f45f8fa810f422b46c2d9d0b887c5150ecbdad14c49deccf41fa3f9a3
Opcode Fuzzy Hash: 84029501a202a3843f31d24f52251cd791d0cc55363f49e5d0e572a80c1648b7
Instruction Fuzzy Hash: 4E71C2719016199FDB60CFA4CC88BEAB7FCEF45314F1046A9EA19A7290DB71AD44CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E513870 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 165fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,00000000,00000000,00000000), ref: 6E5138D2
_strncpy.LIBCMT ref: 6E513939
DeviceIoControl.KERNEL32(00000000,0004D008,0000001C,0000003C,0000001C,0000022D,?,00000000), ref: 6E51396C
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6E513AA2

Strings

\\.\Scsi%d:, xrefs: 6E5138A3
SCSIDISK, xrefs: 6E513915

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle_strncpy
String ID: SCSIDISK$\\.\Scsi%d:
API String ID: 567709098-2176293039
Opcode ID: 662d5c5f195109cf3bdce8085325d42fe16e24332bbf99d4cdb6e2e5537a848c
Instruction ID: 321232dc688e13011437e0be7b472c442c6cf7e9c950188a3def4b295300d051
Opcode Fuzzy Hash: 662d5c5f195109cf3bdce8085325d42fe16e24332bbf99d4cdb6e2e5537a848c
Instruction Fuzzy Hash: 0861B531D092189AFB51DFA8CC98BE8B7F4EB45308F1142D9E91CA7182DB75AB84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E513FE0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 157COMMON

Download Yara Rule

APIs

Part of subcall function 6E5134A0: _strncat.LIBCMT ref: 6E5135AD

SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,00000001,?,00000100,?,?,?,?,?,?,?,?,00000000), ref: 6E51410E
SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid_old,00000001,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E514178
SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,00000001,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E5141A5

Strings

Software\360Safe\Liveup, xrefs: 6E514104, 6E51416E, 6E51419B
mid, xrefs: 6E5140FF, 6E514196
mid_old, xrefs: 6E514169

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Value$_strncat
String ID: Software\360Safe\Liveup$mid$mid_old
API String ID: 1864955066-1528303271
Opcode ID: 598aeabc99d21695062314a427abe52cc94ff834694ec137feb5d86de50cbd1e
Instruction ID: 02ff4eb844dae273d69c38536415e5d836fa6614baab917bf2b1a018b963bbac
Opcode Fuzzy Hash: 598aeabc99d21695062314a427abe52cc94ff834694ec137feb5d86de50cbd1e
Instruction Fuzzy Hash: FE5157316181099BEB41CEA4CC54BF67BF9AF42308F5441EDE9449B241EF729E4ACB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D6FA0 Relevance: 10.6, APIs: 7, Instructions: 89
fileCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E6E3D6FA0(void** __ecx, long _a4, void* _a8, intOrPtr _a12, void* _a16, void _a20, void* _a24) {
				long _v4;
				signed int _v8;
				void* _t28;
				void* _t29;
				signed int _t34;
				struct _OVERLAPPED* _t35;
				WCHAR* _t47;
				void** _t48;
				intOrPtr _t50;

				_t47 = _a4;
				_t48 = __ecx;
				if(_t47 != 0) {
					_t2 =  &(_t48[6]); // 0x6e4064f0
					EnterCriticalSection(_t2);
					_t48[1] = _a20;
					_t48[4] = _a24;
					_t28 =  *_t48;
					_t48[5] = _a8;
					_t48[3] = _a16;
					if(_t28 != 0) {
						CloseHandle(_t28);
						 *_t48 = 0;
					}
					_t50 = _a12;
					_push(0);
					_push(0x80);
					if(_t50 == 0) {
						_push(2);
					} else {
						_push(4);
					}
					_t29 = CreateFileW(_t47, 0x40000000, 1, 0, ??, ??, ??); // executed
					 *_t48 = _t29;
					if(_t29 != 0xffffffff) {
						if(_t48[3] != 0) {
							_v8 = 0;
							_v4 = 0;
							_t34 = GetFileSize(_t29,  &_v4);
							_v8 = _t34;
							_t35 = _t34 | _v4;
							if(_t35 == 0) {
								_a4 = _t35;
								_a20 = 0xfeff;
								WriteFile( *_t48,  &_a20, 2,  &_a4, _t35);
							}
						}
						if(_t50 != 0) {
							SetFilePointer( *_t48, 0, 0, 2);
						}
					} else {
						 *_t48 = 0;
					}
					_t22 =  &(_t48[6]); // 0x6e4064f0
					LeaveCriticalSection(_t22);
					return 0 |  *_t48 != 0x00000000;
				} else {
					return 0;
				}
			}

0x6e3d6fa5
0x6e3d6fa9
0x6e3d6fad
0x6e3d6fb9
0x6e3d6fbd
0x6e3d6fcf
0x6e3d6fd6
0x6e3d6fd9
0x6e3d6fdb
0x6e3d6fde
0x6e3d6fe3
0x6e3d6fe6
0x6e3d6fec
0x6e3d6fec
0x6e3d6ff3
0x6e3d6ff7
0x6e3d6ff9
0x6e3d7000
0x6e3d7006
0x6e3d7002
0x6e3d7002
0x6e3d7002
0x6e3d7012
0x6e3d7018
0x6e3d701d
0x6e3d702b
0x6e3d7033
0x6e3d703b
0x6e3d7043
0x6e3d7049
0x6e3d704d
0x6e3d7051
0x6e3d705b
0x6e3d7067
0x6e3d706f
0x6e3d706f
0x6e3d7051
0x6e3d7077
0x6e3d7082
0x6e3d7082
0x6e3d701f
0x6e3d701f
0x6e3d701f
0x6e3d7088
0x6e3d708c
0x6e3d709f
0x6e3d6fb0
0x6e3d6fb6
0x6e3d6fb6

APIs

EnterCriticalSection.KERNEL32(6E4064F0,?,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 6E3D6FBD
CloseHandle.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 6E3D6FE6
CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,?,?,?,00000000,00000000), ref: 6E3D7012
LeaveCriticalSection.KERNEL32(6E4064F0,?,?,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 6E3D708C

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterFileHandleLeave
String ID:
API String ID: 823799864-0
Opcode ID: 0d171173ed7d4149d2c760b21a0ec0daa4e51454d54541a3f8baad4ac6c428dd
Instruction ID: 482eb158401afa8780e2bb13fc2c88456d4f9e784e6a0004551c352f8c21cdb4
Opcode Fuzzy Hash: 0d171173ed7d4149d2c760b21a0ec0daa4e51454d54541a3f8baad4ac6c428dd
Instruction Fuzzy Hash: 7D3138B1104706AFD360DFA4D845F5BB7E8BF88710F10891DF596962C0E775A548CF62

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E4DC5 Relevance: 10.6, APIs: 7, Instructions: 71
threadCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E3E4DC5(void* __edx, void* __esi, struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				DWORD* _v8;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t20;
				DWORD* _t25;
				intOrPtr* _t27;
				char _t41;
				void* _t44;

				_t41 = _a12;
				_v8 = 0;
				_t48 = _t41;
				if(_t41 != 0) {
					_push(__esi);
					E6E3E8CFC();
					_t44 = E6E3E947F(1, 0x214);
					__eflags = _t44;
					if(__eflags == 0) {
						L7:
						_push(_t44);
						E6E3E27B2(0, _t41, _t44, __eflags);
						__eflags = _v8;
						if(_v8 != 0) {
							E6E3E5780(_v8);
						}
						_t20 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E6E3E8EEA(0, __edx, _t41, __eflags) + 0x6c)));
						_push(_t44);
						E6E3E8D8A(0, _t41, _t44, __eflags);
						 *(_t44 + 4) =  *(_t44 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t44 + 0x58)) = _a16;
						_t25 = _a24;
						 *((intOrPtr*)(_t44 + 0x54)) = _t41;
						__eflags = _t25;
						if(_t25 == 0) {
							_t25 =  &_a12;
						}
						_t20 = CreateThread(_a4, _a8, E6E3E4D42, _t44, _a20, _t25); // executed
						__eflags = _t20;
						if(__eflags == 0) {
							_v8 = GetLastError();
							goto L7;
						}
					}
				} else {
					_t27 = E6E3E575A(_t48);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t27 = 0x16;
					E6E3E3DE7(__edx, _t41, __esi);
					_t20 = 0;
				}
				return _t20;
			}

0x6e3e4dcd
0x6e3e4dd2
0x6e3e4dd5
0x6e3e4dd7
0x6e3e4df5
0x6e3e4df6
0x6e3e4e07
0x6e3e4e0b
0x6e3e4e0d
0x6e3e4e59
0x6e3e4e59
0x6e3e4e5a
0x6e3e4e60
0x6e3e4e63
0x6e3e4e68
0x6e3e4e6d
0x6e3e4e6e
0x6e3e4e6e
0x6e3e4e0f
0x6e3e4e14
0x6e3e4e17
0x6e3e4e18
0x6e3e4e20
0x6e3e4e24
0x6e3e4e27
0x6e3e4e2c
0x6e3e4e2f
0x6e3e4e31
0x6e3e4e33
0x6e3e4e33
0x6e3e4e46
0x6e3e4e4c
0x6e3e4e4e
0x6e3e4e56
0x00000000
0x6e3e4e56
0x6e3e4e4e
0x6e3e4dd9
0x6e3e4dd9
0x6e3e4dde
0x6e3e4ddf
0x6e3e4de0
0x6e3e4de1
0x6e3e4de2
0x6e3e4de3
0x6e3e4de9
0x6e3e4df1
0x6e3e4df1
0x6e3e4e74

APIs

___set_flsgetvalue.LIBCMT ref: 6E3E4DF6
__calloc_crt.LIBCMT ref: 6E3E4E02
__getptd.LIBCMT ref: 6E3E4E0F
__initptd.LIBCMT ref: 6E3E4E18
CreateThread.KERNEL32(?,?,6E3E4D42,00000000,?,?), ref: 6E3E4E46
GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 6E3E4E50
__dosmaperr.LIBCMT ref: 6E3E4E68

Part of subcall function 6E3E575A: __getptd_noexit.LIBCMT ref: 6E3E575A

Part of subcall function 6E3E3DE7: __decode_pointer.LIBCMT ref: 6E3E3DF2

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit__initptd
String ID:
API String ID: 3358092440-0
Opcode ID: ecd0938be571fff4326b805f7667f82fd48a9bed435cb910f4bbe4012cb38201
Instruction ID: 863ed843a2abf704ec2df083c46e89ff64da66b29f63aa64632d8effd88e68e8
Opcode Fuzzy Hash: ecd0938be571fff4326b805f7667f82fd48a9bed435cb910f4bbe4012cb38201
Instruction Fuzzy Hash: 7011C47250422AEFDB10AFE49C808CF7BE9FF88324B10486BF55197950DB3299428B60

Uniqueness

Uniqueness Score: -1.00%

Function 6E50FC30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll,?,6E568638,?,00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FC54
GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6E50FC6B
RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,E97A779A,00000000,?,6E568638,?,00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FCA4
RegCloseKey.ADVAPI32(00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FCB7

Strings

RegOpenKeyTransactedW, xrefs: 6E50FC65
Advapi32.dll, xrefs: 6E50FC4F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: AddressCloseHandleModuleOpenProc
String ID: Advapi32.dll$RegOpenKeyTransactedW
API String ID: 823179699-3913318428
Opcode ID: ce43e14e3566b25d733e2af9c143f9c9761418990d9e960f5b6faf70b3a87fa3
Instruction ID: 9d6240342c64bdbd08bab090da059367ca99edc179f4f5c7eb0ca8ea90b17914
Opcode Fuzzy Hash: ce43e14e3566b25d733e2af9c143f9c9761418990d9e960f5b6faf70b3a87fa3
Instruction Fuzzy Hash: 12119031608206EFEB508F96CC45F6A7BE8FF45300F20842AFA09DA244DB71E951DB78

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DCC30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E3DCC30(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t21;
				void* _t32;
				void* _t33;
				intOrPtr _t34;
				void* _t36;
				intOrPtr _t37;

				_t33 = __edi;
				_t28 = _a8;
				_t37 = _a4;
				_push(_a8);
				_push(_t37);
				_t36 = __ecx;
				E6E3D7C70(_a8, __edi, _t37, 0x6e4064d8, "[%u] Start, method=%d, url=%s", __ecx);
				_t16 =  *(_t36 + 0x598);
				if(_t16 == 0) {
					L3:
					_push(_t33);
					_t34 = _t36 + 0x45c0;
					E6E3E4BA0(_t34, _t28, 0x7ff);
					 *((intOrPtr*)(_t36 + 0x128)) = _t37;
					 *((intOrPtr*)(_t36 + 0xb8)) = 1;
					 *((intOrPtr*)(_t36 + 0x124)) = _t34;
					ResetEvent( *(_t36 + 0x59c));
					 *((intOrPtr*)(_t36 + 0x560)) = GetTickCount();
					 *(_t36 + 0x594) = 0; // executed
					_t21 = E6E3E4DC5(_t32, _t36, 0, 0, E6E3DCC00, _t36, 0, _t36 + 0x594); // executed
					 *(_t36 + 0x598) = _t21;
					if(_t21 == 0) {
						 *((intOrPtr*)(_t36 + 0xb8)) = 3;
						E6E3D81C0(_t36);
					}
					return 1;
				} else {
					if(WaitForSingleObject(_t16, 0) != 0) {
						return 0;
					} else {
						CloseHandle( *(_t36 + 0x598));
						 *(_t36 + 0x598) = 0;
						goto L3;
					}
				}
			}

0x6e3dcc30
0x6e3dcc31
0x6e3dcc36
0x6e3dcc3b
0x6e3dcc3c
0x6e3dcc3d
0x6e3dcc4a
0x6e3dcc4f
0x6e3dcc5a
0x6e3dcc84
0x6e3dcc84
0x6e3dcc8a
0x6e3dcc92
0x6e3dcca1
0x6e3dcca7
0x6e3dccb1
0x6e3dccb7
0x6e3dccc3
0x6e3dccdc
0x6e3dcce2
0x6e3dccea
0x6e3dccf3
0x6e3dccf7
0x6e3dcd01
0x6e3dcd01
0x6e3dcd0e
0x6e3dcc5c
0x6e3dcc67
0x6e3dcd16
0x6e3dcc6d
0x6e3dcc74
0x6e3dcc7a
0x00000000
0x6e3dcc7a
0x6e3dcc67

APIs

WaitForSingleObject.KERNEL32(?,00000000), ref: 6E3DCC5F
CloseHandle.KERNEL32(?), ref: 6E3DCC74
_strncpy.LIBCMT ref: 6E3DCC92
ResetEvent.KERNEL32 ref: 6E3DCCB7
GetTickCount.KERNEL32 ref: 6E3DCCBD

Strings

[%u] Start, method=%d, url=%s, xrefs: 6E3DCC40

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CloseCountEventHandleObjectResetSingleTickWait_strncpy
String ID: [%u] Start, method=%d, url=%s
API String ID: 3852520666-3518858945
Opcode ID: 39e8d8118ea666f26adcabf09cfc79c67f5db1763505d4fea2aa7ddc9d62834b
Instruction ID: f4a3559d3e31c20c92ef71337ae84220c9e34b9e054ab0cb22ce811e0ce15138
Opcode Fuzzy Hash: 39e8d8118ea666f26adcabf09cfc79c67f5db1763505d4fea2aa7ddc9d62834b
Instruction Fuzzy Hash: 2121BEB2110B00AFE3609BA4DC84FA7BBECAF49755F10081AF59E9B281DB717449CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6E504110 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,00000001,00000000,?,6E502E5A,80000002,?,00020219,SOFTWARE\Microsoft\Internet Explorer), ref: 6E504134
GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6E50414B
RegOpenKeyExW.KERNEL32(?,?,00000000,?,00000000,?,?,00000001,00000000,?,6E502E5A,80000002,?,00020219,SOFTWARE\Microsoft\Internet Explorer), ref: 6E504184
RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,?,6E502E5A,80000002,?,00020219,SOFTWARE\Microsoft\Internet Explorer), ref: 6E504197

Strings

RegOpenKeyTransactedW, xrefs: 6E504145
Advapi32.dll, xrefs: 6E50412F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: AddressCloseHandleModuleOpenProc
String ID: Advapi32.dll$RegOpenKeyTransactedW
API String ID: 823179699-3913318428
Opcode ID: 207b6ed4590298c4f78f217e90525c3b6d88c11d84ba5f3490145eda2238fa96
Instruction ID: 94abd48c9af95ef47a60f17cdb169a117461c6b9ce1c26fccc1edf0e4f549690
Opcode Fuzzy Hash: 207b6ed4590298c4f78f217e90525c3b6d88c11d84ba5f3490145eda2238fa96
Instruction Fuzzy Hash: EA119D31604605FBEB119FD9CC44BAABBF9EF65350F108029F918DB244D771EA52DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E52CC75 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6E51A307,6E52E053,?,?,6E514890,?,?,6E4F28FA,00000010,E97A779A,?,?,6E53E3CF), ref: 6E52CC7A
_free.LIBCMT ref: 6E52CCAF
_free.LIBCMT ref: 6E52CCD6
SetLastError.KERNEL32(00000000), ref: 6E52CCE3
SetLastError.KERNEL32(00000000), ref: 6E52CCEC

Strings

0eVn, xrefs: 6E52CCCA

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorLast$_free
String ID: 0eVn
API String ID: 3170660625-3650656507
Opcode ID: 8d78908f721826e4af2801337dd6a132f0cc0184aa959c7a125ad791d5bf7fef
Instruction ID: 0b97bb80ef6aa1c6086eb81f81d7ac0dd907c99a2b9170bf7f1f93303dc301c1
Opcode Fuzzy Hash: 8d78908f721826e4af2801337dd6a132f0cc0184aa959c7a125ad791d5bf7fef
Instruction Fuzzy Hash: 8501A233195A016FD70296E64D9496B26EDAAC3368B260835FA29EF2D6FF60CC014224

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D3DE0 Relevance: 9.3, APIs: 6, Instructions: 315
registryCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E6E3D3DE0(void* __ebp, void* __eflags, int _a4, char _a8, char _a12, char _a28, char _a36, short _a40, intOrPtr _a48, char _a52, char _a53, int _a56, intOrPtr _a60, char _a1100, char _a1101, short _a2148, char _a2160, char _a2162, char _a4196, signed int _a4208, char _a4212, int _a4220, void* _a4228, short* _a4232, intOrPtr _a4236, intOrPtr _a4240, intOrPtr _a4244, intOrPtr _a4248) {
				intOrPtr _v0;
				int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				int _v24;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t97;
				signed int _t99;
				long _t106;
				short* _t107;
				intOrPtr* _t109;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t122;
				intOrPtr* _t128;
				short* _t133;
				intOrPtr* _t135;
				intOrPtr _t139;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t158;
				intOrPtr _t166;
				intOrPtr _t179;
				intOrPtr _t183;
				void* _t204;
				short* _t210;
				void* _t211;
				void* _t215;
				intOrPtr _t220;
				intOrPtr _t225;
				signed int _t227;
				signed int _t228;

				_push(0xffffffff);
				_push(E6E3F9AD7);
				_push( *[fs:0x0]);
				E6E3E3480(0x1080);
				_t97 =  *0x6e405204; // 0x2276585c
				_a4208 = _t97 ^ _t227;
				_t99 =  *0x6e405204; // 0x2276585c
				_push(_t99 ^ _t227);
				 *[fs:0x0] =  &_a4212;
				_t214 = _a4228;
				_t210 = _a4232;
				_t225 = _a4244;
				_v8 = _a4240;
				_v0 = _a4236;
				_v12 = _a4248;
				_v4 = 0x400;
				_a2160 = 0;
				E6E3E2850(_t210,  &_a2162, 0, 0x7fe);
				_t228 = _t227 + 0xc;
				_t201 =  &_v4;
				_a4 = 1;
				_t106 = RegQueryValueExW(_a4228, _t210, 0,  &_a4,  &_a2160,  &_v4); // executed
				if(_t106 != 0) {
					L14:
					_t107 = 0;
					L15:
					 *[fs:0x0] = _a4212;
					_pop(_t211);
					_pop(_t215);
					_pop(_t158);
					return E6E3E2840(_t107, _t158, _a4208 ^ _t228, _t201, _t211, _t215);
				}
				_a60 = 7;
				_a56 = 0;
				_a40 = 0;
				_t109 =  &_a2160;
				_a4220 = 0;
				_t201 = _t109 + 2;
				do {
					_t166 =  *_t109;
					_t109 = _t109 + 2;
				} while (_t166 != 0);
				E6E3D2690( &_a36, _t225,  &_a2160, _t109 - _t201 >> 1);
				if(E6E3D3300( &_a28, 0, _a48, 0x6e3fbf64, 0) == 0) {
					L12:
					_t243 = _a60 - 8;
					if(_a60 >= 8) {
						E6E3E2756(0, _t210, _t214, _t243, _a40);
						_t228 = _t228 + 4;
					}
					goto L14;
				}
				_t210 = 0;
				_t117 = E6E3D31E0( &_a36, ";", 0, 1);
				_t216 = _t117;
				if(_t117 != 0xffffffff) {
					_t201 =  &_a8;
					_t152 = E6E3D36C0( &_a8, 0, _t216);
					_push(0xffffffff);
					_push(0);
					_push(_t152);
					_a4208 = 1;
					E6E3D2590(_t225);
					_a4196 = 0;
					E6E3D23C0( &_v16);
					E6E3D21D0( &_a12, _t225, 0, _t216 + 1);
					_t210 = 1;
				}
				_t118 = E6E3D31E0( &_a36, ";", 0, 1);
				_t217 = _t118;
				if(_t118 != 0xffffffff) {
					_t148 = E6E3D36C0( &_a8, 0, _t217);
					_push(0xffffffff);
					_push(0);
					_push(_t148);
					_a4208 = 2;
					E6E3D2590(_v24);
					_a4196 = 0;
					E6E3D23C0( &_v16);
					E6E3D21D0( &_a12, _t225, 0, _t217 + 1);
					_t210 =  &(_t210[0]);
				}
				_t119 = E6E3D31E0( &_a36, ";", 0, 1);
				_t218 = _t119;
				if(_t119 != 0xffffffff) {
					_t143 = E6E3D36C0( &_a8, 0, _t218);
					_push(0xffffffff);
					_push(0);
					_push(_t143);
					_a4208 = 3;
					E6E3D2590(_v12);
					_a4196 = 0;
					E6E3D23C0( &_v16);
					E6E3D21D0( &_a12, _t225, 0, _t218 + 1);
					_t210 =  &(_t210[0]);
				}
				_t214 = E6E3D31E0( &_a36, ";", 0, 1);
				if(_t214 != 0xffffffff) {
					__eflags = _t210 - 3;
					if(_t210 != 3) {
						_t122 = E6E3D36C0( &_a8, 0, _t214);
						_push(0xffffffff);
						_push(0);
						_push(_t122);
						_a4208 = 4;
						E6E3D2590(_v20);
						_a4196 = 0;
						E6E3D23C0( &_v16);
						__eflags = _t214 + 1;
						E6E3D21D0( &_a12, _t225, 0, _t214 + 1);
						_t220 = _v40;
						goto L19;
					}
					goto L17;
				} else {
					if(_t210 == 3) {
						L17:
						_t220 = _v8;
						_push(0xffffffff);
						_push(0);
						_push( &_a36);
						E6E3D2590(_t220);
						L19:
						_a1100 = 0;
						E6E3E2850(_t210,  &_a1101, 0, 0x417);
						_a52 = 0;
						E6E3E2850(_t210,  &_a53, 0, 0x417);
						_t228 = _t228 + 0x18;
						_v24 = 0x418;
						__eflags = _v16;
						if(_v16 <= 0) {
							L29:
							_t128 =  &_a2148;
							_t201 = _t128 + 2;
							do {
								_t179 =  *_t128;
								_t128 = _t128 + 2;
								__eflags = _t179;
							} while (_t179 != 0);
							E6E3D2690(_t220, _t225,  &_a2148, _t128 - _t201 >> 1);
							__eflags = _a40 - 8;
							if(__eflags >= 0) {
								_t201 = _a28;
								E6E3E2756(0, 8, _t220, __eflags, _a28);
								_t228 = _t228 + 4;
							}
							_t107 = 1;
							goto L15;
						}
						__eflags =  *((intOrPtr*)(_t220 + 0x18)) - 8;
						if( *((intOrPtr*)(_t220 + 0x18)) < 8) {
							_t133 = _t220 + 4;
						} else {
							_t133 =  *(_t220 + 4);
						}
						WideCharToMultiByte(0, 0, _t133, 0xffffffff,  &_a1100, 0x400, 0, 0);
						_t135 =  &_a1100;
						_t204 = _t135 + 1;
						do {
							_t183 =  *_t135;
							_t135 = _t135 + 1;
							__eflags = _t183;
						} while (_t183 != 0);
						_push( &_v24);
						_push( &_a52);
						_push(_t135 - _t204);
						_push( &_a1100);
						E6E3D1940();
						_t139 = E6E3D1FB0( &_a52, _v24);
						_t228 = _t228 + 0x18;
						__eflags = _t139;
						if(_t139 < 0) {
							_a52 = 0;
						} else {
							 *((char*)(_t228 + _t139 + 0x60)) = 0;
						}
						MultiByteToWideChar(0, 0,  &_a52, 0xffffffff,  &_a2148, 0x418);
						goto L29;
					}
					goto L12;
				}
			}

0x6e3d3de0
0x6e3d3de2
0x6e3d3ded
0x6e3d3df3
0x6e3d3df8
0x6e3d3dff
0x6e3d3e0a
0x6e3d3e11
0x6e3d3e19
0x6e3d3e34
0x6e3d3e3b
0x6e3d3e42
0x6e3d3e4e
0x6e3d3e54
0x6e3d3e63
0x6e3d3e67
0x6e3d3e6f
0x6e3d3e77
0x6e3d3e7c
0x6e3d3e7f
0x6e3d3e94
0x6e3d3e9c
0x6e3d3ea4
0x6e3d4051
0x6e3d4051
0x6e3d4053
0x6e3d405a
0x6e3d4062
0x6e3d4063
0x6e3d4065
0x6e3d407a
0x6e3d407a
0x6e3d3eac
0x6e3d3eb4
0x6e3d3eb8
0x6e3d3ebd
0x6e3d3ec4
0x6e3d3ecb
0x6e3d3ed0
0x6e3d3ed0
0x6e3d3ed3
0x6e3d3ed6
0x6e3d3eec
0x6e3d3f08
0x6e3d403d
0x6e3d403d
0x6e3d4042
0x6e3d4049
0x6e3d404e
0x6e3d404e
0x00000000
0x6e3d4042
0x6e3d3f1a
0x6e3d3f1c
0x6e3d3f21
0x6e3d3f26
0x6e3d3f2a
0x6e3d3f33
0x6e3d3f38
0x6e3d3f3a
0x6e3d3f3b
0x6e3d3f3e
0x6e3d3f46
0x6e3d3f4f
0x6e3d3f56
0x6e3d3f62
0x6e3d3f67
0x6e3d3f67
0x6e3d3f78
0x6e3d3f7d
0x6e3d3f82
0x6e3d3f8f
0x6e3d3f98
0x6e3d3f9a
0x6e3d3f9b
0x6e3d3f9c
0x6e3d3fa4
0x6e3d3fad
0x6e3d3fb4
0x6e3d3fc0
0x6e3d3fc5
0x6e3d3fc5
0x6e3d3fd2
0x6e3d3fd7
0x6e3d3fdc
0x6e3d3fe9
0x6e3d3ff2
0x6e3d3ff4
0x6e3d3ff5
0x6e3d3ff6
0x6e3d3ffe
0x6e3d4007
0x6e3d400e
0x6e3d401a
0x6e3d401f
0x6e3d401f
0x6e3d4031
0x6e3d4036
0x6e3d407b
0x6e3d407e
0x6e3d40a0
0x6e3d40a9
0x6e3d40ab
0x6e3d40ac
0x6e3d40ad
0x6e3d40b5
0x6e3d40be
0x6e3d40c5
0x6e3d40ca
0x6e3d40d1
0x6e3d40d6
0x00000000
0x6e3d40d6
0x00000000
0x6e3d4038
0x6e3d403b
0x6e3d4080
0x6e3d4080
0x6e3d4084
0x6e3d4086
0x6e3d408b
0x6e3d408e
0x6e3d40da
0x6e3d40e8
0x6e3d40ef
0x6e3d40ff
0x6e3d4103
0x6e3d4108
0x6e3d410b
0x6e3d4118
0x6e3d411c
0x6e3d41b0
0x6e3d41b0
0x6e3d41b7
0x6e3d41c0
0x6e3d41c0
0x6e3d41c3
0x6e3d41c6
0x6e3d41c6
0x6e3d41da
0x6e3d41df
0x6e3d41e3
0x6e3d41e5
0x6e3d41ea
0x6e3d41ef
0x6e3d41ef
0x6e3d41f2
0x00000000
0x6e3d41f2
0x6e3d4122
0x6e3d4125
0x6e3d412c
0x6e3d4127
0x6e3d4127
0x6e3d4127
0x6e3d4143
0x6e3d4149
0x6e3d4150
0x6e3d4153
0x6e3d4153
0x6e3d4155
0x6e3d4156
0x6e3d4156
0x6e3d4160
0x6e3d4165
0x6e3d4166
0x6e3d416e
0x6e3d416f
0x6e3d417e
0x6e3d4183
0x6e3d4186
0x6e3d4188
0x6e3d4190
0x6e3d418a
0x6e3d418a
0x6e3d418a
0x6e3d41aa
0x00000000
0x6e3d41aa
0x00000000
0x6e3d403b

APIs

_memset.LIBCMT ref: 6E3D3E77
RegQueryValueExW.KERNEL32 ref: 6E3D3E9C

Part of subcall function 6E3D21D0: _memmove_s.LIBCMT ref: 6E3D223E

_memset.LIBCMT ref: 6E3D40EF
_memset.LIBCMT ref: 6E3D4103
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000400,00000000,00000000), ref: 6E3D4143
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000418), ref: 6E3D41AA

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: _memset$ByteCharMultiWide$QueryValue_memmove_s
String ID:
API String ID: 271135359-0
Opcode ID: 1d15e23a2f6daa2d6bdb27bbd3bafa5743297f77aba579ada069a10883ce1224
Instruction ID: cc9d1000d0e5240a1a1d7767a58425b4c62d0d13a9e0b2b33f2ff63437061fc7
Opcode Fuzzy Hash: 1d15e23a2f6daa2d6bdb27bbd3bafa5743297f77aba579ada069a10883ce1224
Instruction Fuzzy Hash: 4AB15EB2408381AED320DBA5C994EEBB7ECEF95354F044E1DF1D947190EB709949CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E50FD40 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 174registryCOMMON

Download Yara Rule

APIs

Part of subcall function 6E50FC30: GetModuleHandleW.KERNEL32(Advapi32.dll,?,6E568638,?,00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FC54
Part of subcall function 6E50FC30: RegCloseKey.ADVAPI32(00000000,?,6E50FDBD,80000002,00000201,E97A779A), ref: 6E50FCB7

RegQueryValueExW.ADVAPI32(00000000,6E550938,00000000,?,?,00000064), ref: 6E50FDF6

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

Part of subcall function 6E50DE90: WideCharToMultiByte.KERNEL32(00000003,00000000,6E50FB31,000000FF,00000000,00000000,00000000,00000000,00000010,?,?,?,6E50FB31,?), ref: 6E50DEAE
Part of subcall function 6E50DE90: WideCharToMultiByte.KERNEL32(00000003,00000000,6E50FB31,000000FF,?,-00000001,00000000,00000000,?,6E50FB31,?), ref: 6E50DEE5

StrCmpNIW.SHLWAPI(?,?,?,?,?,?,?,?), ref: 6E50FED2
RegCloseKey.ADVAPI32(00000000,80000002,00000201,E97A779A), ref: 6E50FF28

Strings

cPn, xrefs: 6E50FF3E
d, xrefs: 6E50FDDB

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ByteCharCloseMultiWide$HandleHeapModuleProcessQueryValue
String ID: cPn$d
API String ID: 3192891033-4279660197
Opcode ID: 3eb433a6ee522e4466010b912537d3df01565b67c53d40c3eedb043d33348588
Instruction ID: 75f82b823fa8592fd0c68586c9e34d0e5ae1c29da7f45c1d13d74922e48ded48
Opcode Fuzzy Hash: 3eb433a6ee522e4466010b912537d3df01565b67c53d40c3eedb043d33348588
Instruction Fuzzy Hash: 5C519C319046099BEB60CFE8C844BAEB7F8EF05314F20466EE925E7281DB759944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E1B10 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 172
libraryCOMMON

Download Yara Rule

C-Code - Quality: 18%

			E6E3E1B10(void* __ebx, void* __edi, void* __ebp, void* __eflags) {
				intOrPtr _v4;
				char _v8;
				char _v12;
				signed int _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				void* _t35;
				void* _t40;
				signed int** _t42;
				intOrPtr* _t44;
				void* _t53;
				intOrPtr* _t56;
				void* _t61;
				signed int** _t64;
				intOrPtr* _t66;
				signed int** _t69;
				intOrPtr* _t71;
				intOrPtr _t84;
				signed int _t110;
				signed int _t112;
				signed int _t116;
				signed int _t120;
				signed int _t122;
				signed int _t125;
				void* _t133;
				void* _t135;
				void* _t138;

				_t135 = __ebp;
				_t131 = __edi;
				_t82 = __ebx;
				_t136 =  &_v24;
				LoadLibraryW(L"wininet.dll");
				_t35 = E6E3D6F70(0x6e4064d8);
				_t140 = _t35;
				if(_t35 == 0) {
					E6E3E0030(__ebx, __edi, _t140,  &_v20);
					_push(L"360NetUL");
					_push(_v20);
					_t116 =  &_v8;
					_push(_t116);
					_t53 = E6E3E00C0(_t140);
					_t138 =  &_v24 + 0x10;
					_push(_t53);
					E6E3DDB40( &_v20);
					_t56 = _v12 + 0xfffffff0;
					asm("lock xadd [ecx], edx");
					_t141 = (_t116 | 0xffffffff) - 1;
					if((_t116 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t56)) + 4))))(_t56);
					}
					_push(1);
					E6E3DFE90(_t131, _t135, _t141, _t138);
					_push( *((intOrPtr*)(E6E3DFA90( &_v8,  &_v28, L".netul.log"))));
					_push(_v24);
					_t120 =  &_v12;
					_push(_t120);
					_t61 = E6E3E00C0(_t141);
					_t136 = _t138 + 0x20;
					_push(_t61);
					E6E3DDB40( &_v28);
					_t64 = _v16 + 0xfffffff0;
					asm("lock xadd [ecx], edx");
					_t122 = (_t120 | 0xffffffff) - 1;
					if(_t122 <= 0) {
						_t122 =  *( *_t64);
						 *((intOrPtr*)( *((intOrPtr*)(_t122 + 4))))(_t64);
					}
					_t66 = _v12 + 0xfffffff0;
					asm("lock xadd [ecx], edx");
					if((_t122 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t66)) + 4))))(_t66);
					}
					E6E3D6FA0(0x6e4064d8,  *_t136, 0x400000, 1, 0, 1, 0);
					_t69 =  *_t136 + 0xfffffff0;
					 *0x6e4064e0 = 1;
					_t19 =  &(_t69[3]); // -228
					_t125 = _t19;
					asm("lock xadd [edx], ecx");
					if(0xfffffffffffffffe <= 0) {
						_t125 =  *( *_t69);
						 *((intOrPtr*)( *((intOrPtr*)(_t125 + 4))))(_t69);
					}
					_t71 = _v28 + 0xfffffff0;
					asm("lock xadd [ecx], edx");
					_t145 = (_t125 | 0xffffffff) - 1;
					if((_t125 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t71)) + 4))))(_t71);
					}
				}
				_t84 =  *0x6e4064d0; // 0x6e3d0000
				E6E3DFE10(_t82, _t145,  &_v12, _t84);
				_push(_v12);
				E6E3E0150(_t82, _t145);
				_t110 = _v16;
				E6E3D7AD0(_t82, _t131, _t135, 0x6e4064d8, L"HttpInit %s", _t110);
				_t40 = E6E3E2FDC(_t82, _t110, _t131, _t145, 0x4130,  &_v16); // executed
				_t146 = _t40;
				if(_t40 == 0) {
					_t133 = 0;
					__eflags = 0;
				} else {
					_t133 = E6E3E02B0(_t40, _t146);
				}
				_t42 = _v8 + 0xfffffff0;
				asm("lock xadd [ecx], edx");
				_t112 = (_t110 | 0xffffffff) - 1;
				if(_t112 <= 0) {
					_t112 =  *( *_t42);
					 *((intOrPtr*)( *((intOrPtr*)(_t112 + 4))))(_t42);
				}
				_t44 = _v4 + 0xfffffff0;
				asm("lock xadd [ecx], edx");
				if((_t112 | 0xffffffff) - 1 <= 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t44)) + 4))))(_t44);
				}
				return _t133;
			}

0x6e3e1b10
0x6e3e1b10
0x6e3e1b10
0x6e3e1b10
0x6e3e1b18
0x6e3e1b23
0x6e3e1b28
0x6e3e1b2a
0x6e3e1b35
0x6e3e1b3e
0x6e3e1b43
0x6e3e1b44
0x6e3e1b48
0x6e3e1b49
0x6e3e1b4e
0x6e3e1b51
0x6e3e1b56
0x6e3e1b5f
0x6e3e1b68
0x6e3e1b6d
0x6e3e1b6f
0x6e3e1b79
0x6e3e1b79
0x6e3e1b7e
0x6e3e1b81
0x6e3e1ba0
0x6e3e1ba1
0x6e3e1ba2
0x6e3e1ba6
0x6e3e1ba7
0x6e3e1bac
0x6e3e1baf
0x6e3e1bb4
0x6e3e1bbd
0x6e3e1bc6
0x6e3e1bca
0x6e3e1bcd
0x6e3e1bd1
0x6e3e1bd7
0x6e3e1bd7
0x6e3e1bdd
0x6e3e1be6
0x6e3e1bed
0x6e3e1bf7
0x6e3e1bf7
0x6e3e1c0f
0x6e3e1c17
0x6e3e1c1a
0x6e3e1c24
0x6e3e1c24
0x6e3e1c2a
0x6e3e1c31
0x6e3e1c35
0x6e3e1c3b
0x6e3e1c3b
0x6e3e1c41
0x6e3e1c4a
0x6e3e1c4f
0x6e3e1c51
0x6e3e1c5b
0x6e3e1c5b
0x6e3e1c51
0x6e3e1c5d
0x6e3e1c6a
0x6e3e1c73
0x6e3e1c79
0x6e3e1c7e
0x6e3e1c8d
0x6e3e1c97
0x6e3e1c9f
0x6e3e1ca1
0x6e3e1cae
0x6e3e1cae
0x6e3e1ca3
0x6e3e1caa
0x6e3e1caa
0x6e3e1cb4
0x6e3e1cbd
0x6e3e1cc1
0x6e3e1cc4
0x6e3e1cc8
0x6e3e1cce
0x6e3e1cce
0x6e3e1cd4
0x6e3e1cdd
0x6e3e1ce4
0x6e3e1cee
0x6e3e1cee
0x6e3e1cf6

APIs

LoadLibraryW.KERNEL32(wininet.dll), ref: 6E3E1B18

Part of subcall function 6E3D6F70: EnterCriticalSection.KERNEL32(6E4064F0,?,?,6E3E1B28), ref: 6E3D6F78
Part of subcall function 6E3D6F70: LeaveCriticalSection.KERNEL32(6E4064F0,?,?,6E3E1B28), ref: 6E3D6F88

Part of subcall function 6E3E0030: _memset.LIBCMT ref: 6E3E0066
Part of subcall function 6E3E0030: SHGetFolderPathW.SHELL32(00000000,0000801A,00000000,00000000,?), ref: 6E3E007E

Part of subcall function 6E3E00C0: _memset.LIBCMT ref: 6E3E010A
Part of subcall function 6E3E00C0: PathCombineW.SHLWAPI(?,?,?,?,360NetUL,?), ref: 6E3E0119

Strings

HttpInit %s, xrefs: 6E3E1C83
.netul.log, xrefs: 6E3E1B86
360NetUL, xrefs: 6E3E1B3E
wininet.dll, xrefs: 6E3E1B13

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalPathSection_memset$CombineEnterFolderLeaveLibraryLoad
String ID: .netul.log$360NetUL$HttpInit %s$wininet.dll
API String ID: 3621140857-1362732896
Opcode ID: 57d14347ed6e6757aa269e80617722b45635d5f6893df0a92070df2f308d4c4d
Instruction ID: 111346d2c0ee6ec0576a2475476e5a6affa957f90ef84709b3df568227234dfb
Opcode Fuzzy Hash: 57d14347ed6e6757aa269e80617722b45635d5f6893df0a92070df2f308d4c4d
Instruction Fuzzy Hash: 57515C71210A019FD344DBACCC91E56B3A9BFC9334F148B59F1668B2E4DB31E80ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E513310 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 125stringCOMMON

Download Yara Rule

APIs

SHGetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,00000001,?,00000400,?,?,00000000), ref: 6E513387
lstrcmpiA.KERNEL32(?,?), ref: 6E513460

Strings

Software\360Safe\Liveup, xrefs: 6E51337D
mid, xrefs: 6E513378
, xrefs: 6E51332F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Valuelstrcmpi
String ID: $Software\360Safe\Liveup$mid
API String ID: 1914577711-2036445099
Opcode ID: 1e34a49101b3094bb748e0ac7aee4e0e48178a2009f81628962a9329235f5ebb
Instruction ID: 024bfeead6fd25420fb7c836d8aea5ea9b92c60780d0cfb1ec8167aa2b30bba4
Opcode Fuzzy Hash: 1e34a49101b3094bb748e0ac7aee4e0e48178a2009f81628962a9329235f5ebb
Instruction Fuzzy Hash: 4941B175A081199EEF11CEA4CD58BFEB7FCAB46308F0141EADB05E7141EB719A4A8F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E0150 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E6E3E0150(void* __ebx, void* __eflags, void _a4, char _a6, signed int _a16388, char _a16392, int _a16400, intOrPtr _a16408, short* _a16412) {
				int _v0;
				int _v4;
				void* _v8;
				char _v12;
				char _v16;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t32;
				int _t37;
				int _t41;
				int _t43;
				void* _t47;
				void* _t52;
				intOrPtr _t68;
				short* _t71;
				void* _t72;
				intOrPtr _t74;
				void* _t75;
				signed int _t76;
				signed int _t77;

				_t52 = __ebx;
				_push(0xffffffff);
				_push(E6E3FA91B);
				_push( *[fs:0x0]);
				E6E3E3480(0x4014);
				_t30 =  *0x6e405204; // 0x2276585c
				_a16388 = _t30 ^ _t76;
				_t32 =  *0x6e405204; // 0x2276585c
				_push(_t32 ^ _t76);
				 *[fs:0x0] =  &_a16392;
				_t74 = _a16408;
				_t71 = _a16412;
				_v8 = 0;
				_a4 = 0;
				E6E3E2850(_t71,  &_a6, 0, 0x3ffe);
				_t77 = _t76 + 0xc;
				_t67 =  &_v4;
				_v4 = 0;
				_t37 = GetFileVersionInfoSizeW(_t71,  &_v4); // executed
				if(_t37 == 0 || _t37 > 0x2000) {
					L5:
					E6E3D7A20(0x6e3fbf64);
				} else {
					_t41 = GetFileVersionInfoW(_t71, 0, _t37,  &_a4); // executed
					if(_t41 == 0) {
						goto L5;
					} else {
						_t67 =  &_v0;
						_t43 = VerQueryValueW( &_a4, "\\",  &_v8,  &_v0);
						_t83 = _t43;
						if(_t43 == 0) {
							goto L5;
						} else {
							_t68 =  *0x6e406514; // 0x6e3fc5e4
							_t14 = _t68 + 0xc; // 0x6e3e24bc
							_v12 =  *((intOrPtr*)( *_t14))() + 0x10;
							_t47 = _v8;
							_push( *(_t47 + 0xc) & 0x0000ffff);
							_push( *(_t47 + 0xe) & 0x0000ffff);
							_t67 =  *(_t47 + 0xa) & 0x0000ffff;
							_push( *(_t47 + 8) & 0x0000ffff);
							_a16400 = 0;
							E6E3D7960( &_v12, L"%d.%d.%d.%d",  *(_t47 + 0xa) & 0x0000ffff);
							_t77 = _t77 + 0x18;
							E6E3DF800(_t74, _t83,  &_v12);
							E6E3D4ED0( &_v16,  *(_t47 + 0xa) & 0x0000ffff);
						}
					}
				}
				 *[fs:0x0] = _a16392;
				_pop(_t72);
				_pop(_t75);
				return E6E3E2840(_t74, _t52, _a16388 ^ _t77, _t67, _t72, _t75);
			}

0x6e3e0150
0x6e3e0150
0x6e3e0152
0x6e3e015d
0x6e3e0163
0x6e3e0168
0x6e3e016f
0x6e3e0178
0x6e3e017f
0x6e3e0187
0x6e3e018d
0x6e3e0194
0x6e3e01a7
0x6e3e01b0
0x6e3e01b5
0x6e3e01ba
0x6e3e01bd
0x6e3e01c3
0x6e3e01cb
0x6e3e01d2
0x6e3e0279
0x6e3e0280
0x6e3e01e3
0x6e3e01ec
0x6e3e01f3
0x00000000
0x6e3e01f9
0x6e3e01f9
0x6e3e020d
0x6e3e0212
0x6e3e0214
0x00000000
0x6e3e0216
0x6e3e0216
0x6e3e021c
0x6e3e0229
0x6e3e022d
0x6e3e0239
0x6e3e023e
0x6e3e023f
0x6e3e0243
0x6e3e024f
0x6e3e025a
0x6e3e025f
0x6e3e0269
0x6e3e0272
0x6e3e0272
0x6e3e0214
0x6e3e01f3
0x6e3e028e
0x6e3e0296
0x6e3e0297
0x6e3e02ac

APIs

_memset.LIBCMT ref: 6E3E01B5
GetFileVersionInfoSizeW.VERSION ref: 6E3E01CB
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 6E3E01EC
VerQueryValueW.VERSION(?,6E3FC388,?,?,?,00000000,00000000,00000000), ref: 6E3E020D

Strings

%d.%d.%d.%d, xrefs: 6E3E0249

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue_memset
String ID: %d.%d.%d.%d
API String ID: 3017621270-3491811756
Opcode ID: 633337102f2a64addc3102c073e733b708d7910909f5277f2657f723d71a16ee
Instruction ID: ab498091fd001c6ac207dd192d5e1627d5ecc8f4ce084ed75d470c9a1dd8a554
Opcode Fuzzy Hash: 633337102f2a64addc3102c073e733b708d7910909f5277f2657f723d71a16ee
Instruction Fuzzy Hash: 8031A0B2108311AFD724CB94D940FABB3ECEF88714F04491EF6959B290EB749904CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DD280 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91
networkCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E6E3DD280(void* __ebx, void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void _v32;
				void _v36;
				long _v40;
				signed char _v41;
				signed char _v42;
				void* _v44;
				intOrPtr _v52;
				void* _v60;
				void* __edi;
				void* __esi;
				signed int _t22;
				void* _t24;
				void* _t40;
				signed char _t41;
				void* _t42;
				intOrPtr _t48;
				void* _t52;
				intOrPtr _t57;

				_t52 = __edx;
				_t38 = __ebx;
				_t58 =  &_v44;
				_t22 =  *0x6e405204; // 0x2276585c
				_v4 = _t22 ^  &_v44;
				_t24 = _a4;
				_t57 = _a8;
				_t55 = _a12;
				if(_a12 <= 0xf || _t57 == 0 || _t24 == 0) {
					return E6E3E2840(0, _t38, _v4 ^ _t58, _t52, _t55, _t57);
				} else {
					_push(__ebx);
					_t53 =  &_v36;
					_v40 = 0x10;
					if(InternetQueryOptionW(_t24, 0x43,  &_v36,  &_v40) == 0) {
						L9:
						_pop(_t40);
						return E6E3E2840(0, _t40, _v20 ^ _t58, _t53, _t55, _t57);
					} else {
						_t48 = _v52;
						if(_t48 == 0xffffffff) {
							goto L9;
						} else {
							_v36 = 0;
							_v32 = 0;
							_v28 = 0;
							_v24 = 0;
							_t53 =  &_v36;
							_v60 = 0x10;
							__imp__#5(_t48,  &_v36,  &_v60); // executed
							_t41 = _v44;
							if(_t41 == 0 || _t41 == 0xffffffff) {
								goto L9;
							} else {
								E6E3E2850(_t55, _t57, 0, _t55);
								_push(_v41 & 0x000000ff);
								_push(_v42 & 0x000000ff);
								_push(_t41 & 0x000000ff);
								E6E3E5186(_t55 - 1, _t57, _t57, _t55 - 1, "%u.%u.%u.%u", _t41 & 0x000000ff);
								_pop(_t42);
								return E6E3E2840(1, _t42, _v32 ^  &_v44 + 0x00000028, _t41 & 0x000000ff, _t55 - 1, _t57);
							}
						}
					}
				}
			}

0x6e3dd280
0x6e3dd280
0x6e3dd280
0x6e3dd283
0x6e3dd28a
0x6e3dd28e
0x6e3dd293
0x6e3dd298
0x6e3dd29f
0x6e3dd2bb
0x6e3dd2bc
0x6e3dd2bc
0x6e3dd2c2
0x6e3dd2cf
0x6e3dd2db
0x6e3dd362
0x6e3dd366
0x6e3dd375
0x6e3dd2e1
0x6e3dd2e1
0x6e3dd2e8
0x00000000
0x6e3dd2ea
0x6e3dd2ec
0x6e3dd2f0
0x6e3dd2f4
0x6e3dd2f8
0x6e3dd301
0x6e3dd307
0x6e3dd30b
0x6e3dd311
0x6e3dd317
0x00000000
0x6e3dd31e
0x6e3dd322
0x6e3dd331
0x6e3dd332
0x6e3dd336
0x6e3dd343
0x6e3dd34b
0x6e3dd361
0x6e3dd361
0x6e3dd317
0x6e3dd2e8
0x6e3dd2db

APIs

InternetQueryOptionW.WININET(?,00000043,?,?), ref: 6E3DD2D3
getpeername.WS2_32(?,?,?), ref: 6E3DD30B
_memset.LIBCMT ref: 6E3DD322
__snprintf.LIBCMT ref: 6E3DD343

Strings

%u.%u.%u.%u, xrefs: 6E3DD33B

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: InternetOptionQuery__snprintf_memsetgetpeername
String ID: %u.%u.%u.%u
API String ID: 192510154-1542503432
Opcode ID: 8b237730613ae681ea29d0992fa31c178a22be72d70be646dd853d7478927153
Instruction ID: 8c3b02c46ded925900b9bbedac543aede3523c0dca93f0a07b85044abc0257c4
Opcode Fuzzy Hash: 8b237730613ae681ea29d0992fa31c178a22be72d70be646dd853d7478927153
Instruction Fuzzy Hash: BE2193B25083116FC384DBA99890EAF77E8EFCC714F840A1EF499D7190D775D9448B92

Uniqueness

Uniqueness Score: -1.00%

Function 6E5131F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,75A9E1E0,75A9E170), ref: 6E51323B
DeviceIoControl.KERNEL32(00000000,00170002,01010101,00000004,?,00000104,?,00000000), ref: 6E513294
CloseHandle.KERNEL32(00000000,?,?,75A9E1E0,75A9E170), ref: 6E5132ED

Strings

\\.\%s, xrefs: 6E51320C
%02X%02X%02X%02X%02X%02X, xrefs: 6E5132D6

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID: %02X%02X%02X%02X%02X%02X$\\.\%s
API String ID: 33631002-1525991222
Opcode ID: a22f78b3a19a5d51a1e3c9626fdb89b3a03f3a404e45aed1adff0ce4aee4f548
Instruction ID: 2a70f6f8fb108427a84e0208d1c3b091f143eea9f1583b72e5ae5ea7ef308846
Opcode Fuzzy Hash: a22f78b3a19a5d51a1e3c9626fdb89b3a03f3a404e45aed1adff0ce4aee4f548
Instruction Fuzzy Hash: D031FB75A4412CAADB60DBA58C55FEA77FCAB09314F0000D6FA9CE7181D7749FC08B60

Uniqueness

Uniqueness Score: -1.00%

Function 6E4FCCB0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162memoryCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,E97A779A), ref: 6E4FCD2D
ResetEvent.KERNEL32(?,E97A779A), ref: 6E4FCD37
GetProcessHeap.KERNEL32 ref: 6E4FCD55

Part of subcall function 6E4E6850: EnterCriticalSection.KERNEL32(6E565004,E97A779A,?,00000000,6E53CB5F,000000FF,?,6E50549D,00000000), ref: 6E4E6881
Part of subcall function 6E4E6850: LeaveCriticalSection.KERNEL32(6E565004,?,00000000,6E53CB5F,000000FF,?,6E50549D,00000000), ref: 6E4E68CA

Part of subcall function 6E4EEF30: GetCommandLineW.KERNEL32(E97A779A), ref: 6E4EEF60
Part of subcall function 6E4EEF30: GetModuleFileNameW.KERNEL32(?,00000104), ref: 6E4EEFC2

Strings

(}Vn, xrefs: 6E4FCDF9

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalEventSection$CommandCreateEnterFileHeapLeaveLineModuleNameProcessReset
String ID: (}Vn
API String ID: 4118920955-1577063747
Opcode ID: daa35f4b47a96fd74256e1806b4c5dcf1ca01ba2720a27f835e8128f244ed0b8
Instruction ID: f934b7c2ad53e2b4a94e8b770de6de30c087db6b197382c664e63feaa54a1712
Opcode Fuzzy Hash: daa35f4b47a96fd74256e1806b4c5dcf1ca01ba2720a27f835e8128f244ed0b8
Instruction Fuzzy Hash: 3451A471A00604DFDB50CFA8C844BAABBF9FF45724F118A69E9189F3D0DB759901CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E511140 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,75A9E170,00000000), ref: 6E511192
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,75A9E170), ref: 6E511257

Part of subcall function 6E501DC0: GetLastError.KERNEL32(80070057,?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,6E5054BD), ref: 6E501DC0

Strings

\\.\%s, xrefs: 6E511160
%02X%02X%02X%02X%02X%02X, xrefs: 6E51123C

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLast
String ID: %02X%02X%02X%02X%02X%02X$\\.\%s
API String ID: 2528220319-1525991222
Opcode ID: c1c4d4b9fdc88c6e5a524b52c58d6edae0dfbcf7386b4c830c99b0ef41c4103e
Instruction ID: 13c832a7a4e801d5d9ba013eb66532fd5da717a3f79a2b1d4a0611422a418862
Opcode Fuzzy Hash: c1c4d4b9fdc88c6e5a524b52c58d6edae0dfbcf7386b4c830c99b0ef41c4103e
Instruction Fuzzy Hash: 1F41407198824A6AFBA185E55D90FFEBBEC9F66200F100CD1F974D6181E634CE48C761

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E2FDC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 83%

			E6E3E2FDC(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v16;
				char _v20;
				long _v24;
				signed int _v32;
				void* _v36;
				long _v40;
				void _v60;
				void* _t20;
				signed int _t21;
				signed int _t26;
				DWORD* _t27;
				void* _t30;
				signed int _t34;
				void* _t38;
				void* _t39;

				_t39 = __edi;
				_t38 = __edx;
				_t30 = __ebx;
				while(1) {
					_t20 = E6E3E2996(_t30, _t38, _t39, _a4); // executed
					if(_t20 != 0) {
						break;
					}
					_t21 = E6E3E79C0(_a4);
					__eflags = _t21;
					if(_t21 == 0) {
						__eflags =  *0x6e406574 & 0x00000001;
						if(( *0x6e406574 & 0x00000001) == 0) {
							 *0x6e406574 =  *0x6e406574 | 0x00000001;
							__eflags =  *0x6e406574;
							E6E3E2FC1(0x6e406568);
							E6E3E368D( *0x6e406574, E6E3FAC79);
						}
						E6E3D2180( &_v16, 0x6e406568);
						_push(0x6e401c50);
						_push( &_v16);
						L7();
						asm("int3");
						_push(0x6e406568);
						_push(_t39);
						_t34 = 8;
						_v36 = memcpy( &_v60, 0x6e3fc644, _t34 << 2);
						_t26 = _v16;
						_v32 = _t26;
						__eflags = _t26;
						if(_t26 != 0) {
							__eflags =  *_t26 & 0x00000008;
							if(( *_t26 & 0x00000008) != 0) {
								_v20 = 0x1994000;
							}
						}
						_t27 =  &_v20;
						RaiseException(_v40, _v36, _v24, _t27);
						return _t27;
					} else {
						continue;
					}
					L11:
				}
				return _t20;
				goto L11;
			}

0x6e3e2fdc
0x6e3e2fdc
0x6e3e2fdc
0x6e3e2ff3
0x6e3e2ff6
0x6e3e2ffe
0x00000000
0x00000000
0x6e3e2fe9
0x6e3e2fef
0x6e3e2ff1
0x6e3e3002
0x6e3e300e
0x6e3e3010
0x6e3e3010
0x6e3e3019
0x6e3e3023
0x6e3e3028
0x6e3e302d
0x6e3e3032
0x6e3e303a
0x6e3e303b
0x6e3e3040
0x6e3e304c
0x6e3e304d
0x6e3e3050
0x6e3e305b
0x6e3e305e
0x6e3e3062
0x6e3e3066
0x6e3e3068
0x6e3e306a
0x6e3e306d
0x6e3e306f
0x6e3e306f
0x6e3e306d
0x6e3e3076
0x6e3e3083
0x6e3e308a
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3e2ff1
0x6e3e3001
0x00000000

APIs

_malloc.LIBCMT ref: 6E3E2FF6

Part of subcall function 6E3E2996: __FF_MSGBANNER.LIBCMT ref: 6E3E29B9
Part of subcall function 6E3E2996: __NMSG_WRITE.LIBCMT ref: 6E3E29C0
Part of subcall function 6E3E2996: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,6E3E944B,00000001,00000001,00000001,?,6E3E594D,00000018,6E403280,0000000C,6E3E59DE), ref: 6E3E2A0D

std::bad_alloc::bad_alloc.LIBCMT ref: 6E3E3019

Part of subcall function 6E3E2FC1: std::exception::exception.LIBCMT ref: 6E3E2FCD

__CxxThrowException@8.LIBCMT ref: 6E3E303B

Strings

he@n, xrefs: 6E3E3009

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::exception::exception
String ID: he@n
API String ID: 3715980512-3417901665
Opcode ID: 0a2802db6c8468c938cf6ddd4730a15daaca369b7e5a386be7e715d3056df337
Instruction ID: 5f046f8e77f2fe446b5552adf08dbecf830b67366efa5fef66fd2969e3e96f64
Opcode Fuzzy Hash: 0a2802db6c8468c938cf6ddd4730a15daaca369b7e5a386be7e715d3056df337
Instruction Fuzzy Hash: 15F0A73140412B66DF0867F1FE09DDD3BAC9F0236CF0049ABEC9296D94DF22DA958664

Uniqueness

Uniqueness Score: -1.00%

Function 6E50CD30 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

Part of subcall function 6E50CC30: GetCurrentThreadId.KERNEL32 ref: 6E50CC7C
Part of subcall function 6E50CC30: GetCurrentProcessId.KERNEL32(00000000), ref: 6E50CC83
Part of subcall function 6E50CC30: wsprintfW.USER32 ref: 6E50CCCA

EnterCriticalSection.KERNEL32(?), ref: 6E50CF38
LeaveCriticalSection.KERNEL32(?), ref: 6E50CF42

Strings

---------------------log start----------------------------, xrefs: 6E50CE72
---------------------reload log switch--------------------, xrefs: 6E50CEA7

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalCurrentSection$EnterLeaveProcessThreadwsprintf
String ID: ---------------------log start----------------------------$---------------------reload log switch--------------------
API String ID: 1659565871-2396638461
Opcode ID: 94b3e89a5a00874c4e428a5d206085575502c0640681dd931ef1d1e59b30a099
Instruction ID: 9d7258cd96ea19ef6b8889acca863da361ff1a4d16fe162c816c54e202e901cd
Opcode Fuzzy Hash: 94b3e89a5a00874c4e428a5d206085575502c0640681dd931ef1d1e59b30a099
Instruction Fuzzy Hash: B8719D71900609EFCB11DFE8C894BEEB7F9BF45318F044919E515AB680EB74E944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E4CC4 Relevance: 6.0, APIs: 4, Instructions: 19
threadCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E3E4CC4(long _a4) {
				void* _t6;
				void* _t9;
				void* _t10;

				_t11 =  *0x6e3fc66c;
				if( *0x6e3fc66c != 0 && E6E3ED4B0(_t11, 0x6e3fc66c) != 0) {
					 *0x6e3fc66c();
				}
				if(E6E3E8E71(_t6) != 0) {
					E6E3E9033(_t6, _t9, _t10, _t2);
				}
				ExitThread(_a4);
			}

0x6e3e4cc9
0x6e3e4cd0
0x6e3e4ce1
0x6e3e4ce1
0x6e3e4cee
0x6e3e4cf1
0x6e3e4cf6
0x6e3e4cfa

APIs

__IsNonwritableInCurrentImage.LIBCMT ref: 6E3E4CD7

Part of subcall function 6E3ED4B0: __FindPESection.LIBCMT ref: 6E3ED50B

__getptd_noexit.LIBCMT ref: 6E3E4CE7
__freeptd.LIBCMT ref: 6E3E4CF1
ExitThread.KERNEL32 ref: 6E3E4CFA

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
String ID:
API String ID: 3182216644-0
Opcode ID: ee378a6ee594130c1f7f1704e684cfdd99463094c3e504217c4c13910fe12d1f
Instruction ID: a23cd7115625dd34b198b53ac7d99ae84810494a8c6f00e12fbd15219000cb76
Opcode Fuzzy Hash: ee378a6ee594130c1f7f1704e684cfdd99463094c3e504217c4c13910fe12d1f
Instruction Fuzzy Hash: 76D02B70000F1277EB0017F1D91DB75365C6B41604F640022E8528D850CF31D4C1DE64

Uniqueness

Uniqueness Score: -1.00%

Function 6E50D990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60sleepCOMMON

Download Yara Rule

APIs

InterlockedCompareExchange.KERNEL32(6E56852C,00000001,6E568480), ref: 6E50D9BC
Sleep.KERNEL32(00000001,00000000), ref: 6E50DA12

Part of subcall function 6E50DA70: InitializeCriticalSection.KERNEL32(6E5684A8,00000000,6E568480,?,6E50DA39), ref: 6E50DAA9

Part of subcall function 6E514C02: __onexit.LIBCMT ref: 6E514C08

Strings

2, xrefs: 6E50D99D

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CompareCriticalExchangeInitializeInterlockedSectionSleep__onexit
String ID: 2
API String ID: 3328004769-450215437
Opcode ID: 4d3d46da518919777772d0474749653eddabbce46f70798b8230aec17d04f599
Instruction ID: 60e3d4728339c7d2678ce72f7dac0156b22300f9f9cf7c1625892c50dfae0bd6
Opcode Fuzzy Hash: 4d3d46da518919777772d0474749653eddabbce46f70798b8230aec17d04f599
Instruction Fuzzy Hash: 9811BFB0658600EBDB909FE88855BB537E9AB6731CF098419F9099B221CF31D880CF47

Uniqueness

Uniqueness Score: -1.00%

Function 6E5160A0 Relevance: 4.7, APIs: 3, Instructions: 173filenetworkCOMMON

Download Yara Rule

APIs

URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 6E5160F6
URLDownloadToCacheFileW.URLMON(00000000,?,?,00000104,00000000,00000000), ref: 6E51612A
DeleteFileW.KERNEL32(?,?,?,?), ref: 6E51613A

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: File$Download$CacheDelete
String ID:
API String ID: 2128480651-0
Opcode ID: af78228162fe9c973b419fae844ebf16a915b551ba230ae7af0d2d86708896aa
Instruction ID: 4fff1f19463ae3dfb970fde704fc8c577b623717b142874fb2c56234cf9e7d2e
Opcode Fuzzy Hash: af78228162fe9c973b419fae844ebf16a915b551ba230ae7af0d2d86708896aa
Instruction Fuzzy Hash: FA519B75A4531AABEB10CFA5C984FAA7BF8EF49704F400459FE159B281D7B0ED40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F5B20 Relevance: 4.6, APIs: 3, Instructions: 132synchronizationCOMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000000), ref: 6E4F5C3D

Part of subcall function 6E4F4D90: GetProcessHeap.KERNEL32(E97A779A,00000000,00000014,000000FF,6E53ECC4,000000FF,?,6E4F4EF3,E97A779A,?,00000000,00000000,6E53ECF6,000000FF), ref: 6E4F4DD1

CreateEventW.KERNEL32(00000000,00000001,00000000), ref: 6E4F5B9C
WaitForSingleObject.KERNEL32(?,00000000), ref: 6E4F5C46

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Wait$CreateEventHeapMultipleObjectObjectsProcessSingle
String ID:
API String ID: 1948400022-0
Opcode ID: 6581d33ae175247f13bde7c0b22351378a8941d24908b904228ecdbf859c8a89
Instruction ID: dcd5ea6f6fa42c4a7a80275efc4f4d72566a7f2b06b8658802846a1137dc9917
Opcode Fuzzy Hash: 6581d33ae175247f13bde7c0b22351378a8941d24908b904228ecdbf859c8a89
Instruction Fuzzy Hash: 59517171600645EFDB10CFA4C954B9ABBB8FF44B14F10861AE5269B3D0DB74EE02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E15E0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E3E15E0(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				struct _CRITICAL_SECTION* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t21;
				intOrPtr _t24;
				struct _CRITICAL_SECTION* _t33;
				void* _t45;
				intOrPtr _t46;
				void* _t49;
				intOrPtr _t52;
				void* _t55;

				_t43 = __edx;
				_push(0xffffffff);
				_push(E6E3FAA03);
				_push( *[fs:0x0]);
				_push(_t33);
				_push(_t45);
				_t21 =  *0x6e405204; // 0x2276585c
				 *[fs:0x0] =  &_v12;
				_t49 = __ecx;
				_t24 = E6E3E2FDC(_t33, __edx, _t45, __eflags, 0x7638, _t21 ^ _t55 - 0x00000014); // executed
				_v32 = _t24;
				_t52 = 0;
				_v4 = 0;
				if(_t24 == 0) {
					_t46 = 0;
					__eflags = 0;
				} else {
					_t46 = E6E3DAD40();
				}
				_a4 = 0xffffffff;
				_v24 = _t46;
				if(_t46 != _t52) {
					_t33 = _t49 + 0x24;
					_v20 = _t33;
					EnterCriticalSection(_t33);
					_a4 = 1;
					E6E3E1240(_t49, _t43);
					 *((intOrPtr*)(_t49 + 0x44)) =  *((intOrPtr*)(_t49 + 0x44)) + 1;
					E6E3D8210(_t46,  *((intOrPtr*)(_t49 + 0x44)));
					_t52 =  *((intOrPtr*)(_t49 + 0x44));
					_push( &_v28);
					_push( &_v20);
					 *((intOrPtr*)(_t46 + 4)) = _t49 + 0x48;
					E6E3E1360(_t49 + 4);
					_v8 = 0xffffffff;
					LeaveCriticalSection(_t33);
				}
				_push(_t52);
				E6E3D7C70(_t33, _t46, _t52, 0x6e4064d8, "[%u] HttpCreate id=%u", _t46);
				 *[fs:0x0] = _v4;
				return _t46;
			}

0x6e3e15e0
0x6e3e15e0
0x6e3e15e2
0x6e3e15ed
0x6e3e15f1
0x6e3e15f4
0x6e3e15f5
0x6e3e1601
0x6e3e1607
0x6e3e160e
0x6e3e1616
0x6e3e161a
0x6e3e161c
0x6e3e1622
0x6e3e162f
0x6e3e162f
0x6e3e1624
0x6e3e162b
0x6e3e162b
0x6e3e1631
0x6e3e1639
0x6e3e163f
0x6e3e1641
0x6e3e1645
0x6e3e1649
0x6e3e1656
0x6e3e165a
0x6e3e165f
0x6e3e1668
0x6e3e166d
0x6e3e1674
0x6e3e167c
0x6e3e1680
0x6e3e1683
0x6e3e1689
0x6e3e1691
0x6e3e1691
0x6e3e1697
0x6e3e16a3
0x6e3e16b1
0x6e3e16c0

APIs

Part of subcall function 6E3E2FDC: _malloc.LIBCMT ref: 6E3E2FF6

EnterCriticalSection.KERNEL32(?), ref: 6E3E1649
LeaveCriticalSection.KERNEL32(?,?,?), ref: 6E3E1691

Part of subcall function 6E3DAD40: InitializeCriticalSection.KERNEL32(?,2276585C,?,?,?,?,?,?,6E3FA2BE,000000FF), ref: 6E3DAD7B
Part of subcall function 6E3DAD40: GetTickCount.KERNEL32 ref: 6E3DAD9A
Part of subcall function 6E3DAD40: InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,6E3FA2BE,000000FF), ref: 6E3DADA7
Part of subcall function 6E3DAD40: GetTickCount.KERNEL32 ref: 6E3DADBE
Part of subcall function 6E3DAD40: _memset.LIBCMT ref: 6E3DADE5
Part of subcall function 6E3DAD40: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6E3DAE72
Part of subcall function 6E3DAD40: _memset.LIBCMT ref: 6E3DAEB7
Part of subcall function 6E3DAD40: _memset.LIBCMT ref: 6E3DAEC9

Strings

[%u] HttpCreate id=%u, xrefs: 6E3E1699

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$_memset$CountInitializeTick$CreateEnterEventLeave_malloc
String ID: [%u] HttpCreate id=%u
API String ID: 3993189940-2845278546
Opcode ID: 5a07c2bb0ec1a35e3f78296a4cdd8f78cc60eca0e72d16cac5d264467ceb279a
Instruction ID: 31a76d896fd8750be2a4860f81cffa1f2f08f87c31e5be35e2b321f5141ea117
Opcode Fuzzy Hash: 5a07c2bb0ec1a35e3f78296a4cdd8f78cc60eca0e72d16cac5d264467ceb279a
Instruction Fuzzy Hash: C521D7B2504755AFC310DFA9D940A5BF7ECFB85724F000E2EF5A687680DB35A508CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E526B75 Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,Function_00046A21,00000000,?,00000000), ref: 6E526BBE
GetLastError.KERNEL32(?,?,?,6E4FF299,00000000,00000000,6E4FF1D0,00000000,00000000,00000000,00000000,00000000), ref: 6E526BCA
__dosmaperr.LIBCMT ref: 6E526BD1

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: aa0a1fa184686149b18cc85eda48d33df84d30baac47aea82382cbf340569ee0
Instruction ID: 16a9ae4c31257a503113cdc3d334fb05da00da515fa28efdbc3a74128e302462
Opcode Fuzzy Hash: aa0a1fa184686149b18cc85eda48d33df84d30baac47aea82382cbf340569ee0
Instruction Fuzzy Hash: 9A018C3652921AAFDB169FE5DC049EF3BE9EF85364B114438FA1486190EBB2DC11C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E526AD5 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6E52CC75: GetLastError.KERNEL32(?,?,?,6E51A307,6E52E053,?,?,6E514890,?,?,6E4F28FA,00000010,E97A779A,?,?,6E53E3CF), ref: 6E52CC7A
Part of subcall function 6E52CC75: _free.LIBCMT ref: 6E52CCAF
Part of subcall function 6E52CC75: SetLastError.KERNEL32(00000000), ref: 6E52CCE3

ExitThread.KERNEL32 ref: 6E526AE7
CloseHandle.KERNEL32(?,?,?,6E526C07,?,?,6E526A7E,00000000), ref: 6E526B0F
FreeLibraryAndExitThread.KERNEL32(?,?,?,?,6E526C07,?,?,6E526A7E,00000000), ref: 6E526B25

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
String ID:
API String ID: 1198197534-0
Opcode ID: 7f2881f954a22f494847ac5ad666442db6db0992d5ae3a26c62d63b644d532f0
Instruction ID: 0fc6be1334c33e280865190acff9cf4d6da33b1febaf37f6ff6891d30169b619
Opcode Fuzzy Hash: 7f2881f954a22f494847ac5ad666442db6db0992d5ae3a26c62d63b644d532f0
Instruction Fuzzy Hash: 11F0BE30110B01EFCB01AFA4C808B6B3BDCAF01324F118A35E834D31E0DB71D8018650

Uniqueness

Uniqueness Score: -1.00%

Function 6E50DBB0 Relevance: 3.9, APIs: 3, Instructions: 104COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,E97A779A,?,?,?,?,6E542748,000000FF), ref: 6E50DBF1
LeaveCriticalSection.KERNEL32(00000000), ref: 6E50DC4C
LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,E97A779A,?,?,?,?,6E542748,000000FF), ref: 6E50DCAC

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID:
API String ID: 2978645861-0
Opcode ID: 4f55f44d91513c57a3909c80b01133ee226feb8015671f746ca9cd8816ee4023
Instruction ID: 8a2ec82b307e8264a92a2ecc4aa8c893ff3143fa3a622a79c6ccdae83bc551bc
Opcode Fuzzy Hash: 4f55f44d91513c57a3909c80b01133ee226feb8015671f746ca9cd8816ee4023
Instruction Fuzzy Hash: 7631CD76604605EBEB448FA8C950BBAB7E8FF45750F00412EEE16C7680DBB6E901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DCC00 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3DCC00(signed long long __fp0, intOrPtr* _a4) {

				_t7 = _a4;
				if(_a4 != 0) {
					E6E3D7EF0(GetCurrentThreadId(), "HttpTaskThread"); // executed
					E6E3DC370(_t7, __fp0);
				}
				return 0;
			}

0x6e3dcc01
0x6e3dcc07
0x6e3dcc15
0x6e3dcc1f
0x6e3dcc1f
0x6e3dcc27

APIs

GetCurrentThreadId.KERNEL32 ref: 6E3DCC0E

Part of subcall function 6E3D7EF0: KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,00001000), ref: 6E3D7F4A

Strings

HttpTaskThread, xrefs: 6E3DCC09

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CurrentDispatcherExceptionThreadUser
String ID: HttpTaskThread
API String ID: 1349184736-3619666885
Opcode ID: 88fb7bdde44b3b4095f394776ffb08ef08157dea71a698c5076a6c37e711f30e
Instruction ID: ad6cc5a9fa68515733484f4e2dff63a6e2aa8019c334c2f59440f57002b72970
Opcode Fuzzy Hash: 88fb7bdde44b3b4095f394776ffb08ef08157dea71a698c5076a6c37e711f30e
Instruction Fuzzy Hash: 78C08073D2553257894097F06D0488FB65C8F566447050C55E655AF254DF34CD0747E5

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E1210 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11
threadCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E6E3E1210(void* _a4) {

				E6E3D7EF0(GetCurrentThreadId(), "HttpDeleteThread"); // executed
				_t6 = _a4;
				if(_a4 != 0) {
					E6E3E1060(_t6);
				}
				return 0;
			}

0x6e3e121c
0x6e3e1221
0x6e3e122a
0x6e3e122c
0x6e3e122c
0x6e3e1233

APIs

GetCurrentThreadId.KERNEL32 ref: 6E3E1215

Part of subcall function 6E3D7EF0: KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,00001000), ref: 6E3D7F4A

Part of subcall function 6E3E1060: GetTickCount.KERNEL32 ref: 6E3E1093
Part of subcall function 6E3E1060: WaitForSingleObject.KERNEL32(?,000000FA), ref: 6E3E10A2
Part of subcall function 6E3E1060: EnterCriticalSection.KERNEL32(?), ref: 6E3E10C7
Part of subcall function 6E3E1060: SetEvent.KERNEL32(?), ref: 6E3E113A
Part of subcall function 6E3E1060: GetCurrentThreadId.KERNEL32 ref: 6E3E1149
Part of subcall function 6E3E1060: WaitForSingleObject.KERNEL32(00000000,00000000), ref: 6E3E1160

Strings

HttpDeleteThread, xrefs: 6E3E1210

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CurrentObjectSingleThreadWait$CountCriticalDispatcherEnterEventExceptionSectionTickUser
String ID: HttpDeleteThread
API String ID: 2801028784-3453116203
Opcode ID: d89cf0d5dea61099131c172d4559297391e9c4f5afc547649e55cc8ec094d85b
Instruction ID: 5c4a81585aaa1882c659f3761a873bdc6a649f082c6e18e80c4df993101aed29
Opcode Fuzzy Hash: d89cf0d5dea61099131c172d4559297391e9c4f5afc547649e55cc8ec094d85b
Instruction Fuzzy Hash: 5BC08C71101103CA8A0493F08D18A2F620C0F84286F00882BA992CAD45CF38981CC366

Uniqueness

Uniqueness Score: -1.00%

Function 6E515CC0 Relevance: 3.2, APIs: 2, Instructions: 186COMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(00000000), ref: 6E515E7D
CloseHandle.KERNEL32(00000000), ref: 6E515E92

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseHandleIncrementInterlocked
String ID:
API String ID: 4278468074-0
Opcode ID: c76bec0fa094df510eb4d47067bc26df7cb5e7361a121a97109cc2bc197d2ee6
Instruction ID: afc00b2ddb0a3a49c53d2451b897b423ac6aa2169d498cc50ee146666f5c9320
Opcode Fuzzy Hash: c76bec0fa094df510eb4d47067bc26df7cb5e7361a121a97109cc2bc197d2ee6
Instruction Fuzzy Hash: 94715D71905309EFEF04CFA5C994BEEBBF8AF49304F104569E915AB390D775AA04CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D5410 Relevance: 3.1, APIs: 2, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E3D5410(void* __ecx, void* __edi, void* __ebp, char _a4, char _a8) {
				void* __ebx;
				void* __esi;
				signed int _t13;
				signed int _t20;
				char _t23;
				void* _t30;
				intOrPtr _t31;
				void* _t33;
				char* _t34;
				void* _t36;
				intOrPtr _t37;
				void* _t39;

				_t36 = __ebp;
				_t30 = __edi;
				_t24 = __ecx;
				_t23 = _a4;
				_t33 = __ecx;
				_t41 = _t23 - 0xfffffffe;
				if(_t23 > 0xfffffffe) {
					E6E3E2328(_t23, __edi, __ecx, _t41);
				}
				_t13 =  *(_t33 + 0x18);
				if(_t13 >= _t23) {
					__eflags = _a8;
					if(_a8 == 0) {
						L13:
						__eflags = _t23;
						if(_t23 != 0) {
							L17:
							__eflags = 0 - _t23;
							asm("sbb eax, eax");
							return  ~_t13;
						} else {
							 *((intOrPtr*)(_t33 + 0x14)) = _t23;
							__eflags = _t13 - 0x10;
							if(_t13 < 0x10) {
								_t34 = _t33 + 4;
								__eflags = _t34;
								 *_t34 = 0;
								goto L17;
							} else {
								__eflags = 0 - _t23;
								 *((char*)( *((intOrPtr*)(_t33 + 4)))) = _t23;
								asm("sbb eax, eax");
								return  ~_t13;
							}
						}
					} else {
						__eflags = _t23 - 0x10;
						if(_t23 >= 0x10) {
							goto L13;
						} else {
							_push(_t30);
							_t31 =  *((intOrPtr*)(_t33 + 0x14));
							__eflags = _t23 - _t31;
							if(_t23 < _t31) {
								_t31 = _t23;
							}
							__eflags = _t13 - 0x10;
							if(_t13 >= 0x10) {
								_t17 = _t33 + 4;
								_push(_t36);
								_t37 =  *((intOrPtr*)(_t33 + 4));
								__eflags = _t31;
								if(__eflags > 0) {
									E6E3E2DC5(_t23, _t24, _t17, 0x10, _t37, _t31);
									_t39 = _t39 + 0x10;
								}
								_t13 = E6E3E2756(_t23, _t31, _t33, __eflags, _t37);
							}
							 *((intOrPtr*)(_t33 + 0x14)) = _t31;
							 *(_t33 + 0x18) = 0xf;
							 *((char*)(_t33 + _t31 + 4)) = 0;
							__eflags = 0 - _t23;
							asm("sbb eax, eax");
							return  ~_t13;
						}
					}
				} else {
					_t20 = E6E3D52A0(_t33, _t23,  *((intOrPtr*)(_t33 + 0x14))); // executed
					asm("sbb eax, eax");
					return  ~_t20;
				}
			}

0x6e3d5410
0x6e3d5410
0x6e3d5410
0x6e3d5411
0x6e3d5416
0x6e3d5418
0x6e3d541b
0x6e3d541d
0x6e3d541d
0x6e3d5422
0x6e3d5427
0x6e3d5442
0x6e3d5447
0x6e3d549b
0x6e3d549b
0x6e3d549d
0x6e3d54bf
0x6e3d54c1
0x6e3d54c3
0x6e3d54c9
0x6e3d549f
0x6e3d549f
0x6e3d54a2
0x6e3d54a5
0x6e3d54b9
0x6e3d54b9
0x6e3d54bc
0x00000000
0x6e3d54a7
0x6e3d54ac
0x6e3d54ae
0x6e3d54b0
0x6e3d54b6
0x6e3d54b6
0x6e3d54a5
0x6e3d5449
0x6e3d5449
0x6e3d544c
0x00000000
0x6e3d544e
0x6e3d544e
0x6e3d544f
0x6e3d5452
0x6e3d5454
0x6e3d5456
0x6e3d5456
0x6e3d5458
0x6e3d545b
0x6e3d545d
0x6e3d5460
0x6e3d5461
0x6e3d5463
0x6e3d5465
0x6e3d546c
0x6e3d5471
0x6e3d5471
0x6e3d5475
0x6e3d547d
0x6e3d547e
0x6e3d5481
0x6e3d548a
0x6e3d548f
0x6e3d5492
0x6e3d5498
0x6e3d5498
0x6e3d544c
0x6e3d5429
0x6e3d5430
0x6e3d5439
0x6e3d543f
0x6e3d543f

APIs

std::_String_base::_Xlen.LIBCPMT ref: 6E3D541D

Part of subcall function 6E3E2328: __EH_prolog3.LIBCMT ref: 6E3E232F
Part of subcall function 6E3E2328: __CxxThrowException@8.LIBCMT ref: 6E3E235A

_memcpy_s.LIBCMT ref: 6E3D546C

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Exception@8H_prolog3String_base::_ThrowXlen_memcpy_sstd::_
String ID:
API String ID: 2449198026-0
Opcode ID: df25552690a7f45ccd2d1e3c8daa5e521283c15b44e85b55d32793d118e59fa4
Instruction ID: a6ae35d7a0f661a1ebf13227957b99fc6a7514d6cba0d0a4e706a85f7cd6e095
Opcode Fuzzy Hash: df25552690a7f45ccd2d1e3c8daa5e521283c15b44e85b55d32793d118e59fa4
Instruction Fuzzy Hash: 5F21C373518221AAE7659DF894D0A5BB3E8EB60715F604E2FD0C7C3A81DA61A04C83A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E526A21 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(6E563490,00000010), ref: 6E526A34
ExitThread.KERNEL32 ref: 6E526A3B

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 58a201dc348b65db96b093ad763d018e18961123c7fdb1f16523640615fbe02b
Instruction ID: 26586fefe2ef85ccd2de74a36901bc9e6f8621412035df638e72b48c48403133
Opcode Fuzzy Hash: 58a201dc348b65db96b093ad763d018e18961123c7fdb1f16523640615fbe02b
Instruction Fuzzy Hash: A5F0AF71550605EFCF05AFF0C809AAD3BF8EF85709F2148A9E6026B291EB719D01DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D4E40 Relevance: 3.0, APIs: 2, Instructions: 38
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 44%

			E6E3D4E40(void* __ebx, void* __edi, void* __esi, void* __ebp, signed int _a4) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				signed int _t12;
				signed int _t13;
				void* _t15;
				signed int _t23;
				signed int _t26;
				intOrPtr _t28;

				_t29 = __edi;
				_t22 = __ebx;
				_t23 = _a4;
				if(_t23 > 0) {
					_t13 = _t12 | 0xffffffff;
					_t26 = _t13 % _t23;
					__eflags = _t13 / _t23 - 1;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_a4 = 0;
						E6E3E2EB0( &_v12,  &_a4);
						_t25 =  &_v16;
						_v16 = 0x6e3fb6cc;
						E6E3E3041( &_v16, 0x6e401c50);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t28 = _v8;
						__eflags = _t28;
						if(_t28 == 0) {
							E6E3D30B0(__ebx, __edi, __esi, __ebp, 0x80004005);
						}
						return E6E3E3A6E( *_t25, _t28);
					}
				} else {
					_t23 = 0;
					L2:
					_push(_t23); // executed
					_t15 = E6E3E2FDC(_t22, _t26, _t29, 0); // executed
					return _t15;
				}
			}

0x6e3d4e40
0x6e3d4e40
0x6e3d4e40
0x6e3d4e49
0x6e3d4e5a
0x6e3d4e5f
0x6e3d4e61
0x6e3d4e64
0x00000000
0x6e3d4e66
0x6e3d4e6f
0x6e3d4e77
0x6e3d4e81
0x6e3d4e86
0x6e3d4e8e
0x6e3d4e93
0x6e3d4e94
0x6e3d4e95
0x6e3d4e96
0x6e3d4e97
0x6e3d4e98
0x6e3d4e99
0x6e3d4e9a
0x6e3d4e9b
0x6e3d4e9c
0x6e3d4e9d
0x6e3d4e9e
0x6e3d4e9f
0x6e3d4ea0
0x6e3d4ea4
0x6e3d4ea6
0x6e3d4ead
0x6e3d4ead
0x6e3d4ebe
0x6e3d4ebe
0x6e3d4e4b
0x6e3d4e4b
0x6e3d4e4d
0x6e3d4e4d
0x6e3d4e4e
0x6e3d4e59
0x6e3d4e59

APIs

std::exception::exception.LIBCMT ref: 6E3D4E77
__CxxThrowException@8.LIBCMT ref: 6E3D4E8E

Part of subcall function 6E3E2FDC: _malloc.LIBCMT ref: 6E3E2FF6

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 4063778783-0
Opcode ID: 16fb0a23b5a0cdd00e92b53fd7428dcc7aebfcafc84a4ea7cf4f90b12e261240
Instruction ID: b865be5cb3a6f721e86e4a8bdd22989c35aa15f46bba3f10ba25f5e83f922dd8
Opcode Fuzzy Hash: 16fb0a23b5a0cdd00e92b53fd7428dcc7aebfcafc84a4ea7cf4f90b12e261240
Instruction Fuzzy Hash: F4E06DF1428211AAD30CDFE4D655B6F7399ABC0A14F404E2EF89A82284EB71EA1D8553

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E0030 Relevance: 3.0, APIs: 2, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E6E3E0030(intOrPtr __ebx, intOrPtr __edi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				signed int _v28;
				char _v522;
				char _v524;
				void* _v528;
				char _v544;
				void* __esi;
				signed int _t9;
				void* _t12;
				intOrPtr _t17;
				intOrPtr _t24;
				signed int _t25;
				signed int _t26;

				_t23 = __edi;
				_t17 = __ebx;
				_t25 =  &_v528;
				_t9 =  *0x6e405204; // 0x2276585c
				_v4 = _t9 ^ _t25;
				_t24 = _a4;
				_v528 = 0;
				_v524 = 0;
				_t12 = E6E3E2850(__edi,  &_v522, 0, 0x206);
				_t26 = _t25 + 0xc;
				_t22 =  &_v524;
				__imp__SHGetFolderPathW(0, 0x801a, 0, 0,  &_v524); // executed
				if(_t12 >= 0) {
					_push( &_v544);
				} else {
					_push(0x6e3fbf64);
				}
				E6E3D7A20();
				return E6E3E2840(_t24, _t17, _v28 ^ _t26, _t22, _t23, _t24);
			}

0x6e3e0030
0x6e3e0030
0x6e3e0030
0x6e3e0036
0x6e3e003d
0x6e3e0045
0x6e3e0059
0x6e3e0061
0x6e3e0066
0x6e3e006b
0x6e3e006e
0x6e3e007e
0x6e3e0088
0x6e3e0095
0x6e3e008a
0x6e3e008a
0x6e3e008a
0x6e3e0096
0x6e3e00b2

APIs

_memset.LIBCMT ref: 6E3E0066
SHGetFolderPathW.SHELL32(00000000,0000801A,00000000,00000000,?), ref: 6E3E007E

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: FolderPath_memset
String ID:
API String ID: 3318179493-0
Opcode ID: c5632f316eb55fb7dbff511d5b00e2fece9097b1730dfe21ff94521482052c60
Instruction ID: a5c820bed75b57d3365461fe62301b65eb283e2ed96a0712d046e9a1fe01b2d6
Opcode Fuzzy Hash: c5632f316eb55fb7dbff511d5b00e2fece9097b1730dfe21ff94521482052c60
Instruction Fuzzy Hash: D1F0A4B1654311ABD7209BA0D849BEB7398AF98700F40081DB5858B280E7B499048BD2

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E4D01 Relevance: 3.0, APIs: 2, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3E4D01(void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t8;
				void* _t12;
				void* _t20;
				void* _t21;

				_t21 = __eflags;
				E6E3E55C4(_t12, __edi, __esi);
				_t8 = E6E3E8EEA(_t12, __edx, __edi, _t21);
				 *(_t20 - 4) =  *(_t20 - 4) & 0x00000000;
				E6E3E4CC4( *((intOrPtr*)(_t8 + 0x54))( *((intOrPtr*)(_t8 + 0x58)), 0x6e403220, 0xc)); // executed
				 *((intOrPtr*)(_t20 - 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t20 - 0x14))))));
				return E6E3EE25D(_t12,  *(_t20 - 4),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t20 - 0x14)))))),  *((intOrPtr*)(_t20 - 0x14)));
			}

0x6e3e4d01
0x6e3e4d08
0x6e3e4d0d
0x6e3e4d12
0x6e3e4d1d
0x6e3e4d29
0x6e3e4d35

APIs

__getptd.LIBCMT ref: 6E3E4D0D

Part of subcall function 6E3E8EEA: __getptd_noexit.LIBCMT ref: 6E3E8EED
Part of subcall function 6E3E8EEA: __amsg_exit.LIBCMT ref: 6E3E8EFA

Part of subcall function 6E3E4CC4: __IsNonwritableInCurrentImage.LIBCMT ref: 6E3E4CD7
Part of subcall function 6E3E4CC4: __getptd_noexit.LIBCMT ref: 6E3E4CE7
Part of subcall function 6E3E4CC4: __freeptd.LIBCMT ref: 6E3E4CF1
Part of subcall function 6E3E4CC4: ExitThread.KERNEL32 ref: 6E3E4CFA

__XcptFilter.LIBCMT ref: 6E3E4D2E

Part of subcall function 6E3EE25D: __getptd_noexit.LIBCMT ref: 6E3EE265

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __getptd_noexit$CurrentExitFilterImageNonwritableThreadXcpt__amsg_exit__freeptd__getptd
String ID:
API String ID: 393088965-0
Opcode ID: d96fc3c51fdef3db75066c3f0f41ceb837f011aa242c7ba081be81f52dbe969c
Instruction ID: 6f87608ced325a75f9f4ae806ba36bf89e15f9964e3dabcb7b7d0c176e3db7ab
Opcode Fuzzy Hash: d96fc3c51fdef3db75066c3f0f41ceb837f011aa242c7ba081be81f52dbe969c
Instruction Fuzzy Hash: 77E0ECB1900650EFDB08EBE0D905EAE7B79AF45305F20495EE1426B6A0CB359D44DB21

Uniqueness

Uniqueness Score: -1.00%

Function 6E504510 Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(?,?,?,00000001,?,00000104), ref: 6E5045A2

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

Part of subcall function 6E4ED8F0: FindResourceExW.KERNEL32(00000000,00000006,000000AD,00000000,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A), ref: 6E4ED946
Part of subcall function 6E4ED8F0: FindResourceW.KERNEL32(00000000,?,00000006,000000FF), ref: 6E4ED984

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: FindResource$HeapProcessValue
String ID:
API String ID: 2870785007-0
Opcode ID: cf5e6cf78a8c9e5f89af7d1bb58d830351e1dc80a8f6b60526aa3d8cf04ddac1
Instruction ID: 45662a64fda188ad0a47777dde602137339f00b1889f317c9a2c0d5e482c6785
Opcode Fuzzy Hash: cf5e6cf78a8c9e5f89af7d1bb58d830351e1dc80a8f6b60526aa3d8cf04ddac1
Instruction Fuzzy Hash: C231727590021CAFDB64DF94DC88BEEB7F8EB48314F0005AAE909A7641DB316E45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E504440 Relevance: 1.6, APIs: 1, Instructions: 51registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,?,00000000,?,?,00000001,00000001,?,?,80070057,?,?,?,?,00000000,?), ref: 6E504468

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e70fd38fff8d0713d6c1c9f2cdfdf2c2fecfbc235e18017e0dda9d9fad7079be
Instruction ID: 018123dbc4e75a8cf66c94962fb435d3db7cf584df4cbe1a62e1c644312caead
Opcode Fuzzy Hash: e70fd38fff8d0713d6c1c9f2cdfdf2c2fecfbc235e18017e0dda9d9fad7079be
Instruction Fuzzy Hash: 5B012C3221065AABDB50CF98D851BAB73E9EF64330F10842AFE15C7254E771E862C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D7EF0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,00001000), ref: 6E3D7F4A

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 223493d33defdff9739e6742a51431fa4b61ec367bba502545a21fae5ac7ac8b
Instruction ID: 89a11d5ee8fa2be14657befd8f63df0df3bbc7a155fe41b895718ccde99e6c3f
Opcode Fuzzy Hash: 223493d33defdff9739e6742a51431fa4b61ec367bba502545a21fae5ac7ac8b
Instruction Fuzzy Hash: 8B015AB2904209EFCB10CFA9D940BDEBBB8FB49760F10826AF515E7780D73459008BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E52DF76 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E52CCA6,00000001,00000364,?,?,?,6E51A307,6E52E053,?,?,6E514890,?), ref: 6E52DFB7

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1d871fc0b98927ff377d26d4cb22e17f716a707498575f37f11019ea2195b680
Instruction ID: f0caebe98385881024a4f3cb500d1a695be79458c31bc58f4e2470551bdffbd7
Opcode Fuzzy Hash: 1d871fc0b98927ff377d26d4cb22e17f716a707498575f37f11019ea2195b680
Instruction Fuzzy Hash: 43F0E0326486255EEF515FE69814FAB77CC9F817A4B118531EC54D61C4DB30D9008BEC

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E1240 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?), ref: 6E3E127B

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CreateEvent
String ID:
API String ID: 2692171526-0
Opcode ID: e7f308d4b68b2d974376ddfac671393991435fd532f4aad22a4c2af33a8a652d
Instruction ID: d3dea16ced3ea3c465b79de29d549963b64d9d5109bb4d1e52cddc7365cc76a1
Opcode Fuzzy Hash: e7f308d4b68b2d974376ddfac671393991435fd532f4aad22a4c2af33a8a652d
Instruction Fuzzy Hash: 4F0124B1640B21AFE3208FA58C45B46B7B4BB48B00F00891AE2019FA81D7B1F8558F84

Uniqueness

Uniqueness Score: -1.00%

Function 6E5119C0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

DeviceIoControl.KERNEL32(?,00170002,00000004,00000004,00000000,6E5111CD,00010213,00000000), ref: 6E5119E9

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ControlDevice
String ID:
API String ID: 2352790924-0
Opcode ID: 6ab2e3fab20c3707038970912c18b542ec878ef4ca83f092db1f49832b3ac928
Instruction ID: a86694035fdb44be224425a8d1efcdf644185e8f3e47530257681cc7522c35cc
Opcode Fuzzy Hash: 6ab2e3fab20c3707038970912c18b542ec878ef4ca83f092db1f49832b3ac928
Instruction Fuzzy Hash: 43F0A57160522DFFDF10CEAADC01EEA7BACEB09B61F008166BD18D6250D671DA109B91

Uniqueness

Uniqueness Score: -1.00%

Function 6E505500 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

SHSetValueW.SHLWAPI(?,?,80000001,00000001,6E4EFE9A,6E4EFE98,?,?,6E4EFE9A,80000001,?,screensize,?), ref: 6E50552E

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4376fa4e267e50f4c78e725c7e2d507610795df53a1db1b2bd47d5910e05a637
Instruction ID: 9d91cf93731beba4d29dd4c7e6850b2db7907b37f7f55932fce878285e98dd71
Opcode Fuzzy Hash: 4376fa4e267e50f4c78e725c7e2d507610795df53a1db1b2bd47d5910e05a637
Instruction Fuzzy Hash: 6DE04F72110209AFDF005F94DC069F67BB9EF89740B498050FD099B260E331EE118790

Uniqueness

Uniqueness Score: -1.00%

Function 6E5044C0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(00000004,00000004,?,?,00000000,?), ref: 6E5044F0

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 55c64a527058e751dfdfc1e1bc320c3c9b659ff362e503e4c25616c2d4c57f24
Instruction ID: 6f48546862e5d1b3ab37e77de47292f78fcdd8c9807a79d4b6dfc3a6c837a35c
Opcode Fuzzy Hash: 55c64a527058e751dfdfc1e1bc320c3c9b659ff362e503e4c25616c2d4c57f24
Instruction Fuzzy Hash: 3BF0AEB5A0020CFBDF11DF90D944ADEBBBCEB08314F1081A9AD05A2250D771AA289A94

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E57A3 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000,?,6E3E528C,00000001,?,?,?,6E3E5405,?,?,?,6E403240,0000000C,6E3E54C0), ref: 6E3E57B8

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 601016234a6fb859967d61772b12741beaf5e4bb42b44cce89788a9a1f83a732
Instruction ID: 217bca987c743c8828ffff0c174183a48c9b96620fb93e92193546c17ca79b88
Opcode Fuzzy Hash: 601016234a6fb859967d61772b12741beaf5e4bb42b44cce89788a9a1f83a732
Instruction Fuzzy Hash: 65D05E72564748AEEF406FB079097223BECA789795F10443AB90DCA588F675D550C600

Uniqueness

Uniqueness Score: -1.00%

Function 6E3F8F90 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6E3F8F9A

Part of subcall function 6E3E2996: __FF_MSGBANNER.LIBCMT ref: 6E3E29B9
Part of subcall function 6E3E2996: __NMSG_WRITE.LIBCMT ref: 6E3E29C0
Part of subcall function 6E3E2996: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,6E3E944B,00000001,00000001,00000001,?,6E3E594D,00000018,6E403280,0000000C,6E3E59DE), ref: 6E3E2A0D

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: 1e0ba4fa9f87cca7a54b1dc4b366d65433ee1958bc54738a103fd4e5e77f2cf1
Instruction ID: c7541cf3de80e879fdbe9c7c0fd6014793adbb00dbc77930a0652ed7a672754c
Opcode Fuzzy Hash: 1e0ba4fa9f87cca7a54b1dc4b366d65433ee1958bc54738a103fd4e5e77f2cf1
Instruction Fuzzy Hash: 3EB012B78042026BC504C690EA8180BB7DCBBE0210F80AC15F0888B530E234E1148603

Uniqueness

Uniqueness Score: -1.00%

Function 6E5143A0 Relevance: 1.3, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,?,?,?,?,?,?,?,00000000,00000000,?), ref: 6E514447

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 2abc239a93592256e2fa593157d0d3bab35a396fca13022e35672ae55fcc7d38
Instruction ID: 18289422dac17e08c06d46fb5db758219a6d5b0106957de8017d3041ad944ba7
Opcode Fuzzy Hash: 2abc239a93592256e2fa593157d0d3bab35a396fca13022e35672ae55fcc7d38
Instruction Fuzzy Hash: FD213835608118ABEB00DFF4CC41FFA73EDDF55308F000695AA54DB180EBB19E864BA0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E4E20C0 Relevance: 75.3, Strings: 60, Instructions: 284COMMON

Download Yara Rule

Strings

@~Vn, xrefs: 6E4E2348
360netman.exe, xrefs: 6E4E24EF
$~Vn, xrefs: 6E4E22C3
8~Vn, xrefs: 6E4E2322
HipsTray.exe, xrefs: 6E4E2528
Everything.exe, xrefs: 6E4E20E2
WindowsForms10.Window.8.app.0.141b42a_r12_ad1, xrefs: 6E4E2256
windbg.exe, xrefs: 6E4E2327
~Vn, xrefs: 6E4E22B0
,~Vn, xrefs: 6E4E22E9
l~Vn, xrefs: 6E4E2419
4~Vn, xrefs: 6E4E230F
}Vn, xrefs: 6E4E2193
procexp64.exe, xrefs: 6E4E220A
P~Vn, xrefs: 6E4E2394
HRSword.exe, xrefs: 6E4E259A
`~Vn, xrefs: 6E4E23E0
debarb_viewtool, xrefs: 6E4E24A3, 6E4E24DC, 6E4E2515
(~Vn, xrefs: 6E4E22D6
procexp.exe, xrefs: 6E4E21D1
}Vn, xrefs: 6E4E21A6
idaq.exe, xrefs: 6E4E23D2
@, xrefs: 6E4E25B7
ollydbg.exe, xrefs: 6E4E2360
x~Vn, xrefs: 6E4E2452
Fiddler.exe, xrefs: 6E4E2243
h~Vn, xrefs: 6E4E2406
<~Vn, xrefs: 6E4E2335
`{, xrefs: 6E4E20E7
D~Vn, xrefs: 6E4E235B
t~Vn, xrefs: 6E4E243F
PROCEXPL, xrefs: 6E4E21E4, 6E4E2218
|~Vn, xrefs: 6E4E2465
}Vn, xrefs: 6E4E2180
idaq64.exe, xrefs: 6E4E240B
Wireshark.exe, xrefs: 6E4E22EE
L~Vn, xrefs: 6E4E2381
spy++.exe, xrefs: 6E4E215F
}Vn, xrefs: 6E4E21B9
spyxx_amd64.exe, xrefs: 6E4E2198
spy.exe, xrefs: 6E4E2126
smsniff.exe, xrefs: 6E4E227C
taskmgr.exe, xrefs: 6E4E247D
\~Vn, xrefs: 6E4E23CD
0~Vn, xrefs: 6E4E22FC
Q360TaskMgrMainClass, xrefs: 6E4E24C9
debarb_safetool, xrefs: 6E4E254E, 6E4E2587, 6E4E25C0
d~Vn, xrefs: 6E4E23F3
HipsDaemon.exe, xrefs: 6E4E2561
X~Vn, xrefs: 6E4E23BA
H~Vn, xrefs: 6E4E236E
debarb_dev, xrefs: 6E4E2110, 6E4E214C, 6E4E2185, 6E4E21BE, 6E4E21F7, 6E4E2230, 6E4E2269, 6E4E22A2, 6E4E22DB, 6E4E2314, 6E4E234D, 6E4E2386, 6E4E23BF, 6E4E23F8, 6E4E2431, 6E4E246A
idag.exe, xrefs: 6E4E2399
p~Vn, xrefs: 6E4E242C
Q360NetFosClass, xrefs: 6E4E2502
SpyxxProcessPacket, xrefs: 6E4E2172
360taskmgr.exe, xrefs: 6E4E24B6
T~Vn, xrefs: 6E4E23A7
EVERYTHING, xrefs: 6E4E20FD
MiniSniffer.exe, xrefs: 6E4E22B5

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: __onexit
String ID: ~Vn$$~Vn$(~Vn$,~Vn$0~Vn$360netman.exe$360taskmgr.exe$4~Vn$8~Vn$<~Vn$@$@~Vn$D~Vn$EVERYTHING$Everything.exe$Fiddler.exe$HRSword.exe$HipsDaemon.exe$HipsTray.exe$H~Vn$L~Vn$MiniSniffer.exe$PROCEXPL$P~Vn$Q360NetFosClass$Q360TaskMgrMainClass$SpyxxProcessPacket$T~Vn$WindowsForms10.Window.8.app.0.141b42a_r12_ad1$Wireshark.exe$X~Vn$\~Vn$`{$`~Vn$debarb_dev$debarb_safetool$debarb_viewtool$d~Vn$h~Vn$idag.exe$idaq.exe$idaq64.exe$l~Vn$ollydbg.exe$procexp.exe$procexp64.exe$p~Vn$smsniff.exe$spy++.exe$spy.exe$spyxx_amd64.exe$taskmgr.exe$t~Vn$windbg.exe$x~Vn$|~Vn$}Vn$}Vn$}Vn$}Vn
API String ID: 1448380652-1758501876
Opcode ID: 1e5dda0d03bde2b858dfd75f7045984123d3a7f0defc279f261ee044cded6afe
Instruction ID: 6ced6d0ed04a4e3df2470303b809311aef0155cbbc42d61facf5d30c2d8020a2
Opcode Fuzzy Hash: 1e5dda0d03bde2b858dfd75f7045984123d3a7f0defc279f261ee044cded6afe
Instruction Fuzzy Hash: 03B1AA205051C8E6DB06D2FC9959BAE6FE54B5230DF14499E94623FBD3CAB50F0893E3

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D3880 Relevance: 37.1, APIs: 15, Strings: 6, Instructions: 349
COMMONCrypto

Download Yara Rule

C-Code - Quality: 83%

			E6E3D3880(int __edx, void* __ebp, void* __eflags, intOrPtr _a4, short _a8, struct _CRITICAL_SECTION* _a12, void* _a24, intOrPtr _a28, short _a36, void* _a52, intOrPtr _a56, short _a64, intOrPtr _a76, void* _a80, intOrPtr _a84, short _a92, void* _a108, intOrPtr _a112, short _a120, void* _a136, intOrPtr _a140, short _a148, void* _a164, intOrPtr _a168, char _a172, short* _a176, char _a184, short _a188, void* _a192, intOrPtr _a196, int _a204, char _a208, int _a220, intOrPtr _a224, char _a228, char _a229, char _a1276, char _a1277, short _a2324, char _a2326, signed int _a4424, char _a4428, signed int _a4436, char _a4440, int _a4448, intOrPtr _a4456) {
				void* _v4;
				int _v12;
				int _v16;
				int _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t123;
				signed int _t125;
				short _t129;
				short* _t134;
				intOrPtr* _t136;
				intOrPtr* _t144;
				void* _t149;
				void* _t150;
				void* _t151;
				void* _t152;
				void* _t154;
				void* _t155;
				char* _t160;
				char _t161;
				char _t164;
				int _t167;
				char _t173;
				char* _t174;
				void* _t190;
				char _t194;
				void* _t198;
				intOrPtr _t213;
				void* _t218;
				char _t222;
				void* _t233;
				void* _t237;
				intOrPtr _t239;
				void* _t240;
				void* _t243;
				void* _t244;
				void* _t246;
				void* _t247;
				signed int _t249;
				void* _t250;
				void* _t251;
				signed int _t253;

				_t216 = __edx;
				_push(0xffffffff);
				_push(E6E3F9A63);
				_push( *[fs:0x0]);
				E6E3E3480(0x1164);
				_t123 =  *0x6e405204; // 0x2276585c
				_a4436 = _t123 ^ _t249;
				_push(__ebp);
				_t125 =  *0x6e405204; // 0x2276585c
				_push(_t125 ^ _t249);
				 *[fs:0x0] =  &_a4440;
				_t239 = _a4456;
				_a12 = 0x6e4064b8;
				EnterCriticalSection(0x6e4064b8);
				_t233 = _t239 + 8;
				_t246 = _t239 + 0x24;
				_a4448 = 0;
				_a4 = _t239 + 0x5c;
				_t240 = _t239 + 0x78;
				_t129 = E6E3D2ED0();
				_a8 = _t129;
				if(_t129 != 0) {
					_push(0xffffffff);
					_push(0);
					_a188 = 0;
					_push(_t240);
					_a208 = 7;
					_a204 = 0;
					E6E3D2590( &_a184);
					_a4436 = 1;
					_a228 = 0;
					E6E3E2850(_t233,  &_a229, 0, 0x417);
					_a1276 = 0;
					E6E3E2850(_t233,  &_a1277, 0, 0x417);
					_t134 = _a176;
					_t250 = _t249 + 0x18;
					_v12 = 0x418;
					__eflags = _a196 - 8;
					if(_a196 < 8) {
						_t134 =  &_a176;
					}
					WideCharToMultiByte(0, 0, _t134, 0xffffffff,  &_a228, 0x418, 0, 0);
					_t136 =  &_a228;
					_t218 = _t136 + 1;
					do {
						_t194 =  *_t136;
						_t136 = _t136 + 1;
						__eflags = _t194;
					} while (_t194 != 0);
					E6E3D1860( &_a228, E6E3D1FD0( &_a228, _t136 - _t218),  &_a1276,  &_v12);
					_a2324 = 0;
					E6E3E2850(_t233,  &_a2326, 0, 0x832);
					_t251 = _t250 + 0x24;
					MultiByteToWideChar(0, 0,  &_a1276, 0xffffffff,  &_a2324, 0x419);
					_t144 =  &_a2324;
					_t198 = _t144 + 2;
					do {
						_t222 =  *_t144;
						_t144 = _t144 + 2;
						__eflags = _t222;
					} while (_t222 != 0);
					E6E3D2690( &_a172, _t246,  &_a2324, _t144 - _t198 >> 1);
					_push(";");
					_push(_t233);
					_t149 = E6E3D3700(0, _t246,  &_a108);
					_push(_t246);
					_push(_t149);
					_a4428 = 2;
					_t150 = E6E3D37D0(0, _t246, __eflags,  &_a136);
					_push(";");
					_push(_t150);
					_a4428 = 3;
					_t151 = E6E3D3700(0, _t246,  &_a80);
					_push(_v16);
					_push(_t151);
					_a4428 = 4;
					_t152 = E6E3D37D0(0, _t246, __eflags,  &_a24);
					_push(";");
					_push(_t152);
					_a4428 = 5;
					_t154 = E6E3D3700(0, _t246,  &_v4);
					_push( &_a164);
					_push(_t154);
					_a4428 = 6;
					_t155 = E6E3D37D0(0, _t246, __eflags,  &_a52);
					_push(L";1");
					_push(_t155);
					_a4428 = 7;
					E6E3D3700(0, _t246,  &_a192);
					_t253 = _t251 + 0x54;
					__eflags = _a76 - 8;
					if(__eflags >= 0) {
						E6E3E2756(0, _t233, 8, __eflags, _a64);
						_t253 = _t253 + 4;
					}
					_a84 = 7;
					_a80 = 0;
					_a64 = 0;
					__eflags = _a28 - 8;
					if(__eflags >= 0) {
						E6E3E2756(0, 7, 8, __eflags, _a8);
						_t253 = _t253 + 4;
					}
					_a28 = 7;
					_a24 = 0;
					_a8 = 0;
					__eflags = _a56 - 8;
					if(__eflags >= 0) {
						E6E3E2756(0, 7, 8, __eflags, _a36);
						_t253 = _t253 + 4;
					}
					_a56 = 7;
					_a52 = 0;
					_a36 = 0;
					__eflags = _a112 - 8;
					if(__eflags >= 0) {
						E6E3E2756(0, 7, 8, __eflags, _a92);
						_t253 = _t253 + 4;
					}
					_a112 = 7;
					_a108 = 0;
					_a92 = 0;
					__eflags = _a168 - 8;
					if(__eflags >= 0) {
						E6E3E2756(0, 7, 8, __eflags, _a148);
						_t253 = _t253 + 4;
					}
					_a168 = 7;
					_a164 = 0;
					_a148 = 0;
					_a4436 = 0xe;
					__eflags = _a140 - 8;
					if(__eflags >= 0) {
						E6E3E2756(0, 7, 8, __eflags, _a120);
						_t253 = _t253 + 4;
					}
					_a120 = 0;
					_t160 = _a204;
					_a140 = 7;
					_a136 = 0;
					__eflags = _a224 - 8;
					if(_a224 < 8) {
						_t160 =  &_a204;
					}
					_t247 = _v4;
					_t235 = RegSetValueExW;
					_t161 = RegSetValueExW(_t247, L"ieproxy", 0, 1, _t160, _a220 + _a220 + 2);
					__eflags = _t161;
					if(_t161 != 0) {
						E6E3D7C70(0, RegSetValueExW, _t247, 0x6e4064d8, "[proxy] reg save failed %d", GetLastError());
						_t253 = _t253 + 0xc;
					}
					_v20 = 4;
					_v16 = 4;
					_t216 =  &_v20;
					_t164 = RegQueryValueExW(_t247, L"proxytype", 0,  &_v20,  &_v24,  &_v16);
					__eflags = _t164;
					if(_t164 != 0) {
						L31:
						_t243 = 8;
					} else {
						__eflags = _v24 - 2;
						if(_v24 != 2) {
							goto L31;
						} else {
							_t216 =  &_v20;
							_t173 = RegQueryValueExW(_t247, L"customproxytype", 0,  &_v20,  &_v24,  &_v16);
							__eflags = _t173;
							if(_t173 != 0) {
								goto L31;
							} else {
								__eflags = _v24;
								if(_v24 != 0) {
									goto L31;
								} else {
									_t174 = _a204;
									_t243 = 8;
									__eflags = _a224 - 8;
									if(_a224 < 8) {
										_t174 =  &_a204;
									}
									_t213 = _a220;
									_t216 = _t213 + _t213 + 2;
									RegSetValueExW(_t247, L"customhttp", 0, 1, _t174, _t213 + _t213 + 2);
								}
							}
						}
					}
					RegCloseKey(_t247);
					__eflags = _a224 - _t243;
					if(__eflags >= 0) {
						E6E3E2756(0, _t235, _t243, __eflags, _a204);
						_t253 = _t253 + 4;
					}
					_a224 = 7;
					_a220 = 0;
					_a204 = 0;
					__eflags = _a196 - _t243;
					if(__eflags >= 0) {
						_t216 = _a176;
						E6E3E2756(0, 7, _t243, __eflags, _a176);
						_t253 = _t253 + 4;
					}
					__eflags = 0;
					_a196 = 7;
					_a192 = 0;
					_a176 = 0;
					LeaveCriticalSection(0x6e4064b8);
					_t167 = 1;
				} else {
					E6E3D7C70(0, _t233, _t246, 0x6e4064d8, "[proxy] reg open failed %d", GetLastError());
					_t253 = _t249 + 0xc;
					LeaveCriticalSection(0x6e4064b8);
					_t167 = 0;
				}
				 *[fs:0x0] = _a4428;
				_pop(_t237);
				_pop(_t244);
				_pop(_t190);
				return E6E3E2840(_t167, _t190, _a4424 ^ _t253, _t216, _t237, _t244);
			}

0x6e3d3880
0x6e3d3880
0x6e3d3882
0x6e3d388d
0x6e3d3893
0x6e3d3898
0x6e3d389f
0x6e3d38a7
0x6e3d38aa
0x6e3d38b1
0x6e3d38b9
0x6e3d38bf
0x6e3d38cb
0x6e3d38d3
0x6e3d38de
0x6e3d38e1
0x6e3d38e4
0x6e3d38eb
0x6e3d38ef
0x6e3d38f2
0x6e3d38f7
0x6e3d38fd
0x6e3d392a
0x6e3d392e
0x6e3d392f
0x6e3d3937
0x6e3d393f
0x6e3d394a
0x6e3d3951
0x6e3d3964
0x6e3d396c
0x6e3d3973
0x6e3d3986
0x6e3d398d
0x6e3d3992
0x6e3d399e
0x6e3d39a1
0x6e3d39a9
0x6e3d39b0
0x6e3d39b2
0x6e3d39b2
0x6e3d39cd
0x6e3d39d3
0x6e3d39da
0x6e3d39e0
0x6e3d39e0
0x6e3d39e2
0x6e3d39e3
0x6e3d39e3
0x6e3d3a0d
0x6e3d3a22
0x6e3d3a2a
0x6e3d3a2f
0x6e3d3a4b
0x6e3d3a51
0x6e3d3a58
0x6e3d3a60
0x6e3d3a60
0x6e3d3a63
0x6e3d3a66
0x6e3d3a66
0x6e3d3a7f
0x6e3d3a84
0x6e3d3a90
0x6e3d3a92
0x6e3d3a97
0x6e3d3a98
0x6e3d3aa1
0x6e3d3aa9
0x6e3d3aae
0x6e3d3ab3
0x6e3d3abc
0x6e3d3ac4
0x6e3d3acd
0x6e3d3ace
0x6e3d3ad4
0x6e3d3adc
0x6e3d3ae1
0x6e3d3ae6
0x6e3d3aec
0x6e3d3af4
0x6e3d3b00
0x6e3d3b01
0x6e3d3b0a
0x6e3d3b12
0x6e3d3b1a
0x6e3d3b1f
0x6e3d3b28
0x6e3d3b30
0x6e3d3b35
0x6e3d3b38
0x6e3d3b3f
0x6e3d3b46
0x6e3d3b4b
0x6e3d3b4b
0x6e3d3b55
0x6e3d3b5c
0x6e3d3b60
0x6e3d3b65
0x6e3d3b69
0x6e3d3b70
0x6e3d3b75
0x6e3d3b75
0x6e3d3b7a
0x6e3d3b7e
0x6e3d3b82
0x6e3d3b87
0x6e3d3b8b
0x6e3d3b92
0x6e3d3b97
0x6e3d3b97
0x6e3d3b9c
0x6e3d3ba0
0x6e3d3ba4
0x6e3d3ba9
0x6e3d3bb0
0x6e3d3bba
0x6e3d3bbf
0x6e3d3bbf
0x6e3d3bc4
0x6e3d3bcb
0x6e3d3bd2
0x6e3d3bda
0x6e3d3be1
0x6e3d3beb
0x6e3d3bf0
0x6e3d3bf0
0x6e3d3bf5
0x6e3d3bfc
0x6e3d3c03
0x6e3d3c0b
0x6e3d3c13
0x6e3d3c1a
0x6e3d3c24
0x6e3d3c29
0x6e3d3c29
0x6e3d3c2e
0x6e3d3c36
0x6e3d3c3d
0x6e3d3c44
0x6e3d3c4b
0x6e3d3c52
0x6e3d3c54
0x6e3d3c54
0x6e3d3c62
0x6e3d3c66
0x6e3d3c7b
0x6e3d3c7d
0x6e3d3c7f
0x6e3d3c92
0x6e3d3c97
0x6e3d3c97
0x6e3d3ca5
0x6e3d3ca9
0x6e3d3cb7
0x6e3d3cc3
0x6e3d3cc5
0x6e3d3cc7
0x6e3d3d28
0x6e3d3d28
0x6e3d3cc9
0x6e3d3cc9
0x6e3d3cce
0x00000000
0x6e3d3cd0
0x6e3d3cda
0x6e3d3ce6
0x6e3d3ce8
0x6e3d3cea
0x00000000
0x6e3d3cec
0x6e3d3cec
0x6e3d3cf0
0x00000000
0x6e3d3cf2
0x6e3d3cf2
0x6e3d3cf9
0x6e3d3cfe
0x6e3d3d05
0x6e3d3d07
0x6e3d3d07
0x6e3d3d0e
0x6e3d3d15
0x6e3d3d24
0x6e3d3d24
0x6e3d3cf0
0x6e3d3cea
0x6e3d3cce
0x6e3d3d2e
0x6e3d3d34
0x6e3d3d3b
0x6e3d3d45
0x6e3d3d4a
0x6e3d3d4a
0x6e3d3d54
0x6e3d3d5b
0x6e3d3d62
0x6e3d3d6a
0x6e3d3d71
0x6e3d3d73
0x6e3d3d7b
0x6e3d3d80
0x6e3d3d80
0x6e3d3d83
0x6e3d3d8a
0x6e3d3d91
0x6e3d3d98
0x6e3d3da0
0x6e3d3da6
0x6e3d38ff
0x6e3d3910
0x6e3d3915
0x6e3d391d
0x6e3d3923
0x6e3d3923
0x6e3d3db2
0x6e3d3dba
0x6e3d3dbb
0x6e3d3dbd
0x6e3d3dd2

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,6E4064B8,2276585C,?,?,?,?,?,6E3F9A63,000000FF), ref: 6E3D38D3

Part of subcall function 6E3D2ED0: RegOpenKeyExW.ADVAPI32 ref: 6E3D2F00

GetLastError.KERNEL32(?,?,?,?,6E4064B8,2276585C,?,?,?,?,?,6E3F9A63,000000FF), ref: 6E3D38FF
LeaveCriticalSection.KERNEL32(6E4064B8), ref: 6E3D391D
_memset.LIBCMT ref: 6E3D3973
_memset.LIBCMT ref: 6E3D398D
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000418,00000000,00000000), ref: 6E3D39CD
_memset.LIBCMT ref: 6E3D3A2A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000419), ref: 6E3D3A4B

Strings

proxytype, xrefs: 6E3D3CBD
[proxy] reg save failed %d, xrefs: 6E3D3C88
[proxy] reg open failed %d, xrefs: 6E3D3906
customproxytype, xrefs: 6E3D3CE0
customhttp, xrefs: 6E3D3D1E
ieproxy, xrefs: 6E3D3C75

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: _memset$ByteCharCriticalMultiSectionWide$EnterErrorLastLeaveOpen
String ID: [proxy] reg open failed %d$[proxy] reg save failed %d$customhttp$customproxytype$ieproxy$proxytype
API String ID: 1482497369-387116117
Opcode ID: 3ca6998977214c227ceee5016f07d77f730df3531d0709003824921c09df5453
Instruction ID: 14b49f95c352181333a50cde3b53c4d60955bb5ca1d8bda94a52af2799075fd5
Opcode Fuzzy Hash: 3ca6998977214c227ceee5016f07d77f730df3531d0709003824921c09df5453
Instruction Fuzzy Hash: F6D12CB2408385AFD734DBA5C844BEBB7ECAF89314F00492EE58987640EB759549CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E502A00 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000020,?,E97A779A,00000010,6E5046C2), ref: 6E502A61
OpenProcessToken.ADVAPI32(00000000), ref: 6E502A68
GetLastError.KERNEL32 ref: 6E502A72
LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 6E502AA0
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000000,00000000,00000000), ref: 6E502ABC
GetLastError.KERNEL32 ref: 6E502AC2
CloseHandle.KERNEL32(?), ref: 6E502AD3
GetShellWindow.USER32 ref: 6E502AE8

Strings

AdjustTokenPrivileges failed-: , xrefs: 6E502ADB
Unable to get PID of desktop shell., xrefs: 6E502B1C
No desktop shell is present, xrefs: 6E502AF4
SeIncreaseQuotaPrivilege, xrefs: 6E502A99
OpenProcessToken failed: , xrefs: 6E502A7A

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorLastProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesShellValueWindow
String ID: AdjustTokenPrivileges failed-: $No desktop shell is present$OpenProcessToken failed: $SeIncreaseQuotaPrivilege$Unable to get PID of desktop shell.
API String ID: 2014958012-3985574042
Opcode ID: 695c22ddc1ca9f356260da204ba1cdb0e65b6d42c08004c9d0a73504482ece36
Instruction ID: c5ce509408a5eff91b219407c6a0d2a7317f0a2d07fd37fdb3409fd5be9f1277
Opcode Fuzzy Hash: 695c22ddc1ca9f356260da204ba1cdb0e65b6d42c08004c9d0a73504482ece36
Instruction Fuzzy Hash: F1512775E40608EBDB25DFE4CC49FEEBBB8EF08711F014125F615BA290EBB059058B50

Uniqueness

Uniqueness Score: -1.00%

Function 6E5108D0 Relevance: 30.2, APIs: 14, Strings: 3, Instructions: 417memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6E511310: RegCloseKey.ADVAPI32(00000000), ref: 6E5115A7

GetProcessHeap.KERNEL32(00000000,00000288), ref: 6E510948
HeapAlloc.KERNEL32(00000000), ref: 6E510955
GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 6E510969
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E51097C
HeapFree.KERNEL32(00000000), ref: 6E51097F
GetProcessHeap.KERNEL32(00000000,00000288), ref: 6E51098A
HeapAlloc.KERNEL32(00000000), ref: 6E51098D
GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 6E5109A8
MultiByteToWideChar.KERNEL32(00000003,00000000,00000008,000000FF,00000000,00000000), ref: 6E510A33
MultiByteToWideChar.KERNEL32(00000003,00000000,6E542A19,000000FF,00000010,-00000001), ref: 6E510A6C
StrStrIA.SHLWAPI(6E542915,wifi,00000000,00000288), ref: 6E510B24
StrStrIA.SHLWAPI(6E542915,wireless), ref: 6E510B34
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000288), ref: 6E510CE0
HeapFree.KERNEL32(00000000), ref: 6E510CE7

Strings

wireless, xrefs: 6E510B2E
wifi, xrefs: 6E510B18
%02X%02X%02X%02X%02X%02X, xrefs: 6E510BA8

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Heap$Process$AdaptersAllocByteCharFreeInfoMultiWide$Close
String ID: %02X%02X%02X%02X%02X%02X$wifi$wireless
API String ID: 1858447167-294613102
Opcode ID: 1d3b1de3d432abc51c9b60a2594ac8322a35ce2764cf431cd3ceb0d614afc228
Instruction ID: 83b766257969d31d64fd756a4f93d7e821e90fe68b8f5fc45a5153f7526b1980
Opcode Fuzzy Hash: 1d3b1de3d432abc51c9b60a2594ac8322a35ce2764cf431cd3ceb0d614afc228
Instruction Fuzzy Hash: 31E18271A046069FEB40DFE8C894BEEB7F4FF45314F14455AE914A7290EB34A951CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4FC8B0 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 271processCOMMON

Download Yara Rule

APIs

Part of subcall function 6E4FC6D0: SHGetValueW.SHLWAPI(80000001,Software\Ludashi,close_checkprocess,?,?,?,E97A779A), ref: 6E4FC732

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 6E4FC92A
Process32FirstW.KERNEL32(00000000,0000022C), ref: 6E4FC962
CloseHandle.KERNEL32(00000000,00000000,0000022C), ref: 6E4FC96C
FindWindowW.USER32(?,00000000), ref: 6E4FC9DC
IsWindow.USER32(00000000), ref: 6E4FC9E3

Strings

`{, xrefs: 6E4FC90A, 6E4FC98F
[hinter_show quit]exist processname=, xrefs: 6E4FCB1B
&ex5=3, xrefs: 6E4FCB9C
(null), xrefs: 6E4FCB2C, 6E4FCB40

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Window$CloseCreateFindFirstHandleProcess32SnapshotToolhelp32Value
String ID: &ex5=3$(null)$[hinter_show quit]exist processname=$`{
API String ID: 1147719490-1934634205
Opcode ID: 6050d9aeaac68cd092b263d314ba6e737db3cd171147bd2a447da477a70af48f
Instruction ID: f3966366bba7604fb3f36f54c78274ff9e44c782d95ffb539309c6a4cbebaf88
Opcode Fuzzy Hash: 6050d9aeaac68cd092b263d314ba6e737db3cd171147bd2a447da477a70af48f
Instruction Fuzzy Hash: F8B1DC70A01615DFDB50DFA8CC88BADB7B4EF85714F1045AAE419AB390DB34AE46CF84

Uniqueness

Uniqueness Score: -1.00%

Function 6E3F2A63 Relevance: 20.0, APIs: 4, Strings: 7, Instructions: 793
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 60%

			E6E3F2A63(void* _a4, signed int _a16, signed int _a20, short* _a24) {
				signed int _v8;
				short _v10;
				signed int _v12;
				signed int _v14;
				signed int _v16;
				signed int _v18;
				signed int _v20;
				char _v25;
				signed int _v26;
				signed int _v28;
				signed int _v30;
				signed int _v32;
				signed int _v34;
				signed int _v36;
				char _v41;
				signed int _v42;
				char _v43;
				signed int _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v62;
				char _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				unsigned int _v104;
				intOrPtr _v108;
				signed short* _v112;
				signed short* _v116;
				char _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t374;
				signed short _t385;
				signed int _t387;
				signed int _t394;
				signed int* _t396;
				intOrPtr _t397;
				unsigned int _t400;
				signed int _t403;
				signed int _t404;
				intOrPtr _t405;
				void* _t428;
				signed int _t437;
				unsigned int _t438;
				signed short* _t443;
				signed int _t445;
				signed int _t451;
				intOrPtr _t455;
				signed int _t464;
				unsigned int _t465;
				signed int _t478;
				signed int _t481;
				short* _t488;
				signed int _t492;
				char* _t496;
				intOrPtr* _t497;
				signed int _t498;
				signed short _t512;
				char* _t518;
				unsigned int _t520;
				signed int _t522;
				unsigned int _t525;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t552;
				signed int _t554;
				signed int _t556;
				signed int _t559;
				signed int _t560;
				void* _t562;
				signed int _t568;
				signed int _t581;
				char _t595;
				signed int _t596;
				unsigned int _t598;
				signed int _t601;
				signed int _t603;
				signed int _t612;
				signed int _t613;
				intOrPtr _t618;
				signed int _t620;
				signed int* _t625;
				signed int _t630;
				signed int _t631;
				signed int _t633;
				signed int _t643;
				signed int _t649;
				signed int* _t655;
				signed int _t661;

				_t374 =  *0x6e405204; // 0x2276585c
				_v8 = _t374 ^ _t661;
				_t488 = _a24;
				asm("movsd");
				asm("movsd");
				asm("movsw");
				_v100 = _v12 & 0x00008000;
				_t583 = _v12 & 0x7fff;
				_v104 = _t488;
				_v52 = 0xcc;
				_v51 = 0xcc;
				_v50 = 0xcc;
				_v49 = 0xcc;
				_v48 = 0xcc;
				_v47 = 0xcc;
				_v46 = 0xcc;
				_v45 = 0xcc;
				_v44 = 0xcc;
				_v43 = 0xcc;
				_v42 = 0xfb;
				_v41 = 0x3f;
				_v120 = 1;
				if(_v100 == 0) {
					 *((char*)(_t488 + 2)) = 0x20;
				} else {
					 *((char*)(_t488 + 2)) = 0x2d;
				}
				_t636 = _v16;
				_t620 = _v20;
				if(_t583 != 0 || _t636 != 0 || _t620 != 0) {
					__eflags = _t583 - 0x7fff;
					if(_t583 != 0x7fff) {
						_t385 = (((_t583 & 0x0000ffff) >> 0x00000008) + (_t636 >> 0x00000018) * 0x00000002) * 0x0000004d + (_t583 & 0x0000ffff) * 0x00004d10 - 0x134312f4 >> 0x00000010 & 0x0000ffff;
						_v36 = 0;
						_t492 =  ~_t385;
						_v80 = _t385;
						_v26 = _t583;
						_v30 = _t636;
						_v34 = _t620;
						_v108 = 0x6e406110;
						__eflags = _t492;
						if(__eflags == 0) {
							L86:
							_t512 = _v28 >> 0x10;
							__eflags = _t512 - 0x3fff;
							if(_t512 < 0x3fff) {
								L139:
								__eflags = _a20 & 0x00000001;
								_t583 = _v104;
								_t387 = _v80;
								_t620 = _a16;
								 *_t583 = _t387;
								if((_a20 & 0x00000001) == 0) {
									L142:
									__eflags = _t620 - 0x15;
									if(_t620 > 0x15) {
										_t620 = 0x15;
									}
									_t636 = (_v28 >> 0x10) - 0x3ffe;
									__eflags = 0;
									_v26 = 0;
									_v72 = 8;
									do {
										_v36 = _v36 << 1;
										_t312 =  &_v72;
										 *_t312 = _v72 - 1;
										__eflags =  *_t312;
										_v32 = _v32 + _v32 | _v36 >> 0x0000001f;
										_v28 = _v28 + _v28 | _v32 >> 0x0000001f;
									} while ( *_t312 != 0);
									__eflags = _t636;
									if(_t636 >= 0) {
										L149:
										_t394 = _t620 + 1;
										_t496 = _t583 + 4;
										_v68 = _t496;
										_v80 = _t394;
										__eflags = _t394;
										if(_t394 <= 0) {
											L161:
											_t497 = _t496 - 1;
											_t498 = _t497 - 1;
											__eflags =  *_t497 - 0x35;
											if( *_t497 >= 0x35) {
												while(1) {
													__eflags = _t498 - _v68;
													if(_t498 < _v68) {
														break;
													}
													__eflags =  *_t498 - 0x39;
													if( *_t498 != 0x39) {
														break;
													}
													 *_t498 = 0x30;
													_t498 = _t498 - 1;
													__eflags = _t498;
												}
												_t396 = _v104;
												__eflags = _t498 - _v68;
												if(_t498 < _v68) {
													_t498 = _t498 + 1;
													 *_t396 =  *_t396 + 1;
													__eflags =  *_t396;
												}
												 *_t498 =  *_t498 + 1;
												__eflags =  *_t498;
												L169:
												_t498 = _t498 - _t396 - 3;
												__eflags = _t498;
												_t396[0] = _t498;
												 *((char*)( &(_t396[1]) + _t498)) = 0;
												_t397 = _v120;
												goto L170;
											}
											_t518 = _v68;
											while(1) {
												__eflags = _t498 - _t518;
												if(_t498 < _t518) {
													break;
												}
												__eflags =  *_t498 - 0x30;
												if( *_t498 != 0x30) {
													break;
												}
												_t498 = _t498 - 1;
												__eflags = _t498;
											}
											_t396 = _v104;
											__eflags = _t498 - _t518;
											if(_t498 >= _t518) {
												goto L169;
											}
											 *_t396 = 0;
											__eflags = _v100 - 0x8000;
											_t396[0] = 1;
											_t583 = ((0x8000 | __eflags != 0x00000000) - 0x00000001 & 0x0000000d) + 0x20;
											_t396[0] = ((0x8000 | __eflags != 0x00000000) - 0x00000001 & 0x0000000d) + 0x20;
											 *_t518 = 0x30;
											_t396[1] = 0;
											goto L7;
										} else {
											goto L150;
										}
										do {
											L150:
											_t400 = _v32;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											_v36 = _v36 << 1;
											_v36 = _v36 << 1;
											_t520 = _t400 + _t400 | _v36 >> 0x0000001f;
											_t595 = _v64;
											_t522 = (_v28 + _v28 | _t400 >> 0x0000001f) + (_v28 + _v28 | _t400 >> 0x0000001f) | _t520 >> 0x0000001f;
											_t403 = _v36;
											_t643 = _t520 + _t520 | _v36 >> 0x0000001f;
											_t620 = _t595 + _t403;
											__eflags = _t620 - _t403;
											if(_t620 < _t403) {
												L152:
												_t404 = _t643 + 1;
												_t596 = 0;
												__eflags = _t404 - _t643;
												if(_t404 < _t643) {
													L154:
													_t596 = 1;
													__eflags = 1;
													L155:
													_t643 = _t404;
													__eflags = _t596;
													if(_t596 != 0) {
														_t522 = _t522 + 1;
														__eflags = _t522;
													}
													L157:
													_t405 = _v60;
													_t598 = _t405 + _t643;
													_v72 = _t598;
													__eflags = _t598 - _t643;
													if(_t598 < _t643) {
														L159:
														_t522 = _t522 + 1;
														__eflags = _t522;
														goto L160;
													}
													__eflags = _t598 - _t405;
													if(_t598 >= _t405) {
														goto L160;
													}
													goto L159;
												}
												__eflags = _t404 - 1;
												if(_t404 >= 1) {
													goto L155;
												}
												goto L154;
											}
											__eflags = _t620 - _t595;
											if(_t620 >= _t595) {
												goto L157;
											}
											goto L152;
											L160:
											_t583 = _t598 >> 0x1f;
											_t525 = _t522 + _v56 + _t522 + _v56 | _t598 >> 0x0000001f;
											_v36 = _t620 + _t620;
											_t645 = _v72;
											_v28 = _t525;
											_t636 = _v72 + _t645 | _t620 >> 0x0000001f;
											 *_t496 = (_t525 >> 0x18) + 0x30;
											_t496 = _t496 + 1;
											_v80 = _v80 - 1;
											__eflags = _v80;
											_v32 = _v72 + _t645 | _t620 >> 0x0000001f;
											_v25 = 0;
										} while (_v80 > 0);
										goto L161;
									}
									_t636 =  ~_t636 & 0x000000ff;
									__eflags = _t636;
									if(_t636 <= 0) {
										goto L149;
									} else {
										goto L148;
									}
									do {
										L148:
										_v28 = _v28 >> 1;
										_t636 = _t636 - 1;
										_v32 = _v32 >> 0x00000001 | _v28 << 0x0000001f;
										_v36 = _v36 >> 0x00000001 | _v32 << 0x0000001f;
										__eflags = _t636;
									} while (_t636 > 0);
									goto L149;
								}
								_t620 = _t620 + _t387;
								__eflags = _t620;
								if(_t620 > 0) {
									goto L142;
								}
								 *_t583 = 0;
								__eflags = _v100 - 0x8000;
								 *((char*)(_t583 + 3)) = 1;
								 *((char*)(_t583 + 2)) = ((0x8000 | _v100 != 0x00008000) - 0x00000001 & 0x0000000d) + 0x20;
								 *((char*)(_t583 + 4)) = 0x30;
								 *((char*)(_t583 + 5)) = 0;
								goto L7;
							}
							_v80 = _v80 + 1;
							_t530 = _t512 & 0x0000ffff;
							_v84 = 0;
							_v20 = 0;
							_v16 = 0;
							_v12 = 0;
							_t531 = _t530 & 0x00007fff;
							_t601 = _v42 & 0x00007fff;
							_t498 = (_v42 ^ _t530) & 0x00008000;
							_v96 = _t498;
							_t636 = _t601 + _t531 & 0x0000ffff;
							__eflags = _t531 - 0x7fff;
							if(_t531 >= 0x7fff) {
								L137:
								__eflags = _t498;
								_v32 = _v32 & 0x00000000;
								_t424 = ((0 | _t498 == 0x00000000) - 0x00000001 & 0x80000000) + 0x7fff8000;
								_t287 =  &_v36;
								 *_t287 = _v36 & 0x00000000;
								__eflags =  *_t287;
								L138:
								_v28 = _t424;
								goto L139;
							}
							__eflags = _t601 - 0x7fff;
							if(_t601 >= 0x7fff) {
								goto L137;
							}
							__eflags = _t636 - 0xbffd;
							if(_t636 > 0xbffd) {
								goto L137;
							}
							__eflags = _t636 - 0x3fbf;
							if(_t636 > 0x3fbf) {
								_t424 = 0;
								__eflags = _t531;
								if(_t531 != 0) {
									L100:
									__eflags = _t601 - _t424;
									if(_t601 != _t424) {
										L104:
										_v88 = _t424;
										_t625 =  &_v16;
										_v68 = 5;
										do {
											_t532 = _v68;
											_t428 = _v88 + _v88;
											_v76 = _t532;
											__eflags = _t532;
											if(_t532 <= 0) {
												goto L113;
											}
											_v92 =  &_v44;
											_t443 = _t661 + _t428 - 0x20;
											do {
												_v72 = _v72 & 0x00000000;
												_t552 = ( *_v92 & 0x0000ffff) * ( *_t443 & 0x0000ffff);
												_t603 =  *(_t625 - 4);
												_t498 = _t603 + _t552;
												__eflags = _t498 - _t603;
												if(_t498 < _t603) {
													L109:
													_v72 = 1;
													goto L110;
												}
												__eflags = _t498 - _t552;
												if(_t498 >= _t552) {
													goto L110;
												}
												goto L109;
												L110:
												__eflags = _v72;
												 *(_t625 - 4) = _t498;
												if(_v72 != 0) {
													 *_t625 =  *_t625 + 1;
													__eflags =  *_t625;
												}
												_v92 = _v92 - 2;
												_t443 =  &(_t443[1]);
												_v76 = _v76 - 1;
												__eflags = _v76;
											} while (_v76 > 0);
											L113:
											_t625 =  &(_t625[0]);
											_v88 = _v88 + 1;
											_v68 = _v68 - 1;
											__eflags = _v68;
										} while (_v68 > 0);
										_t649 = _t636 + 0xc002;
										__eflags = _t649;
										if(_t649 <= 0) {
											L118:
											_t636 = _t649 + 0xffff;
											__eflags = _t636;
											if(_t636 >= 0) {
												L125:
												__eflags = _v20 - 0x8000;
												if(_v20 > 0x8000) {
													L127:
													__eflags = _v18 - 0xffffffff;
													if(_v18 != 0xffffffff) {
														_t267 =  &_v18;
														 *_t267 = _v18 + 1;
														__eflags =  *_t267;
													} else {
														_v18 = _v18 & 0x00000000;
														__eflags = _v14 - 0xffffffff;
														if(_v14 != 0xffffffff) {
															_v14 = _v14 + 1;
														} else {
															_v14 = _v14 & 0x00000000;
															__eflags = _v10 - 0xffff;
															if(_v10 != 0xffff) {
																_v10 = _v10 + 1;
															} else {
																_v10 = 0x8000;
																_t636 = _t636 + 1;
															}
														}
													}
													L134:
													__eflags = _t636 - 0x7fff;
													if(_t636 < 0x7fff) {
														_t636 = _t636 | _v96;
														_v36 = _v18;
														_v34 = _v16;
														_v30 = _v12;
														_v26 = _t636;
													} else {
														__eflags = _v96;
														_v32 = 0;
														_v36 = 0;
														_v28 = ((0 | _v96 == 0x00000000) - 0x00000001 & 0x80000000) + 0x7fff8000;
													}
													goto L139;
												}
												__eflags = (_v20 & 0x0001ffff) - 0x18000;
												if((_v20 & 0x0001ffff) != 0x18000) {
													goto L134;
												}
												goto L127;
											}
											_t437 =  ~_t636 & 0x0000ffff;
											_t636 = _t636 + _t437;
											__eflags = _t636;
											do {
												__eflags = _v20 & 0x00000001;
												if((_v20 & 0x00000001) != 0) {
													_t240 =  &_v84;
													 *_t240 = _v84 + 1;
													__eflags =  *_t240;
												}
												_v12 = _v12 >> 1;
												_t437 = _t437 - 1;
												__eflags = _t437;
												_v16 = _v16 >> 0x00000001 | _v12 << 0x0000001f;
												_v20 = _v20 >> 0x00000001 | _v16 << 0x0000001f;
											} while (_t437 != 0);
											__eflags = _v84 - _t437;
											if(_v84 != _t437) {
												_t251 =  &_v20;
												 *_t251 = _v20 | 0x00000001;
												__eflags =  *_t251;
											}
											goto L125;
										} else {
											goto L115;
										}
										while(1) {
											L115:
											_t630 = _v12;
											__eflags = _t630;
											if(_t630 < 0) {
												break;
											}
											_t438 = _v16;
											_v20 = _v20 << 1;
											_v16 = _t438 + _t438 | _v20 >> 0x0000001f;
											_t649 = _t649 + 0xffff;
											_v12 = _t630 + _t630 | _t438 >> 0x0000001f;
											__eflags = _t649;
											if(_t649 > 0) {
												continue;
											}
											break;
										}
										__eflags = _t649;
										if(_t649 > 0) {
											goto L125;
										}
										goto L118;
									}
									_t636 = _t636 + 1;
									__eflags = _v44 & 0x7fffffff;
									if((_v44 & 0x7fffffff) != 0) {
										goto L104;
									}
									__eflags = _v48 - _t424;
									if(_v48 != _t424) {
										goto L104;
									}
									__eflags = _v52 - _t424;
									if(_v52 == _t424) {
										L92:
										_v32 = _t424;
										_v36 = _t424;
										goto L138;
									}
									goto L104;
								}
								_t636 = _t636 + 1;
								__eflags = _v28 & 0x7fffffff;
								if((_v28 & 0x7fffffff) != 0) {
									goto L100;
								}
								__eflags = _v32;
								if(_v32 != 0) {
									goto L100;
								}
								__eflags = _v36;
								if(_v36 != 0) {
									goto L100;
								}
								_v26 = 0;
								goto L139;
							}
							_t424 = 0;
							__eflags = 0;
							goto L92;
						} else {
							if(__eflags < 0) {
								_t492 =  ~_t492;
								__eflags = 0x6e4062d0;
								_v108 = 0x6e406270;
							}
							__eflags = _t492;
							if(_t492 == 0) {
								goto L86;
							} else {
								goto L32;
							}
							do {
								L32:
								_v108 = _v108 + 0x54;
								_t554 = _t492 & 0x00000007;
								_t492 = _t492 >> 3;
								__eflags = _t554;
								if(_t554 == 0) {
									L84:
									_t636 = 0;
									__eflags = 0;
									goto L85;
								}
								_t556 = _t554 * 0xc + _v108;
								_t445 = _t556;
								_v72 = _t556;
								__eflags =  *_t445 - 0x8000;
								if( *_t445 >= 0x8000) {
									asm("movsd");
									asm("movsd");
									_t445 =  &_v64;
									asm("movsd");
									_t59 =  &_v62;
									 *_t59 = _v62 - 1;
									__eflags =  *_t59;
									_v72 = _t445;
								}
								_v76 = 0;
								_v20 = 0;
								_v16 = 0;
								_v12 = 0;
								_t559 =  *(_t445 + 0xa) & 0x0000ffff;
								_v92 = (_t559 ^ _v26) & 0x00008000;
								_t612 = _v26 & 0x00007fff;
								_t560 = _t559 & 0x00007fff;
								_t631 = _t560 + _t612 & 0x0000ffff;
								__eflags = _t612 - 0x7fff;
								if(_t612 >= 0x7fff) {
									L94:
									_t636 = 0;
									__eflags = _v92;
									_v28 = ((0 | _v92 == 0x00000000) - 0x00000001 & 0x80000000) + 0x7fff8000;
									goto L41;
								} else {
									__eflags = _t560 - 0x7fff;
									if(_t560 >= 0x7fff) {
										goto L94;
									}
									__eflags = _t631 - 0xbffd;
									if(_t631 > 0xbffd) {
										goto L94;
									}
									__eflags = _t631 - 0x3fbf;
									if(_t631 > 0x3fbf) {
										_t636 = 0;
										__eflags = _t612;
										if(_t612 != 0) {
											L47:
											__eflags = _t560 - _t636;
											if(_t560 != _t636) {
												L51:
												_t84 =  &_v88;
												 *_t84 = _v88 & _t636;
												__eflags =  *_t84;
												_t655 =  &_v16;
												_v68 = 5;
												do {
													_t613 = _v68;
													_t562 = _v88 + _v88;
													_v84 = _t613;
													__eflags = _t613;
													if(_t613 <= 0) {
														goto L61;
													}
													_t451 = _t445 + 8;
													__eflags = _t451;
													_v116 = _t661 + _t562 - 0x20;
													_v112 = _t451;
													do {
														_t618 =  *((intOrPtr*)(_t655 - 4));
														_t581 = ( *_v116 & 0x0000ffff) * ( *_v112 & 0x0000ffff);
														_v96 = _v96 & 0x00000000;
														_t455 = _t618 + _t581;
														__eflags = _t455 - _t618;
														if(_t455 < _t618) {
															L56:
															_v96 = 1;
															goto L57;
														}
														__eflags = _t455 - _t581;
														if(_t455 >= _t581) {
															goto L57;
														}
														goto L56;
														L57:
														__eflags = _v96;
														 *((intOrPtr*)(_t655 - 4)) = _t455;
														if(_v96 != 0) {
															 *_t655 =  *_t655 + 1;
															__eflags =  *_t655;
														}
														_v116 =  &(_v116[1]);
														_v112 = _v112 - 2;
														_v84 = _v84 - 1;
														__eflags = _v84;
													} while (_v84 > 0);
													_t445 = _v72;
													L61:
													_t655 =  &(_t655[0]);
													_v88 = _v88 + 1;
													_v68 = _v68 - 1;
													__eflags = _v68;
												} while (_v68 > 0);
												_t633 = _t631 + 0xc002;
												__eflags = _t633;
												if(_t633 <= 0) {
													L66:
													_t633 = _t633 + 0xffff;
													__eflags = _t633;
													if(_t633 >= 0) {
														L73:
														__eflags = _v20 - 0x8000;
														if(_v20 > 0x8000) {
															L75:
															__eflags = _v18 - 0xffffffff;
															if(_v18 != 0xffffffff) {
																_t157 =  &_v18;
																 *_t157 = _v18 + 1;
																__eflags =  *_t157;
															} else {
																_v18 = _v18 & 0x00000000;
																__eflags = _v14 - 0xffffffff;
																if(_v14 != 0xffffffff) {
																	_v14 = _v14 + 1;
																} else {
																	_v14 = _v14 & 0x00000000;
																	__eflags = _v10 - 0xffff;
																	if(_v10 != 0xffff) {
																		_v10 = _v10 + 1;
																	} else {
																		_v10 = 0x8000;
																		_t633 = _t633 + 1;
																	}
																}
															}
															L82:
															__eflags = _t633 - 0x7fff;
															if(_t633 < 0x7fff) {
																_v36 = _v18;
																_v34 = _v16;
																_v30 = _v12;
																_v26 = _t633 | _v92;
															} else {
																__eflags = _v92;
																_v32 = 0;
																_v36 = 0;
																_t568 = ((0 | _v92 == 0x00000000) - 0x00000001 & 0x80000000) + 0x7fff8000;
																__eflags = _t568;
																_v28 = _t568;
															}
															goto L84;
														}
														__eflags = (_v20 & 0x0001ffff) - 0x18000;
														if((_v20 & 0x0001ffff) != 0x18000) {
															goto L82;
														}
														goto L75;
													}
													_t464 =  ~_t633 & 0x0000ffff;
													_t633 = _t633 + _t464;
													__eflags = _t633;
													do {
														__eflags = _v20 & 0x00000001;
														if((_v20 & 0x00000001) != 0) {
															_t130 =  &_v76;
															 *_t130 = _v76 + 1;
															__eflags =  *_t130;
														}
														_v12 = _v12 >> 1;
														_t464 = _t464 - 1;
														__eflags = _t464;
														_v16 = _v16 >> 0x00000001 | _v12 << 0x0000001f;
														_v20 = _v20 >> 0x00000001 | _v16 << 0x0000001f;
													} while (_t464 != 0);
													__eflags = _v76 - _t464;
													if(_v76 != _t464) {
														_t141 =  &_v20;
														 *_t141 = _v20 | 0x00000001;
														__eflags =  *_t141;
													}
													goto L73;
												} else {
													goto L63;
												}
												while(1) {
													L63:
													__eflags = _v12 & 0x80000000;
													if((_v12 & 0x80000000) != 0) {
														break;
													}
													_t465 = _v16;
													_v20 = _v20 << 1;
													_v16 = _t465 + _t465 | _v20 >> 0x0000001f;
													_t633 = _t633 + 0xffff;
													_v12 = _v12 + _v12 | _t465 >> 0x0000001f;
													__eflags = _t633;
													if(_t633 > 0) {
														continue;
													}
													break;
												}
												__eflags = _t633;
												if(_t633 > 0) {
													goto L73;
												}
												goto L66;
											}
											_t631 = _t631 + 1;
											__eflags =  *(_t445 + 8) & 0x7fffffff;
											if(( *(_t445 + 8) & 0x7fffffff) != 0) {
												goto L51;
											}
											__eflags =  *((intOrPtr*)(_t445 + 4)) - _t636;
											if( *((intOrPtr*)(_t445 + 4)) != _t636) {
												goto L51;
											}
											__eflags =  *_t445 - _t636;
											if( *_t445 == _t636) {
												L40:
												_v28 = _t636;
												L41:
												_v32 = _t636;
												_v36 = _t636;
												goto L85;
											}
											goto L51;
										}
										_t631 = _t631 + 1;
										__eflags = _v28 & 0x7fffffff;
										if((_v28 & 0x7fffffff) != 0) {
											goto L47;
										}
										__eflags = _v32;
										if(_v32 != 0) {
											goto L47;
										}
										__eflags = _v36;
										if(_v36 != 0) {
											goto L47;
										}
										_v26 = 0;
										goto L85;
									}
									_t636 = 0;
									__eflags = 0;
									goto L40;
								}
								L85:
								__eflags = _t492 - _t636;
							} while (_t492 != _t636);
							goto L86;
						}
					}
					 *_t488 = 1;
					__eflags = _t636 - 0x80000000;
					if(_t636 != 0x80000000) {
						L11:
						__eflags = _t636 & 0x40000000;
						if((_t636 & 0x40000000) != 0) {
							L13:
							__eflags = _v100;
							if(_v100 == 0) {
								L17:
								__eflags = _t636 - 0x80000000;
								if(_t636 != 0x80000000) {
									L23:
									_push("1#QNAN");
									goto L24;
								}
								__eflags = _t620;
								if(_t620 != 0) {
									goto L23;
								} else {
									_push("1#INF");
									L20:
									_push(0x16);
									_push(_t488 + 4);
									_t481 = E6E3E7EC5(_t583);
									_t636 = 0;
									__eflags = _t481;
									if(__eflags != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E6E3E3CBF(0x8000, _t583, _t620, 0, __eflags);
									}
									 *((char*)(_t488 + 3)) = 5;
									goto L27;
								}
							}
							__eflags = _t636 - 0xc0000000;
							if(_t636 != 0xc0000000) {
								goto L17;
							}
							__eflags = _t620;
							if(_t620 != 0) {
								goto L23;
							} else {
								_push("1#IND");
								goto L20;
							}
						} else {
							_push("1#SNAN");
							L24:
							_push(0x16);
							_push(_t488 + 4);
							_t478 = E6E3E7EC5(_t583);
							_t636 = 0;
							__eflags = _t478;
							if(__eflags != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6E3E3CBF(0x8000, _t583, _t620, 0, __eflags);
							}
							 *((char*)(_t488 + 3)) = 6;
							L27:
							_t397 = 0;
							goto L170;
						}
					}
					__eflags = _t620;
					if(_t620 == 0) {
						goto L13;
					}
					goto L11;
				} else {
					 *_t488 = 0;
					 *((char*)(_t488 + 2)) = ((0 | _v100 != 0x00008000) - 0x00000001 & 0x0000000d) + 0x20;
					 *((char*)(_t488 + 3)) = 1;
					 *((char*)(_t488 + 4)) = 0x30;
					 *((char*)(_t488 + 5)) = 0;
					L7:
					_t397 = 1;
					L170:
					return E6E3E2840(_t397, _t498, _v8 ^ _t661, _t583, _t620, _t636);
				}
			}

0x6e3f2a6b
0x6e3f2a72
0x6e3f2a76
0x6e3f2a81
0x6e3f2a82
0x6e3f2a83
0x6e3f2a92
0x6e3f2a98
0x6e3f2a9f
0x6e3f2aa2
0x6e3f2aa6
0x6e3f2aaa
0x6e3f2aae
0x6e3f2ab2
0x6e3f2ab6
0x6e3f2aba
0x6e3f2abe
0x6e3f2ac2
0x6e3f2ac6
0x6e3f2aca
0x6e3f2ace
0x6e3f2ad2
0x6e3f2ad9
0x6e3f2ae1
0x6e3f2adb
0x6e3f2adb
0x6e3f2adb
0x6e3f2ae5
0x6e3f2ae8
0x6e3f2aee
0x6e3f2b21
0x6e3f2b24
0x6e3f2bee
0x6e3f2bf6
0x6e3f2bff
0x6e3f2c04
0x6e3f2c07
0x6e3f2c0b
0x6e3f2c0e
0x6e3f2c11
0x6e3f2c14
0x6e3f2c16
0x6e3f2eb9
0x6e3f2ebc
0x6e3f2ec9
0x6e3f2ecc
0x6e3f3176
0x6e3f3176
0x6e3f317a
0x6e3f317d
0x6e3f3180
0x6e3f3183
0x6e3f3186
0x6e3f31ba
0x6e3f31ba
0x6e3f31bd
0x6e3f31c1
0x6e3f31c1
0x6e3f31c8
0x6e3f31ce
0x6e3f31d0
0x6e3f31d4
0x6e3f31db
0x6e3f31e4
0x6e3f31f8
0x6e3f31f8
0x6e3f31f8
0x6e3f31fb
0x6e3f31fe
0x6e3f31fe
0x6e3f3203
0x6e3f3205
0x6e3f3239
0x6e3f3239
0x6e3f323c
0x6e3f323f
0x6e3f3242
0x6e3f3245
0x6e3f3247
0x6e3f3302
0x6e3f3302
0x6e3f3305
0x6e3f3306
0x6e3f3308
0x6e3f3318
0x6e3f3318
0x6e3f331b
0x00000000
0x00000000
0x6e3f330f
0x6e3f3312
0x00000000
0x00000000
0x6e3f3314
0x6e3f3317
0x6e3f3317
0x6e3f3317
0x6e3f331d
0x6e3f3320
0x6e3f3323
0x6e3f3325
0x6e3f3326
0x6e3f3326
0x6e3f3326
0x6e3f3329
0x6e3f3329
0x6e3f332b
0x6e3f332d
0x6e3f332d
0x6e3f3333
0x6e3f3336
0x6e3f333b
0x00000000
0x6e3f333b
0x6e3f330a
0x6e3f3353
0x6e3f3353
0x6e3f3355
0x00000000
0x00000000
0x6e3f334d
0x6e3f3350
0x00000000
0x00000000
0x6e3f3352
0x6e3f3352
0x6e3f3352
0x6e3f3357
0x6e3f335a
0x6e3f335c
0x00000000
0x00000000
0x6e3f3360
0x6e3f3368
0x6e3f336c
0x6e3f3378
0x6e3f337b
0x6e3f337e
0x6e3f3381
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3f324d
0x6e3f324d
0x6e3f3250
0x6e3f3259
0x6e3f325a
0x6e3f325b
0x6e3f325c
0x6e3f3262
0x6e3f326b
0x6e3f3284
0x6e3f328a
0x6e3f328c
0x6e3f328f
0x6e3f3291
0x6e3f3294
0x6e3f3296
0x6e3f329c
0x6e3f329c
0x6e3f329f
0x6e3f32a1
0x6e3f32a3
0x6e3f32aa
0x6e3f32ac
0x6e3f32ac
0x6e3f32ad
0x6e3f32ad
0x6e3f32af
0x6e3f32b1
0x6e3f32b3
0x6e3f32b3
0x6e3f32b3
0x6e3f32b4
0x6e3f32b4
0x6e3f32b7
0x6e3f32ba
0x6e3f32bd
0x6e3f32bf
0x6e3f32c5
0x6e3f32c5
0x6e3f32c5
0x00000000
0x6e3f32c5
0x6e3f32c1
0x6e3f32c3
0x00000000
0x00000000
0x00000000
0x6e3f32c3
0x6e3f32a5
0x6e3f32a8
0x00000000
0x00000000
0x00000000
0x6e3f32a8
0x6e3f3298
0x6e3f329a
0x00000000
0x00000000
0x00000000
0x6e3f32c6
0x6e3f32c9
0x6e3f32ce
0x6e3f32d3
0x6e3f32d6
0x6e3f32d9
0x6e3f32e9
0x6e3f32eb
0x6e3f32ed
0x6e3f32ee
0x6e3f32f1
0x6e3f32f5
0x6e3f32f8
0x6e3f32f8
0x00000000
0x6e3f324d
0x6e3f3209
0x6e3f3209
0x6e3f320f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3f3211
0x6e3f3211
0x6e3f321a
0x6e3f322e
0x6e3f322f
0x6e3f3232
0x6e3f3235
0x6e3f3235
0x00000000
0x6e3f3211
0x6e3f3189
0x6e3f318b
0x6e3f318d
0x00000000
0x00000000
0x6e3f3191
0x6e3f3199
0x6e3f319d
0x6e3f31aa
0x6e3f31ad
0x6e3f31b1
0x00000000
0x6e3f31b1
0x6e3f2ed5
0x6e3f2eda
0x6e3f2edd
0x6e3f2ee0
0x6e3f2ee3
0x6e3f2ee6
0x6e3f2eee
0x6e3f2ef0
0x6e3f2ef2
0x6e3f2efd
0x6e3f2f00
0x6e3f2f03
0x6e3f2f06
0x6e3f3158
0x6e3f315a
0x6e3f3160
0x6e3f316a
0x6e3f316f
0x6e3f316f
0x6e3f316f
0x6e3f3173
0x6e3f3173
0x00000000
0x6e3f3173
0x6e3f2f0c
0x6e3f2f0f
0x00000000
0x00000000
0x6e3f2f1a
0x6e3f2f1d
0x00000000
0x00000000
0x6e3f2f28
0x6e3f2f2b
0x6e3f2f78
0x6e3f2f7a
0x6e3f2f7d
0x6e3f2f9c
0x6e3f2f9c
0x6e3f2f9f
0x6e3f2fb9
0x6e3f2fb9
0x6e3f2fbc
0x6e3f2fbf
0x6e3f2fc6
0x6e3f2fc9
0x6e3f2fcc
0x6e3f2fce
0x6e3f2fd1
0x6e3f2fd3
0x00000000
0x00000000
0x6e3f2fd8
0x6e3f2fdb
0x6e3f2fdf
0x6e3f2fe8
0x6e3f2fec
0x6e3f2fef
0x6e3f2ff2
0x6e3f2ff5
0x6e3f2ff7
0x6e3f2ffd
0x6e3f2ffd
0x00000000
0x6e3f2ffd
0x6e3f2ff9
0x6e3f2ffb
0x00000000
0x00000000
0x00000000
0x6e3f3004
0x6e3f3004
0x6e3f3008
0x6e3f300b
0x6e3f300d
0x6e3f300d
0x6e3f300d
0x6e3f3010
0x6e3f3015
0x6e3f3016
0x6e3f3019
0x6e3f3019
0x6e3f301f
0x6e3f3020
0x6e3f3021
0x6e3f3024
0x6e3f3027
0x6e3f3027
0x6e3f302d
0x6e3f3033
0x6e3f3036
0x6e3f306f
0x6e3f306f
0x6e3f3075
0x6e3f3078
0x6e3f30bc
0x6e3f30c3
0x6e3f30c7
0x6e3f30da
0x6e3f30da
0x6e3f30de
0x6e3f310b
0x6e3f310b
0x6e3f310b
0x6e3f30e0
0x6e3f30e0
0x6e3f30e4
0x6e3f30e8
0x6e3f3106
0x6e3f30ea
0x6e3f30ea
0x6e3f30f3
0x6e3f30f7
0x6e3f3100
0x6e3f30f9
0x6e3f30f9
0x6e3f30fd
0x6e3f30fd
0x6e3f30f7
0x6e3f30e8
0x6e3f310e
0x6e3f3113
0x6e3f3116
0x6e3f313f
0x6e3f3142
0x6e3f3149
0x6e3f314f
0x6e3f3152
0x6e3f3118
0x6e3f311c
0x6e3f3120
0x6e3f3126
0x6e3f3136
0x6e3f3136
0x00000000
0x6e3f3116
0x6e3f30d2
0x6e3f30d8
0x00000000
0x00000000
0x00000000
0x6e3f30d8
0x6e3f307e
0x6e3f3081
0x6e3f3081
0x6e3f3083
0x6e3f3083
0x6e3f3087
0x6e3f3089
0x6e3f3089
0x6e3f3089
0x6e3f3089
0x6e3f3095
0x6e3f30a9
0x6e3f30a9
0x6e3f30aa
0x6e3f30ad
0x6e3f30ad
0x6e3f30b2
0x6e3f30b5
0x6e3f30b7
0x6e3f30b7
0x6e3f30b7
0x6e3f30b7
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3f3038
0x6e3f3038
0x6e3f3038
0x6e3f303b
0x6e3f303d
0x00000000
0x00000000
0x6e3f303f
0x6e3f3045
0x6e3f3051
0x6e3f305c
0x6e3f3062
0x6e3f3065
0x6e3f3068
0x00000000
0x00000000
0x00000000
0x6e3f3068
0x6e3f306a
0x6e3f306d
0x00000000
0x00000000
0x00000000
0x6e3f306d
0x6e3f2fa1
0x6e3f2fa2
0x6e3f2fa9
0x00000000
0x00000000
0x6e3f2fab
0x6e3f2fae
0x00000000
0x00000000
0x6e3f2fb0
0x6e3f2fb3
0x6e3f2f2f
0x6e3f2f2f
0x6e3f2f32
0x00000000
0x6e3f2f32
0x00000000
0x6e3f2fb3
0x6e3f2f7f
0x6e3f2f80
0x6e3f2f87
0x00000000
0x00000000
0x6e3f2f89
0x6e3f2f8c
0x00000000
0x00000000
0x6e3f2f8e
0x6e3f2f91
0x00000000
0x00000000
0x6e3f2f93
0x00000000
0x6e3f2f93
0x6e3f2f2d
0x6e3f2f2d
0x00000000
0x6e3f2c1c
0x6e3f2c1c
0x6e3f2c23
0x6e3f2c25
0x6e3f2c28
0x6e3f2c28
0x6e3f2c2b
0x6e3f2c2d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3f2c33
0x6e3f2c33
0x6e3f2c33
0x6e3f2c39
0x6e3f2c3c
0x6e3f2c3f
0x6e3f2c41
0x6e3f2eaf
0x6e3f2eaf
0x6e3f2eaf
0x00000000
0x6e3f2eaf
0x6e3f2c4a
0x6e3f2c4d
0x6e3f2c4f
0x6e3f2c57
0x6e3f2c5a
0x6e3f2c61
0x6e3f2c62
0x6e3f2c63
0x6e3f2c66
0x6e3f2c67
0x6e3f2c67
0x6e3f2c67
0x6e3f2c6a
0x6e3f2c6a
0x6e3f2c6f
0x6e3f2c72
0x6e3f2c75
0x6e3f2c78
0x6e3f2c7b
0x6e3f2c8f
0x6e3f2c95
0x6e3f2c97
0x6e3f2c9c
0x6e3f2ca4
0x6e3f2ca7
0x6e3f2f5a
0x6e3f2f5c
0x6e3f2f5e
0x6e3f2f70
0x00000000
0x6e3f2cad
0x6e3f2cad
0x6e3f2cb0
0x00000000
0x00000000
0x6e3f2cbb
0x6e3f2cbe
0x00000000
0x00000000
0x6e3f2cc9
0x6e3f2ccc
0x6e3f2cde
0x6e3f2ce0
0x6e3f2ce3
0x6e3f2d04
0x6e3f2d04
0x6e3f2d07
0x6e3f2d1c
0x6e3f2d1c
0x6e3f2d1c
0x6e3f2d1c
0x6e3f2d1f
0x6e3f2d22
0x6e3f2d29
0x6e3f2d2c
0x6e3f2d2f
0x6e3f2d31
0x6e3f2d34
0x6e3f2d36
0x00000000
0x00000000
0x6e3f2d3c
0x6e3f2d3c
0x6e3f2d3f
0x6e3f2d42
0x6e3f2d45
0x6e3f2d51
0x6e3f2d54
0x6e3f2d57
0x6e3f2d5b
0x6e3f2d5e
0x6e3f2d60
0x6e3f2d66
0x6e3f2d66
0x00000000
0x6e3f2d66
0x6e3f2d62
0x6e3f2d64
0x00000000
0x00000000
0x00000000
0x6e3f2d6d
0x6e3f2d6d
0x6e3f2d71
0x6e3f2d74
0x6e3f2d76
0x6e3f2d76
0x6e3f2d76
0x6e3f2d79
0x6e3f2d7d
0x6e3f2d81
0x6e3f2d84
0x6e3f2d84
0x6e3f2d8a
0x6e3f2d8d
0x6e3f2d8e
0x6e3f2d8f
0x6e3f2d92
0x6e3f2d95
0x6e3f2d95
0x6e3f2d9b
0x6e3f2da1
0x6e3f2da4
0x6e3f2de1
0x6e3f2de1
0x6e3f2de7
0x6e3f2dea
0x6e3f2e2e
0x6e3f2e35
0x6e3f2e39
0x6e3f2e4c
0x6e3f2e4c
0x6e3f2e50
0x6e3f2e7d
0x6e3f2e7d
0x6e3f2e7d
0x6e3f2e52
0x6e3f2e52
0x6e3f2e56
0x6e3f2e5a
0x6e3f2e78
0x6e3f2e5c
0x6e3f2e5c
0x6e3f2e65
0x6e3f2e69
0x6e3f2e72
0x6e3f2e6b
0x6e3f2e6b
0x6e3f2e6f
0x6e3f2e6f
0x6e3f2e69
0x6e3f2e5a
0x6e3f2e80
0x6e3f2e85
0x6e3f2e88
0x6e3f2f41
0x6e3f2f48
0x6e3f2f4e
0x6e3f2f51
0x6e3f2e8e
0x6e3f2e92
0x6e3f2e96
0x6e3f2e9c
0x6e3f2ea6
0x6e3f2ea6
0x6e3f2eac
0x6e3f2eac
0x00000000
0x6e3f2e88
0x6e3f2e44
0x6e3f2e4a
0x00000000
0x00000000
0x00000000
0x6e3f2e4a
0x6e3f2df0
0x6e3f2df3
0x6e3f2df3
0x6e3f2df5
0x6e3f2df5
0x6e3f2df9
0x6e3f2dfb
0x6e3f2dfb
0x6e3f2dfb
0x6e3f2dfb
0x6e3f2e07
0x6e3f2e1b
0x6e3f2e1b
0x6e3f2e1c
0x6e3f2e1f
0x6e3f2e1f
0x6e3f2e24
0x6e3f2e27
0x6e3f2e29
0x6e3f2e29
0x6e3f2e29
0x6e3f2e29
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3f2da6
0x6e3f2da6
0x6e3f2da6
0x6e3f2dad
0x00000000
0x00000000
0x6e3f2daf
0x6e3f2db5
0x6e3f2dc1
0x6e3f2dce
0x6e3f2dd4
0x6e3f2dd7
0x6e3f2dda
0x00000000
0x00000000
0x00000000
0x6e3f2dda
0x6e3f2ddc
0x6e3f2ddf
0x00000000
0x00000000
0x00000000
0x6e3f2ddf
0x6e3f2d09
0x6e3f2d0a
0x6e3f2d11
0x00000000
0x00000000
0x6e3f2d13
0x6e3f2d16
0x00000000
0x00000000
0x6e3f2d18
0x6e3f2d1a
0x6e3f2cd0
0x6e3f2cd0
0x6e3f2cd3
0x6e3f2cd3
0x6e3f2cd6
0x00000000
0x6e3f2cd6
0x00000000
0x6e3f2d1a
0x6e3f2ce5
0x6e3f2ce6
0x6e3f2ced
0x00000000
0x00000000
0x6e3f2cef
0x6e3f2cf2
0x00000000
0x00000000
0x6e3f2cf4
0x6e3f2cf7
0x00000000
0x00000000
0x6e3f2cfb
0x00000000
0x6e3f2cfb
0x6e3f2cce
0x6e3f2cce
0x00000000
0x6e3f2cce
0x6e3f2eb1
0x6e3f2eb1
0x6e3f2eb1
0x00000000
0x6e3f2c33
0x6e3f2c16
0x6e3f2b2d
0x6e3f2b35
0x6e3f2b37
0x6e3f2b3d
0x6e3f2b3d
0x6e3f2b43
0x6e3f2b4c
0x6e3f2b4c
0x6e3f2b51
0x6e3f2b66
0x6e3f2b66
0x6e3f2b68
0x6e3f2b9a
0x6e3f2b9a
0x00000000
0x6e3f2b9a
0x6e3f2b6a
0x6e3f2b6c
0x00000000
0x6e3f2b6e
0x6e3f2b6e
0x6e3f2b73
0x6e3f2b76
0x6e3f2b78
0x6e3f2b79
0x6e3f2b81
0x6e3f2b83
0x6e3f2b85
0x6e3f2b87
0x6e3f2b88
0x6e3f2b89
0x6e3f2b8a
0x6e3f2b8b
0x6e3f2b8c
0x6e3f2b91
0x6e3f2b94
0x00000000
0x6e3f2b94
0x6e3f2b6c
0x6e3f2b53
0x6e3f2b59
0x00000000
0x00000000
0x6e3f2b5b
0x6e3f2b5d
0x00000000
0x6e3f2b5f
0x6e3f2b5f
0x00000000
0x6e3f2b5f
0x6e3f2b45
0x6e3f2b45
0x6e3f2b9f
0x6e3f2ba2
0x6e3f2ba4
0x6e3f2ba5
0x6e3f2bad
0x6e3f2baf
0x6e3f2bb1
0x6e3f2bb3
0x6e3f2bb4
0x6e3f2bb5
0x6e3f2bb6
0x6e3f2bb7
0x6e3f2bb8
0x6e3f2bbd
0x6e3f2bc0
0x6e3f2bc4
0x6e3f2bc4
0x00000000
0x6e3f2bc4
0x6e3f2b43
0x6e3f2b39
0x6e3f2b3b
0x00000000
0x00000000
0x00000000
0x6e3f2af8
0x6e3f2afe
0x6e3f2b0a
0x6e3f2b0d
0x6e3f2b11
0x6e3f2b15
0x6e3f2b19
0x6e3f2b1b
0x6e3f333e
0x6e3f334c
0x6e3f334c

APIs

_strcpy_s.LIBCMT ref: 6E3F2B79
__invoke_watson.LIBCMT ref: 6E3F2B8C
_strcpy_s.LIBCMT ref: 6E3F2BA5
__invoke_watson.LIBCMT ref: 6E3F2BB8

Strings

1#QNAN, xrefs: 6E3F2B9A
1#INF, xrefs: 6E3F2B6E
?, xrefs: 6E3F2ACE
1#SNAN, xrefs: 6E3F2B45
pa@n, xrefs: 6E3F2BFA
1#IND, xrefs: 6E3F2B5F
T, xrefs: 6E3F2C33

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __invoke_watson_strcpy_s
String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?$T$pa@n
API String ID: 3990783250-811091519
Opcode ID: 9f7ea86800b4a8c3d7086286fb16ce6fb3088e214d4d26f14742dae5e37a5a2f
Instruction ID: f4c3dbdc88ad2ddd21dc0b663acc5dbb0326d5f04be919cb2c6ac8e295afbecf
Opcode Fuzzy Hash: 9f7ea86800b4a8c3d7086286fb16ce6fb3088e214d4d26f14742dae5e37a5a2f
Instruction Fuzzy Hash: DD62CB32D1469ACFDF14CFE8C9542EEBBB1FF45300F14826AD812AB285D7758A46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D9A80 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 349
COMMONCrypto

Download Yara Rule

C-Code - Quality: 78%

			E6E3D9A80(void* __ecx, char _a4, void* _a8) {
				char _v4;
				char _v12;
				char _v16;
				char _v20;
				char _v40;
				void* __esi;
				signed int _t125;
				intOrPtr _t128;
				intOrPtr _t134;
				intOrPtr* _t136;
				intOrPtr* _t165;
				signed int** _t168;
				intOrPtr _t176;
				intOrPtr* _t179;
				intOrPtr* _t186;
				intOrPtr* _t208;
				void* _t214;
				void* _t216;
				intOrPtr* _t217;
				intOrPtr _t218;
				intOrPtr _t242;
				intOrPtr _t252;
				intOrPtr _t254;
				intOrPtr* _t276;
				signed int _t283;
				intOrPtr _t294;
				signed int _t296;
				intOrPtr _t300;
				signed int _t302;
				intOrPtr _t316;
				void* _t317;
				char _t318;
				intOrPtr* _t321;
				intOrPtr _t323;
				char _t324;
				void* _t325;
				void* _t326;
				intOrPtr* _t328;
				void* _t329;
				char _t331;
				char _t332;
				intOrPtr* _t334;
				void* _t336;
				signed int _t337;
				void* _t338;
				void* _t340;

				_t337 = _t336 - 8;
				_t125 =  *0x6e405204; // 0x2276585c
				 *[fs:0x0] =  &_v12;
				_t326 = __ecx;
				_t128 =  *0x6e406514; // 0x6e3fc5e4
				_t2 = _t128 + 0xc; // 0x6e3e24bc
				_t283 =  *_t2;
				_v20 =  *_t283(_t125 ^ _t337, _t317, _t325, _t329, _t214,  *[fs:0x0], E6E3FA0E8, 0xffffffff) + 0x10;
				_t318 = 0;
				_v4 = 0;
				E6E3D7980( &_v20, "---------------------------1qaz%u", GetTickCount());
				_t134 =  *((intOrPtr*)(_t326 + 0x128));
				_t338 = _t337 + 0xc;
				if(_t134 != 1) {
					if(_t134 != 2) {
						if(_t134 != 3) {
							L38:
							_t136 = _v20 + 0xfffffff0;
							_v4 = 0xffffffff;
							asm("lock xadd [ecx], edx");
							if((_t283 | 0xffffffff) - 1 <= 0) {
								_t136 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t136)) + 4))))(_t136);
							}
							 *[fs:0x0] = _v12;
							return _t136;
						}
						E6E3D6070(_a8, _t326, "Content-Type: application/octet-stream");
						_t283 = 0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3;
						if((_t283 >> 0x1f) + _t283 <= 0) {
							goto L38;
						}
						_t331 = _a4;
						_t216 = 0;
						do {
							_t289 = 0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3;
							if(_t318 >= (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3 >> 0x1f) + (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3)) {
								E6E3E3E0D();
							}
							E6E3D9270(_t326, _t289, _t331,  *((intOrPtr*)(_t326 + 0x588)) + _t216,  *((intOrPtr*)(_t326 + 0x558)));
							_t283 = 0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3;
							_t318 = _t318 + 1;
							_t216 = _t216 + 0x2c;
						} while (_t318 < (_t283 >> 0x1f) + _t283);
						goto L38;
					}
					E6E3D7980(_a8, "Content-Type: multipart/form-data; boundary=%s", _v20);
					_t332 = _a4;
					_t340 = _t338 + 0xc;
					_v16 = 0;
					if((0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3 >> 0x1f) + (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3) <= 0) {
						L28:
						_t294 =  *0x6e406514; // 0x6e3fc5e4
						_t86 = _t294 + 0xc; // 0x6e3e24bc
						_a8 =  *((intOrPtr*)( *_t86))() + 0x10;
						_v4 = 2;
						E6E3D7980( &_a8, "--%s--\r\n", _v20);
						_t328 = _a8;
						_t165 = _t328;
						_t338 = _t340 + 0xc;
						_t296 = _t165 + 1;
						do {
							_t242 =  *_t165;
							_t165 = _t165 + 1;
						} while (_t242 != 0);
						E6E3D8C60(_t332, _t328, _t165 - _t296);
						_t168 = _t328 - 0x10;
						_v12 = 0;
						asm("lock xadd [ecx], edx");
						_t283 = (_t296 | 0xffffffff) - 1;
						if(_t283 <= 0) {
							_t283 =  *( *_t168);
							 *((intOrPtr*)( *((intOrPtr*)(_t283 + 4))))(_t168);
						}
						goto L38;
					}
					_a4 = 0;
					do {
						if(_v16 >= (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3 >> 0x1f) + (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3)) {
							E6E3E3E0D();
						}
						_t300 =  *0x6e406514; // 0x6e3fc5e4
						_t56 = _t300 + 0xc; // 0x6e3e24bc
						_t321 =  *((intOrPtr*)(_t326 + 0x588)) + _a4;
						_a8 =  *((intOrPtr*)( *_t56))() + 0x10;
						_t252 =  *((intOrPtr*)(_t321 + 0x20));
						_t176 =  *_t321;
						_v4 = 1;
						if( *((intOrPtr*)(_t252 - 0xc)) == 0) {
							_push(_t176);
							E6E3D7980( &_a8, "--%s\r\nContent-Disposition: form-data; name=\"%s\"\r\n", _v20);
							_t340 = _t340 + 0x10;
						} else {
							_push(_t252);
							_push(_t176);
							E6E3D7980( &_a8, "--%s\r\nContent-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\n", _v20);
							_t340 = _t340 + 0x14;
						}
						_t178 =  *((intOrPtr*)(_t321 + 0x24));
						if( *((intOrPtr*)( *((intOrPtr*)(_t321 + 0x24)) - 0xc)) != 0) {
							E6E3D90B0( &_a8, "Content-Type: %s\r\n", _t178);
							_t340 = _t340 + 0xc;
						}
						_t217 = _a8;
						_t179 = _t217;
						_t302 = _t179 + 1;
						do {
							_t254 =  *_t179;
							_t179 = _t179 + 1;
						} while (_t254 != 0);
						E6E3D8C60(_t332, _t217, _t179 - _t302);
						E6E3D8C60(_t332, 0x6e3fb8c4, 2);
						E6E3D9270(_t326, _t302, _t332, _t321,  *((intOrPtr*)(_t326 + 0x558)));
						E6E3D8C60(_t332, 0x6e3fb8c4, 2);
						_t186 = _t217 - 0x10;
						_v40 = 0;
						asm("lock xadd [ecx], edx");
						if((_t302 | 0xffffffff) - 1 <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t186)) + 4))))(_t186);
						}
						_a4 = _a4 + 0x2c;
						_t323 = _v16 + 1;
						_v16 = _t323;
					} while (_t323 < (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3 >> 0x1f) + (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3));
					goto L28;
				}
				E6E3D5720(_a8, "Content-Type: application/x-www-form-urlencoded", 0x2f);
				_t283 = 0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3;
				_t218 = 0;
				if((_t283 >> 0x1f) + _t283 <= 0) {
					goto L38;
				}
				_t324 = _a4;
				_a8 = 0;
				do {
					if(_t218 >= (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3 >> 0x1f) + (0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3)) {
						E6E3E3E0D();
					}
					_t334 =  *((intOrPtr*)(_t326 + 0x588)) + _a8;
					if( *((intOrPtr*)(_t324 + 0x14)) != 0) {
						E6E3D8C60(_t324, "&", 1);
					}
					_t276 =  *_t334;
					if( *((intOrPtr*)(_t276 - 0xc)) != 0) {
						_t208 = _t276;
						_a4 = _t208 + 1;
						do {
							_t316 =  *_t208;
							_t208 = _t208 + 1;
						} while (_t316 != 0);
						E6E3D8C60(_t324, _t276, _t208 - _a4);
						E6E3D8C60(_t324, "=", 1);
					}
					_push(0xffffffff);
					_push(0);
					_push( &_a4);
					E6E3D8A20(_t324);
					_v4 = _v4 + 0x2c;
					_t283 = 0x2e8ba2e9 * ( *((intOrPtr*)(_t326 + 0x58c)) -  *((intOrPtr*)(_t326 + 0x588))) >> 0x20 >> 3;
					_t218 = _t218 + 1;
				} while (_t218 < (_t283 >> 0x1f) + _t283);
				goto L38;
			}

0x6e3d9a8e
0x6e3d9a95
0x6e3d9aa1
0x6e3d9aa7
0x6e3d9aa9
0x6e3d9aae
0x6e3d9aae
0x6e3d9abb
0x6e3d9abf
0x6e3d9ac1
0x6e3d9ad6
0x6e3d9adb
0x6e3d9ae1
0x6e3d9ae7
0x6e3d9be6
0x6e3d9dff
0x6e3d9ea3
0x6e3d9ea7
0x6e3d9eaa
0x6e3d9eb8
0x6e3d9ebf
0x6e3d9ec9
0x6e3d9ec9
0x6e3d9ecf
0x6e3d9ede
0x6e3d9ede
0x6e3d9e0e
0x6e3d9e26
0x6e3d9e32
0x00000000
0x00000000
0x6e3d9e34
0x6e3d9e38
0x6e3d9e40
0x6e3d9e53
0x6e3d9e5f
0x6e3d9e61
0x6e3d9e61
0x6e3d9e79
0x6e3d9e91
0x6e3d9e99
0x6e3d9e9c
0x6e3d9e9f
0x00000000
0x6e3d9e40
0x6e3d9bfb
0x6e3d9c0c
0x6e3d9c21
0x6e3d9c24
0x6e3d9c2a
0x6e3d9d82
0x6e3d9d82
0x6e3d9d88
0x6e3d9d95
0x6e3d9da8
0x6e3d9dad
0x6e3d9db2
0x6e3d9db6
0x6e3d9db8
0x6e3d9dbb
0x6e3d9dc0
0x6e3d9dc0
0x6e3d9dc2
0x6e3d9dc3
0x6e3d9dcd
0x6e3d9dd2
0x6e3d9dd5
0x6e3d9de0
0x6e3d9de4
0x6e3d9de7
0x6e3d9def
0x6e3d9df5
0x6e3d9df5
0x00000000
0x6e3d9de7
0x6e3d9c30
0x6e3d9c34
0x6e3d9c55
0x6e3d9c57
0x6e3d9c57
0x6e3d9c5c
0x6e3d9c68
0x6e3d9c6b
0x6e3d9c79
0x6e3d9c7d
0x6e3d9c84
0x6e3d9c86
0x6e3d9c8b
0x6e3d9cae
0x6e3d9cba
0x6e3d9cbf
0x6e3d9c8d
0x6e3d9c93
0x6e3d9c94
0x6e3d9ca0
0x6e3d9ca5
0x6e3d9ca5
0x6e3d9cc2
0x6e3d9cc9
0x6e3d9cd8
0x6e3d9cdd
0x6e3d9cdd
0x6e3d9ce0
0x6e3d9ce4
0x6e3d9ce6
0x6e3d9cf0
0x6e3d9cf0
0x6e3d9cf2
0x6e3d9cf3
0x6e3d9cfd
0x6e3d9d0b
0x6e3d9d1b
0x6e3d9d29
0x6e3d9d2e
0x6e3d9d31
0x6e3d9d3c
0x6e3d9d43
0x6e3d9d4d
0x6e3d9d4d
0x6e3d9d5f
0x6e3d9d73
0x6e3d9d78
0x6e3d9d78
0x00000000
0x6e3d9c34
0x6e3d9af8
0x6e3d9b10
0x6e3d9b1a
0x6e3d9b1e
0x00000000
0x00000000
0x6e3d9b24
0x6e3d9b28
0x6e3d9b2c
0x6e3d9b4b
0x6e3d9b4d
0x6e3d9b4d
0x6e3d9b58
0x6e3d9b60
0x6e3d9b6b
0x6e3d9b6b
0x6e3d9b70
0x6e3d9b77
0x6e3d9b79
0x6e3d9b7e
0x6e3d9b82
0x6e3d9b82
0x6e3d9b84
0x6e3d9b85
0x6e3d9b91
0x6e3d9b9f
0x6e3d9b9f
0x6e3d9ba4
0x6e3d9ba6
0x6e3d9bab
0x6e3d9bae
0x6e3d9bbf
0x6e3d9bcb
0x6e3d9bd3
0x6e3d9bd6
0x00000000

APIs

GetTickCount.KERNEL32 ref: 6E3D9AC5

Strings

--%sContent-Disposition: form-data; name="%s", xrefs: 6E3D9CB4
Content-Type: application/x-www-form-urlencoded, xrefs: 6E3D9AF3
--%s--, xrefs: 6E3D9DA2
--%sContent-Disposition: form-data; name="%s"; filename="%s", xrefs: 6E3D9C9A
,, xrefs: 6E3D9BBF
Content-Type: multipart/form-data; boundary=%s, xrefs: 6E3D9BF5
---------------------------1qaz%u, xrefs: 6E3D9AD0
Content-Type: application/octet-stream, xrefs: 6E3D9E09
Content-Type: %s, xrefs: 6E3D9CD2
,, xrefs: 6E3D9D5F

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CountTick
String ID: ,$,$--%sContent-Disposition: form-data; name="%s"$--%sContent-Disposition: form-data; name="%s"; filename="%s"$--%s--$---------------------------1qaz%u$Content-Type: %s$Content-Type: application/octet-stream$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=%s
API String ID: 536389180-2614317499
Opcode ID: 5e7b3d7f4cf54046082af8ead442e92e47e77f0d4796075d9e8b7054e06d56e1
Instruction ID: b0bb2538a4f5c6fe8575435ea46072208b639f7256617d6abab060db1404e29a
Opcode Fuzzy Hash: 5e7b3d7f4cf54046082af8ead442e92e47e77f0d4796075d9e8b7054e06d56e1
Instruction Fuzzy Hash: E5C185722046019FC348DF68CC90B6BB7EAEBC4314F448A2DF8969F395DB71A949CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E53030F Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E553C00), ref: 6E530379
WideCharToMultiByte.KERNEL32(00000000,00000000,6E569974,000000FF,00000000,0000003F,00000000,?,?), ref: 6E5303F1
WideCharToMultiByte.KERNEL32(00000000,00000000,6E5699C8,000000FF,?,0000003F,00000000,?), ref: 6E53041E
_free.LIBCMT ref: 6E530367

Part of subcall function 6E52DFD6: HeapFree.KERNEL32(00000000,00000000,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?), ref: 6E52DFEC
Part of subcall function 6E52DFD6: GetLastError.KERNEL32(?,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?,?), ref: 6E52DFFE

_free.LIBCMT ref: 6E530533

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: b5a7cd139348d5575679f32d27d95f46acd7cbb5f5619b043cf4f2344ada4ed1
Instruction ID: f1a2225fad0ba2d4f62c93e81415b081d9e9286d8a2b99a0725fa2cc78759658
Opcode Fuzzy Hash: b5a7cd139348d5575679f32d27d95f46acd7cbb5f5619b043cf4f2344ada4ed1
Instruction Fuzzy Hash: 6651C471904329EFDB40DFE9CC809BAB7FCAF85354B61466AD514A7290FB709E41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E2840 Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6E3E2840(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x6e405204; // 0x2276585c
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x6e406808 = _t6;
				 *0x6e406804 = _t22;
				 *0x6e406800 = _t25;
				 *0x6e4067fc = _t21;
				 *0x6e4067f8 = _t27;
				 *0x6e4067f4 = _t26;
				 *0x6e406820 = ss;
				 *0x6e406814 = cs;
				 *0x6e4067f0 = ds;
				 *0x6e4067ec = es;
				 *0x6e4067e8 = fs;
				 *0x6e4067e4 = gs;
				asm("pushfd");
				_pop( *0x6e406818);
				 *0x6e40680c =  *_t31;
				 *0x6e406810 = _v0;
				 *0x6e40681c =  &_a4;
				 *0x6e406758 = 0x10001;
				_t11 =  *0x6e406810; // 0x0
				 *0x6e40670c = _t11;
				 *0x6e406700 = 0xc0000409;
				 *0x6e406704 = 1;
				_t12 =  *0x6e405204; // 0x2276585c
				_v812 = _t12;
				_t13 =  *0x6e405208; // 0xdd89a7a3
				_v808 = _t13;
				 *0x6e406750 = IsDebuggerPresent();
				_push(1);
				E6E3EA8BE(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x6e3fc674);
				if( *0x6e406750 == 0) {
					_push(1);
					E6E3EA8BE(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x6e3e2840
0x6e3e2840
0x6e3e2840
0x6e3e2840
0x6e3e2840
0x6e3e2840
0x6e3e2840
0x6e3e2846
0x6e3e2848
0x6e3e2848
0x6e3e64c5
0x6e3e64ca
0x6e3e64d0
0x6e3e64d6
0x6e3e64dc
0x6e3e64e2
0x6e3e64e8
0x6e3e64ef
0x6e3e64f6
0x6e3e64fd
0x6e3e6504
0x6e3e650b
0x6e3e6512
0x6e3e6513
0x6e3e651c
0x6e3e6524
0x6e3e652c
0x6e3e6537
0x6e3e6541
0x6e3e6546
0x6e3e654b
0x6e3e6555
0x6e3e655f
0x6e3e6564
0x6e3e656a
0x6e3e656f
0x6e3e657b
0x6e3e6580
0x6e3e6582
0x6e3e658a
0x6e3e6595
0x6e3e65a2
0x6e3e65a4
0x6e3e65a6
0x6e3e65ab
0x6e3e65bf

APIs

IsDebuggerPresent.KERNEL32 ref: 6E3E6575
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E3E658A
UnhandledExceptionFilter.KERNEL32(6E3FC674), ref: 6E3E6595
GetCurrentProcess.KERNEL32(C0000409), ref: 6E3E65B1
TerminateProcess.KERNEL32(00000000), ref: 6E3E65B8

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: d4791ca542d7b19ebcf22d3783bbf394c55c549da7283ec3f8a60a9cdd752a59
Instruction ID: e7141d33305e39a8eb2c80807805ef721cf81c36bae5904b1b85d64fc812855c
Opcode Fuzzy Hash: d4791ca542d7b19ebcf22d3783bbf394c55c549da7283ec3f8a60a9cdd752a59
Instruction Fuzzy Hash: F621DEB5822A04DFDF02FFA4E248A443BE8FB0A300B1095BEE51B8BA45D7B595C1CF55

Uniqueness

Uniqueness Score: -1.00%

Function 6E536F27 Relevance: 6.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 6E52CBF1: GetLastError.KERNEL32(?,000000FF,6E51A631,000000FF,00000007,?,6E51AD1B,000000FF,00000007,000000FF,?), ref: 6E52CBF5
Part of subcall function 6E52CBF1: _free.LIBCMT ref: 6E52CC28
Part of subcall function 6E52CBF1: SetLastError.KERNEL32(00000000,00000007,000000FF,?), ref: 6E52CC69
Part of subcall function 6E52CBF1: _abort.LIBCMT ref: 6E52CC6F

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E52D4A4,?,?,?,?,6E52CF5D,?,00000004), ref: 6E537009
_wcschr.LIBVCRUNTIME ref: 6E537099
_wcschr.LIBVCRUNTIME ref: 6E5370A7
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,6E52D4A4,00000000,6E52D5C4), ref: 6E53714A

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID:
API String ID: 4212172061-0
Opcode ID: 92cc3ab42044e98e76e6909aee95c3f84d50def83cd429ffcaa0f0c6e80e2bd8
Instruction ID: cfa7831182d0b6f5cc135ceb364ba365b53943be515bf6a3a4048adc04fccb85
Opcode Fuzzy Hash: 92cc3ab42044e98e76e6909aee95c3f84d50def83cd429ffcaa0f0c6e80e2bd8
Instruction Fuzzy Hash: AF61E272A10726AAE715DBB4CC51BB773ECEF45354F20482AEA15DB5C0FB70E9408BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E51A05F Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,6E545AFC), ref: 6E51A157
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,6E545AFC), ref: 6E51A161
UnhandledExceptionFilter.KERNEL32(-000002BC,?,?,?,?,?,6E545AFC), ref: 6E51A16E

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: d5bda0f5ef59ab24b33fd459752950618f9f2b9a9149ae52ff64a6049b8d1bcd
Instruction ID: 9de885b0cdcdc86d197c3d3a32de0e7ad01a788de8dbb32a10da59ce23ec499f
Opcode Fuzzy Hash: d5bda0f5ef59ab24b33fd459752950618f9f2b9a9149ae52ff64a6049b8d1bcd
Instruction Fuzzy Hash: 0731F470945228ABCB61DF68D8887DCBBF8BF08314F1045EAE80CA7251EB709F858F44

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D4D40 Relevance: 4.5, APIs: 3, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E6E3D4D40(struct HINSTANCE__* _a4, struct HRSRC__* _a8, signed int _a12) {
				void* _t7;
				void* _t11;
				struct HINSTANCE__* _t15;
				signed int _t17;
				struct HRSRC__* _t19;
				signed int _t21;

				_t15 = _a4;
				_t19 = _a8;
				_t7 = LoadResource(_t15, _t19);
				if(_t7 != 0) {
					_t21 = LockResource(_t7);
					if(_t21 == 0) {
						L8:
						return 0;
					} else {
						_t11 = SizeofResource(_t15, _t19) + _t21;
						_t17 = _a12 & 0x0000000f;
						if(_t17 <= 0) {
							L7:
							if(_t21 < _t11) {
								asm("sbb eax, eax");
								return  ~( *_t21 & 0x0000ffff) & _t21;
							} else {
								goto L8;
							}
						} else {
							while(_t21 < _t11) {
								_t17 = _t17 - 1;
								_t21 = _t21 + 2 + ( *_t21 & 0x0000ffff) * 2;
								if(_t17 != 0) {
									continue;
								} else {
									goto L7;
								}
								goto L10;
							}
							goto L8;
						}
					}
				} else {
					return _t7;
				}
				L10:
			}

0x6e3d4d41
0x6e3d4d46
0x6e3d4d4c
0x6e3d4d54
0x6e3d4d61
0x6e3d4d65
0x6e3d4d94
0x6e3d4d99
0x6e3d4d67
0x6e3d4d73
0x6e3d4d75
0x6e3d4d78
0x6e3d4d90
0x6e3d4d92
0x6e3d4d9f
0x6e3d4da6
0x00000000
0x00000000
0x00000000
0x6e3d4d80
0x6e3d4d80
0x6e3d4d84
0x6e3d4d8a
0x6e3d4d8e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3d4d8e
0x00000000
0x6e3d4d80
0x6e3d4d78
0x6e3d4d58
0x6e3d4d58
0x6e3d4d58
0x00000000

APIs

LoadResource.KERNEL32(?,?,00000000,?,6E3D4DF8,00000000,00000000,?,?,00000000,00000000,?,?,?,?,6E3D7A80), ref: 6E3D4D4C
LockResource.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,6E3D7A80,?,00000000), ref: 6E3D4D5B
SizeofResource.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,6E3D7A80,?,00000000), ref: 6E3D4D69

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Resource$LoadLockSizeof
String ID:
API String ID: 2853612939-0
Opcode ID: 3e2577cebb6180b5946bc23086267afc7c8ca51078b3796c48eef327734bbd69
Instruction ID: 431bc6dd32094e6ceee9ec8dcb41b9018f7bb0bb1fc13d2a2c0524a1e115c387
Opcode Fuzzy Hash: 3e2577cebb6180b5946bc23086267afc7c8ca51078b3796c48eef327734bbd69
Instruction Fuzzy Hash: C5F0F9B331462247C7209FB5EC44A96B7F8FBC07A2B040479F556D6106D321D449D270

Uniqueness

Uniqueness Score: -1.00%

Function 6E514230 Relevance: 3.8, Strings: 3, Instructions: 100COMMON

Download Yara Rule

Strings

GenuineIntel, xrefs: 6E5142E7
%s:%08x, xrefs: 6E51431B
GenuineIotel, xrefs: 6E5142B0

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID: %s:%08x$GenuineIntel$GenuineIotel
API String ID: 0-2468691418
Opcode ID: 25ba94950a80535d01794ddc3e6d835800144476de5298dd7b30674f9f757da3
Instruction ID: 3f1238ebfd25fdae0bcdc8019017a5896656f4582bda600f27b569e0b9343015
Opcode Fuzzy Hash: 25ba94950a80535d01794ddc3e6d835800144476de5298dd7b30674f9f757da3
Instruction Fuzzy Hash: 9831E471D182499FDB01CFA9C840BEEBBF5FF85218F10826ED825E7241E7329945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E534898 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

., xrefs: 6E534A2B

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: d360608ea2dea54bd92d29465154e010e118f51dc1375b2905b0b3c96f83dccf
Instruction ID: 3d4ce588568a4f9740fc0847c4396404863c9df8caf83e34994f79ef613f6759
Opcode Fuzzy Hash: d360608ea2dea54bd92d29465154e010e118f51dc1375b2905b0b3c96f83dccf
Instruction Fuzzy Hash: E83107729001596FCB548EB8CC84EFBBBFEDB85304F2045A8E518D7251F6319D468B50

Uniqueness

Uniqueness Score: -1.00%

Function 6E530AC6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,6E52CF5D,?,00000004), ref: 6E530B19

Strings

GetLocaleInfoEx, xrefs: 6E530AD7, 6E530AE1

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 10b6651e7fc6ed0bd69a1947677912093f69403248c5d974f131542a30da720b
Instruction ID: f815f7d0cdd73b051493e35cee21425a9ca57f4be605948383d071033cd92480
Opcode Fuzzy Hash: 10b6651e7fc6ed0bd69a1947677912093f69403248c5d974f131542a30da720b
Instruction Fuzzy Hash: 00F0F03164022CBBCF019FE4CC04FAE3BE9EF84714F11080ABA162A311EF718D31AA91

Uniqueness

Uniqueness Score: -1.00%

Function 6E522880 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec8d6d65f708dbdd02fb85aaa9284b1d5344a48de861d27194e79f2c02c3ddf5
Instruction ID: ce86f171ece9d71cd9cec7b386f8a9d4cedd939cbf85d1570a93e24c317e03c5
Opcode Fuzzy Hash: ec8d6d65f708dbdd02fb85aaa9284b1d5344a48de861d27194e79f2c02c3ddf5
Instruction Fuzzy Hash: 60027E79E142199FDF14CFA9C8906ADB7F5FF88314F148269D919E7384D731AA41CB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E3F9420 Relevance: 2.9, Strings: 2, Instructions: 382
COMMONCrypto

Download Yara Rule

C-Code - Quality: 81%

			E6E3F9420(intOrPtr __edi, void* __ebp, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int* _a20, signed short* _a24) {
				signed int _v4;
				short _v34;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v96;
				signed int _v100;
				signed int _v104;
				intOrPtr _v108;
				signed int _v112;
				signed int* _v116;
				signed int _v120;
				signed int _v124;
				signed short* _v128;
				signed int _v132;
				signed int _v136;
				signed short _v138;
				signed int _v139;
				void* _v140;
				void* __ebx;
				void* __esi;
				signed int _t213;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				void* _t225;
				signed int _t226;
				signed int _t228;
				signed short* _t229;
				signed int _t232;
				signed short _t235;
				signed int _t236;
				signed int _t238;
				signed int _t243;
				signed int _t249;
				signed int _t256;
				signed int _t259;
				void* _t262;
				intOrPtr _t268;
				signed int _t271;
				signed int _t274;
				short _t278;
				intOrPtr* _t287;
				signed char _t291;
				signed int _t303;
				signed int _t305;
				signed short* _t311;
				signed int* _t318;
				signed int _t325;
				signed int _t327;
				signed int _t334;
				intOrPtr _t336;
				intOrPtr _t338;
				signed int _t339;
				signed int _t342;
				intOrPtr _t343;
				signed int* _t345;
				intOrPtr* _t346;
				signed int _t347;
				signed short* _t348;
				intOrPtr* _t350;
				signed short* _t351;
				signed int _t353;
				signed int _t354;
				signed int _t355;

				_t336 = __edi;
				_t355 =  &_v140;
				_t213 =  *0x6e405204; // 0x2276585c
				_v4 = _t213 ^ _t355;
				_t318 = _a20;
				_v128 = _a24;
				_t271 = _a8;
				_t353 = _a12;
				_t346 = _a16;
				_v68 = 0xbadbad;
				_v64 = 0 << 0x10;
				_v60 = 0 << 0x10;
				_v56 = 0 << 0x10;
				_v52 = 0 << 0x10;
				_v48 = 0 << 0x10;
				_v44 = 0 << 0x10;
				_v40 = 0 << 0x10;
				_t219 = 0;
				_v84 = _t271;
				_v116 = _t346;
				_v80 = _t318;
				if(_t353 > 0) {
					do {
						 *((short*)(_t355 + 0x54 + ( *(_t271 + _t219 * 2) & 0x0000ffff) * 2)) =  *((short*)(_t355 + 0x54 + ( *(_t271 + _t219 * 2) & 0x0000ffff) * 2)) + 1;
						_t219 = _t219 + 1;
					} while (_t219 < _t353);
				}
				_t220 =  *_t318;
				_v136 = _t220;
				_t274 = 0xf;
				while( *((short*)(_t355 + 0x54 + _t274 * 2)) == 0) {
					_t274 = _t274 - 1;
					if(_t274 >= 1) {
						continue;
					}
					break;
				}
				_v124 = _t274;
				if(_t220 > _t274) {
					_v136 = _t274;
					_t220 = _t274;
				}
				if(_t274 != 0) {
					_t347 = 1;
					while(1) {
						__eflags =  *((short*)(_t355 + 0x54 + _t347 * 2));
						if( *((short*)(_t355 + 0x54 + _t347 * 2)) != 0) {
							break;
						}
						__eflags =  *((short*)(_t355 + 0x56 + _t347 * 2));
						if( *((short*)(_t355 + 0x56 + _t347 * 2)) != 0) {
							_t347 = _t347 + 1;
						} else {
							__eflags =  *((short*)(_t355 + 0x58 + _t347 * 2));
							if( *((short*)(_t355 + 0x58 + _t347 * 2)) != 0) {
								_t347 = _t347 + 2;
							} else {
								__eflags =  *((short*)(_t355 + 0x5a + _t347 * 2));
								if( *((short*)(_t355 + 0x5a + _t347 * 2)) != 0) {
									_t347 = _t347 + 3;
								} else {
									__eflags =  *((short*)(_t355 + 0x5c + _t347 * 2));
									if( *((short*)(_t355 + 0x5c + _t347 * 2)) != 0) {
										_t347 = _t347 + 4;
										__eflags = _t347;
									} else {
										_t347 = _t347 + 5;
										__eflags = _t347 - 0xf;
										if(_t347 <= 0xf) {
											continue;
										} else {
										}
									}
								}
							}
						}
						break;
					}
					__eflags = _t220 - _t347;
					if(_t220 < _t347) {
						_v136 = _t347;
					}
					_t319 = 1;
					_t221 = 1;
					_push(_t336);
					while(1) {
						_t319 = _t319 + _t319 - ( *(_t355 + 0x58 + _t221 * 2) & 0x0000ffff);
						__eflags = _t319;
						if(_t319 < 0) {
							break;
						}
						_t221 = _t221 + 1;
						__eflags = _t221 - 0xf;
						if(_t221 <= 0xf) {
							continue;
						} else {
							_t339 = _a4;
							__eflags = _t319;
							if(_t319 <= 0) {
								L31:
								__eflags = 0;
								_v34 = 0;
								_t225 = 2;
								do {
									_t278 =  *((intOrPtr*)(_t355 + _t225 + 0x78)) +  *((intOrPtr*)(_t355 + _t225 + 0x58));
									_t225 = _t225 + 2;
									 *((short*)(_t355 + _t225 + 0x78)) = _t278;
									__eflags = _t225 - 0x1e;
								} while (_t225 < 0x1e);
								_t226 = 0;
								__eflags = _t353;
								if(_t353 > 0) {
									_t311 = _v128;
									do {
										__eflags =  *(_t271 + _t226 * 2);
										if( *(_t271 + _t226 * 2) != 0) {
											 *(_t311 + ( *(_t355 + 0x78 + ( *(_t271 + _t226 * 2) & 0x0000ffff) * 2) & 0x0000ffff) * 2) = _t226;
											_t334 =  *(_t271 + _t226 * 2) & 0x0000ffff;
											_t80 = _t355 + 0x78 + _t334 * 2;
											 *_t80 =  *(_t355 + 0x78 + _t334 * 2) + 1;
											__eflags =  *_t80;
										}
										_t226 = _t226 + 1;
										__eflags = _t226 - _t353;
									} while (_t226 < _t353);
								}
								_t228 = _t339;
								__eflags = _t228;
								if(_t228 == 0) {
									_t229 = _v128;
									_v96 = _t229;
									_v100 = 0x13;
									goto L43;
								} else {
									__eflags = _t228 == 1;
									if(_t228 == 1) {
										_v96 = 0x6e40145e;
										_t229 = 0x6e40149e;
										_v100 = 0x100;
										L43:
										_v108 = _t229;
									} else {
										_v96 = 0x6e4016e0;
										_v108 = 0x6e401720;
										_v100 = 0xffffffff;
									}
								}
								_t319 =  *_v116;
								_v104 = 0xffffffff;
								_t232 = 1 << _v136;
								_t354 = 0;
								_t271 = 0;
								_v132 = _t347;
								_t102 = _t232 - 1; // 0x0
								_v120 =  *_v116;
								_v92 = 1;
								_v112 = 1;
								_v88 = _t102;
								__eflags = _t339 - 1;
								if(_t339 != 1) {
									L46:
									while(1) {
										L47:
										_t348 = _v128;
										_v139 = _v132 - _t271;
										_t235 =  *_t348 & 0x0000ffff;
										__eflags = (_t235 & 0x0000ffff) - _v100;
										if(__eflags >= 0) {
											goto L49;
										}
										L48:
										_v140 = 0;
										L52:
										_v138 = _t235;
										L53:
										_t236 = _v92;
										_v76 = _t236;
										_t347 = 4;
										_t342 = (_t354 >> _t271) + _t236;
										__eflags = _t342;
										_t287 = _v120 + _t342 * 4;
										_t343 = _v140;
										do {
											_t236 = _t236 - 1;
											_t287 = _t287 - 4;
											 *_t287 = _t343;
											__eflags = _t236;
										} while (_t236 != 0);
										_t325 = _v132;
										_t238 = 1 << _t325 - 1;
										__eflags = _t354 & 0x00000001;
										if((_t354 & 0x00000001) != 0) {
											do {
												_t238 = _t238 >> 1;
												__eflags = _t354 & _t238;
											} while ((_t354 & _t238) != 0);
										}
										__eflags = _t238;
										if(_t238 == 0) {
											_t354 = 0;
											__eflags = 0;
										} else {
											_t136 = _t238 - 1; // 0x0
											_t354 = (_t136 & _t354) + _t238;
										}
										_v128 =  &(_v128[1]);
										 *(_t355 + 0x58 + _t325 * 2) =  *(_t355 + 0x58 + _t325 * 2) + 0xffff;
										__eflags =  *(_t355 + 0x58 + _t325 * 2) & 0x0000ffff;
										if(( *(_t355 + 0x58 + _t325 * 2) & 0x0000ffff) != 0) {
											L64:
											__eflags = _t325 - _v136;
											if(_t325 <= _v136) {
												L47:
												_t348 = _v128;
												_v139 = _v132 - _t271;
												_t235 =  *_t348 & 0x0000ffff;
												__eflags = (_t235 & 0x0000ffff) - _v100;
												if(__eflags >= 0) {
													goto L49;
												}
												goto L53;
											} else {
												L65:
												_t347 = _v88 & _t354;
												_v72 = _t347;
												__eflags = _t347 - _v104;
												if(_t347 == _v104) {
													continue;
												} else {
													L66:
													__eflags = _t271;
													if(_t271 == 0) {
														_t271 = _v136;
													}
													_v120 = _v120 + _v76 * 4;
													_t291 = _v132 - _t271;
													_t319 = _t271 + _t291;
													_t243 = 1 << _t291;
													__eflags = _t319 - _v124;
													if(_t319 < _v124) {
														_t351 = _t355 + 0x58 + _t319 * 2;
														while(1) {
															_t249 = _t243 - ( *_t351 & 0x0000ffff);
															__eflags = _t249;
															if(_t249 <= 0) {
																break;
															}
															_t319 = _t319 + 1;
															_t291 = _t291 + 1;
															_t351 =  &(_t351[1]);
															_t243 = _t249 + _t249;
															__eflags = _t319 - _v124;
															if(_t319 < _v124) {
																continue;
															}
															break;
														}
														_t347 = _v72;
													}
													_v112 = _v112 + 1;
													__eflags = _a4 - 1;
													_v92 = 1 << _t291;
													if(_a4 != 1) {
														L75:
														_t327 = _t347;
														_t350 = _v116;
														 *( *_t350 + _t327 * 4) = _t291;
														 *((char*)( *_t350 + 1 + _t327 * 4)) = _v136;
														_v104 = _t327;
														 *((short*)( *_t350 + 2 + _t327 * 4)) = _v120 -  *_t350 >> 2;
														continue;
														do {
															do {
																goto L47;
															} while (_t325 <= _v136);
															goto L65;
														} while (_t347 == _v104);
														goto L66;
													} else {
														__eflags = _v112 - 0x5b0;
														if(_v112 >= 0x5b0) {
															goto L87;
														} else {
															goto L75;
														}
													}
												}
											}
										} else {
											__eflags = _t325 - _v124;
											if(_t325 == _v124) {
												_t345 = _v116;
												_v140 = 0x40;
												_v139 = _t325 - _t271;
												_v138 = 0;
												__eflags = _t354;
												if(_t354 != 0) {
													_t347 = _v120;
													do {
														__eflags = _t271;
														if(_t271 != 0) {
															__eflags = (_v88 & _t354) - _v104;
															if((_v88 & _t354) != _v104) {
																_t259 = _v136;
																_t347 =  *_t345;
																_t271 = 0;
																__eflags = 0;
																_v132 = _t259;
																_v139 = _t259;
																_t325 = _t259;
															}
														}
														 *((intOrPtr*)(_t347 + (_t354 >> _t271) * 4)) = _v140;
														_t256 = 1 << _t325 - 1;
														__eflags = _t354 & 0x00000001;
														if((_t354 & 0x00000001) != 0) {
															do {
																_t256 = _t256 >> 1;
																__eflags = _t354 & _t256;
															} while ((_t354 & _t256) != 0);
														}
														__eflags = _t256;
														if(_t256 != 0) {
															goto L85;
														}
														goto L86;
														L85:
														_t207 = _t256 - 1; // 0x0
														_t303 = (_t207 & _t354) + _t256;
														__eflags = _t303;
														_t354 = _t303;
													} while (_t303 != 0);
												}
												L86:
												 *_t345 =  *_t345 + _v112 * 4;
												_t319 = _v136;
												 *_v80 = _v136;
												_t222 = 0;
											} else {
												_t305 =  *(_v84 + ( *_v128 & 0x0000ffff) * 2) & 0x0000ffff;
												_v132 = _t305;
												_t325 = _t305;
												goto L64;
											}
										}
										goto L88;
										L49:
										if(__eflags <= 0) {
											_v140 = 0x60;
											_t235 = 0;
											__eflags = 0;
											goto L52;
										} else {
											_t262 = ( *_t348 & 0x0000ffff) + ( *_t348 & 0x0000ffff);
											_v140 =  *((intOrPtr*)(_t262 + _v108));
											_v138 =  *((intOrPtr*)(_t262 + _v96));
										}
										goto L53;
									}
								} else {
									__eflags = _t232 - 0x5b0;
									if(_t232 >= 0x5b0) {
										L87:
										_t222 = 1;
									} else {
										goto L46;
									}
								}
							} else {
								__eflags = _t339;
								if(_t339 == 0) {
									break;
								} else {
									__eflags = _t274 - 1;
									if(_t274 == 1) {
										goto L31;
									} else {
										break;
									}
								}
							}
						}
						L88:
						_pop(_t338);
						__eflags = _v4 ^ _t355;
						return E6E3E2840(_t222, _t271, _v4 ^ _t355, _t319, _t338, _t347);
						goto L89;
					}
					_t222 = _t221 | 0xffffffff;
					goto L88;
				} else {
					_v138 = 0;
					_v140 = 0x40;
					_v139 = 1;
					_t268 = _v140;
					 *((intOrPtr*)( *_t346)) = _t268;
					 *_t346 =  *_t346 + 4;
					 *((intOrPtr*)( *_t346)) = _t268;
					 *_t346 =  *_t346 + 4;
					 *_t318 = 1;
					return E6E3E2840(0, _t271, _v4 ^ _t355, _t318, _t336, _t346);
				}
				L89:
			}

0x6e3f9420
0x6e3f9420
0x6e3f9426
0x6e3f942d
0x6e3f943b
0x6e3f9442
0x6e3f944c
0x6e3f945b
0x6e3f9463
0x6e3f946a
0x6e3f946e
0x6e3f9472
0x6e3f9476
0x6e3f947a
0x6e3f947e
0x6e3f9482
0x6e3f9486
0x6e3f948a
0x6e3f948c
0x6e3f9490
0x6e3f9494
0x6e3f949a
0x6e3f94a0
0x6e3f94a4
0x6e3f94ad
0x6e3f94ae
0x6e3f94a0
0x6e3f94b2
0x6e3f94b4
0x6e3f94b8
0x6e3f94c0
0x6e3f94c8
0x6e3f94cc
0x00000000
0x00000000
0x00000000
0x6e3f94cc
0x6e3f94ce
0x6e3f94d4
0x6e3f94d6
0x6e3f94da
0x6e3f94da
0x6e3f94de
0x6e3f9523
0x6e3f9528
0x6e3f9528
0x6e3f952e
0x00000000
0x00000000
0x6e3f9530
0x6e3f9536
0x6e3f955a
0x6e3f9538
0x6e3f9538
0x6e3f953e
0x6e3f955d
0x6e3f9540
0x6e3f9540
0x6e3f9546
0x6e3f9562
0x6e3f9548
0x6e3f9548
0x6e3f954e
0x6e3f9567
0x6e3f9567
0x6e3f9550
0x6e3f9550
0x6e3f9553
0x6e3f9556
0x00000000
0x00000000
0x6e3f9558
0x6e3f9556
0x6e3f954e
0x6e3f9546
0x6e3f953e
0x00000000
0x6e3f9536
0x6e3f956a
0x6e3f956c
0x6e3f956e
0x6e3f956e
0x6e3f9572
0x6e3f9577
0x6e3f9579
0x6e3f9580
0x6e3f9587
0x6e3f9587
0x6e3f9589
0x00000000
0x00000000
0x6e3f958b
0x6e3f958c
0x6e3f958f
0x00000000
0x6e3f9591
0x6e3f9591
0x6e3f9598
0x6e3f959a
0x6e3f95ad
0x6e3f95ad
0x6e3f95af
0x6e3f95b4
0x6e3f95c0
0x6e3f95c5
0x6e3f95ca
0x6e3f95cd
0x6e3f95d2
0x6e3f95d2
0x6e3f95d7
0x6e3f95d9
0x6e3f95db
0x6e3f95dd
0x6e3f95e1
0x6e3f95e1
0x6e3f95e6
0x6e3f95f1
0x6e3f95f5
0x6e3f95f9
0x6e3f95f9
0x6e3f95f9
0x6e3f95fe
0x6e3f9602
0x6e3f9603
0x6e3f9603
0x6e3f95e1
0x6e3f9609
0x6e3f9609
0x6e3f9611
0x6e3f9650
0x6e3f9654
0x6e3f9658
0x00000000
0x6e3f9613
0x6e3f9613
0x6e3f9616
0x6e3f9638
0x6e3f9641
0x6e3f9646
0x6e3f9660
0x6e3f9660
0x6e3f9618
0x6e3f9618
0x6e3f9620
0x6e3f9628
0x6e3f9628
0x6e3f9616
0x6e3f9668
0x6e3f966a
0x6e3f9677
0x6e3f9679
0x6e3f967b
0x6e3f967d
0x6e3f9681
0x6e3f9684
0x6e3f9688
0x6e3f968c
0x6e3f9690
0x6e3f9694
0x6e3f9697
0x6e3f96a4
0x6e3f96b0
0x6e3f96b0
0x6e3f96b4
0x6e3f96be
0x6e3f96c2
0x6e3f96c8
0x6e3f96ca
0x00000000
0x00000000
0x6e3f96cc
0x6e3f96cc
0x6e3f96fb
0x6e3f96fb
0x6e3f9700
0x6e3f9704
0x6e3f971b
0x6e3f971f
0x6e3f9726
0x6e3f9726
0x6e3f9728
0x6e3f972b
0x6e3f9730
0x6e3f9730
0x6e3f9732
0x6e3f9734
0x6e3f9736
0x6e3f9736
0x6e3f973a
0x6e3f9746
0x6e3f9748
0x6e3f974a
0x6e3f9750
0x6e3f9750
0x6e3f9752
0x6e3f9752
0x6e3f9750
0x6e3f9756
0x6e3f9758
0x6e3f9765
0x6e3f9765
0x6e3f975a
0x6e3f975a
0x6e3f9761
0x6e3f9761
0x6e3f9767
0x6e3f9771
0x6e3f977b
0x6e3f977e
0x6e3f979f
0x6e3f979f
0x6e3f97a3
0x6e3f96b0
0x6e3f96b4
0x6e3f96be
0x6e3f96c2
0x6e3f96c8
0x6e3f96ca
0x00000000
0x00000000
0x00000000
0x6e3f97a9
0x6e3f97a9
0x6e3f97ad
0x6e3f97af
0x6e3f97b3
0x6e3f97b7
0x00000000
0x6e3f97bd
0x6e3f97bd
0x6e3f97bd
0x6e3f97bf
0x6e3f97c1
0x6e3f97c1
0x6e3f97d0
0x6e3f97d8
0x6e3f97df
0x6e3f97e2
0x6e3f97e4
0x6e3f97e8
0x6e3f97ea
0x6e3f97f0
0x6e3f97f3
0x6e3f97f5
0x6e3f97f7
0x00000000
0x00000000
0x6e3f97f9
0x6e3f97fa
0x6e3f97fb
0x6e3f97fe
0x6e3f9800
0x6e3f9804
0x00000000
0x00000000
0x00000000
0x6e3f9804
0x6e3f9806
0x6e3f9806
0x6e3f9811
0x6e3f9815
0x6e3f981d
0x6e3f9821
0x6e3f9831
0x6e3f9831
0x6e3f9833
0x6e3f9839
0x6e3f9842
0x6e3f9851
0x6e3f9855
0x6e3f985a
0x6e3f96b0
0x6e3f96b0
0x00000000
0x00000000
0x00000000
0x6e3f96b0
0x00000000
0x6e3f9823
0x6e3f9823
0x6e3f982b
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3f982b
0x6e3f9821
0x6e3f97b7
0x6e3f9780
0x6e3f9780
0x6e3f9784
0x6e3f985f
0x6e3f9869
0x6e3f986e
0x6e3f9872
0x6e3f9877
0x6e3f9879
0x6e3f987b
0x6e3f9880
0x6e3f9880
0x6e3f9882
0x6e3f988a
0x6e3f988e
0x6e3f9890
0x6e3f9894
0x6e3f9896
0x6e3f9896
0x6e3f9898
0x6e3f989c
0x6e3f98a0
0x6e3f98a0
0x6e3f988e
0x6e3f98ac
0x6e3f98b7
0x6e3f98b9
0x6e3f98bb
0x6e3f98c0
0x6e3f98c0
0x6e3f98c2
0x6e3f98c2
0x6e3f98c0
0x6e3f98c6
0x6e3f98c8
0x00000000
0x00000000
0x00000000
0x6e3f98ca
0x6e3f98ca
0x6e3f98cf
0x6e3f98cf
0x6e3f98d1
0x6e3f98d1
0x6e3f9880
0x6e3f98d5
0x6e3f98e4
0x6e3f98e6
0x6e3f98ea
0x6e3f98ec
0x6e3f978a
0x6e3f9795
0x6e3f9799
0x6e3f979d
0x00000000
0x6e3f979d
0x6e3f9784
0x00000000
0x6e3f96d3
0x6e3f96d3
0x6e3f96f4
0x6e3f96f9
0x6e3f96f9
0x00000000
0x6e3f96d5
0x6e3f96dc
0x6e3f96e5
0x6e3f96ed
0x6e3f96ed
0x00000000
0x6e3f96d3
0x6e3f9699
0x6e3f9699
0x6e3f969e
0x6e3f98f0
0x6e3f98f0
0x00000000
0x00000000
0x00000000
0x6e3f969e
0x6e3f959c
0x6e3f959c
0x6e3f959e
0x00000000
0x6e3f95a0
0x6e3f95a0
0x6e3f95a3
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3f95a3
0x6e3f959e
0x6e3f959a
0x6e3f98f5
0x6e3f98fc
0x6e3f9900
0x6e3f990d
0x00000000
0x6e3f990d
0x6e3f95a5
0x00000000
0x6e3f94e0
0x6e3f94e4
0x6e3f94e9
0x6e3f94ee
0x6e3f94f3
0x6e3f94f7
0x6e3f94f9
0x6e3f94fe
0x6e3f9500
0x6e3f9505
0x6e3f9522
0x6e3f9522
0x00000000

Strings

@, xrefs: 6E3F9869
@, xrefs: 6E3F94E9

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 01b59ea6c16366904d6fc56ec0cb10cae294d8e5f462dad2a88495c2df922ce9
Instruction ID: 59935b34b452b163a52a9d6307be25daeb65eeff5f88bbbfb8dfe43610c58ebf
Opcode Fuzzy Hash: 01b59ea6c16366904d6fc56ec0cb10cae294d8e5f462dad2a88495c2df922ce9
Instruction Fuzzy Hash: 2BF16671A18342CFD754DFA8C09066AB7F1BF99314F10492EE8D987350E776E84ACB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E3F6182 Relevance: 2.0, Strings: 1, Instructions: 789COMMON

Download Yara Rule

Strings

$?n, xrefs: 6E3F6580

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID: $?n
API String ID: 0-4248363873
Opcode ID: b22c4e8426941fb08c994c5ae9f9838273516d51f5b91f048c617b2e0aed24b2
Instruction ID: 795bd69d66c2760e314df0aa2b867fa468aae4eb4250da1d08ccd91a8c3df6da
Opcode Fuzzy Hash: b22c4e8426941fb08c994c5ae9f9838273516d51f5b91f048c617b2e0aed24b2
Instruction Fuzzy Hash: 1152AF71A14722DFD708CF69C890669B7E1FF88314F00462EE8969BB80D739E956CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F0DC0 Relevance: 2.0, Strings: 1, Instructions: 708COMMON

Download Yara Rule

Strings

<FQn, xrefs: 6E4F0EDF, 6E4F1075, 6E4F130F, 6E4F1458

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID: <FQn
API String ID: 0-3859040573
Opcode ID: 876fd60b069216ed52d8d6b238dcff939897a816e111d731dbb70adcf26c3237
Instruction ID: d1ab88d268c40936602d24338cdedaea54a4c9212de5620ede2ce9e625f2b514
Opcode Fuzzy Hash: 876fd60b069216ed52d8d6b238dcff939897a816e111d731dbb70adcf26c3237
Instruction Fuzzy Hash: 88324EB7F505145BDB0CCA5DCCA27ECB2E3AFD8214B0E813DA81AE7345EA78D9158644

Uniqueness

Uniqueness Score: -1.00%

Function 6E3F58D0 Relevance: 1.9, Strings: 1, Instructions: 635COMMON

Download Yara Rule

Strings

?n, xrefs: 6E3F5AFA

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID: ?n
API String ID: 0-2675757732
Opcode ID: e30f9263eacdb7d98b7a9dd479155345859c6f4ff3be65eb4f762c6693a7d7e6
Instruction ID: 1a5d413f3268f497fef4e7a40ff7208ceaf5bf15aeac6517fd0defc8c3ce9705
Opcode Fuzzy Hash: e30f9263eacdb7d98b7a9dd479155345859c6f4ff3be65eb4f762c6693a7d7e6
Instruction Fuzzy Hash: E7325A70618712EFE748CFA9C490B5AB7E1FF84304F108A2DE8958B681D375E956CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D1050 Relevance: 1.8, APIs: 1, Instructions: 257COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 6E3D1097

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 4cb1db6996a0d3230b8d022e20d013c1605bd21961c72ac79112e7306a14f518
Instruction ID: 835829a3056f1c41291c17d468b211718f6b648364471a7edb4c3e96eb7547c0
Opcode Fuzzy Hash: 4cb1db6996a0d3230b8d022e20d013c1605bd21961c72ac79112e7306a14f518
Instruction Fuzzy Hash: 9CA1237250CB824BC719CE6CD8C179AFBE2AF8A304F0E8A7DC4D18B256D674D959C781

Uniqueness

Uniqueness Score: -1.00%

Function 6E53062B Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6E528313: EnterCriticalSection.KERNEL32(?,?,6E52B783,00000000,6E563550,0000000C,6E52B73E,?,?,?,6E52DFA9,?,?,6E52CCA6,00000001,00000364), ref: 6E528322

EnumSystemLocalesW.KERNEL32(6E5305E5,00000001,6E563718,0000000C), ref: 6E530663

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 3af98e598aea574be4aaf7b3fa6f36bab444879ba67c00a0ac7b6727679291c1
Instruction ID: c516c6bb1f3af8823dca1944848c3cf1ddefc75c6fd1cc7f6b63784f66e8dade
Opcode Fuzzy Hash: 3af98e598aea574be4aaf7b3fa6f36bab444879ba67c00a0ac7b6727679291c1
Instruction Fuzzy Hash: E5F06D72A20710EFDB10DFACC845B9D37E4AB85724F21452AF510DF2A1DBB48900CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E51BEF9 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 6E51C069

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 1fb028ab5fd346c2bc6cdf677255538467cb143e20742cbdf445576efcfea7db
Instruction ID: d871047b30fc23f0c1d8713a413278a076d08e9d59f884ec61c30576aef7dbbf
Opcode Fuzzy Hash: 1fb028ab5fd346c2bc6cdf677255538467cb143e20742cbdf445576efcfea7db
Instruction Fuzzy Hash: F151457124C686DBFBE8A9E845A1BFE33DA9B42304F004D6DD9518F389C70BDE458752

Uniqueness

Uniqueness Score: -1.00%

Function 6E508040 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

x!Tn, xrefs: 6E508100, 6E508139, 6E50806D

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID: x!Tn
API String ID: 0-3265114039
Opcode ID: c270dd262014dd5c2eb589115207c88179cf5e373e6000c49492a21faf8b2ec3
Instruction ID: 1fd74adbdca943f87a13edcc281d3bb08e34ecd737e64c96aef39d47abb4cfe0
Opcode Fuzzy Hash: c270dd262014dd5c2eb589115207c88179cf5e373e6000c49492a21faf8b2ec3
Instruction Fuzzy Hash: 2F518531E05249DFCB04CF6CC8905AEFBF5EF9A200B54859EE8959B306C3319A45CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3FABD6 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 6E3FABD6

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 09169b95baa732a0ac8ef30fd2326649406ecc39eff844d3f142f60d41b7dbbb
Instruction ID: 0d8db4e76f12c3f933510f34c423e092c55ea3460dcd57dce59eff0d668e7b76
Opcode Fuzzy Hash: 09169b95baa732a0ac8ef30fd2326649406ecc39eff844d3f142f60d41b7dbbb
Instruction Fuzzy Hash: 68C08CB0024A40CFEF00AFB2B1087403FA0A347307F2081ADE02B8EA48DB7040C18F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E528FF0 Relevance: .7, Instructions: 651COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c1396628b0a77b880281fe0b82db67975d41513b5f5763e489a4bf68b4df95
Instruction ID: 57c939a464fafda5bf6970df7caba6b7f796937c9a0e3a6bcc8028cd2e2a47a2
Opcode Fuzzy Hash: 80c1396628b0a77b880281fe0b82db67975d41513b5f5763e489a4bf68b4df95
Instruction Fuzzy Hash: EB321321D69F414DDB639534C872336A398AFB33C4F55D737E82AB5AAAEF2980C34100

Uniqueness

Uniqueness Score: -1.00%

Function 6E3F8FC0 Relevance: .4, Instructions: 404COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 773a6a123d9b2a6c7ff24a64bc730c2f86810a692befd11ed70ace02cdc27a16
Instruction ID: ad2c72d5f58181fc66dc3133ab165720ea91243127c3fbd569680e6a4fcfd413
Opcode Fuzzy Hash: 773a6a123d9b2a6c7ff24a64bc730c2f86810a692befd11ed70ace02cdc27a16
Instruction Fuzzy Hash: 45E1D33061C3558FC308CEA9C99416ABBE2EFC5304F14896DE8D58B346DAB6D94BCB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DB890 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2822e651211412edf68a1dfe95f2bc3b6fefa1f8c96052ee735d6f30d6500e6b
Instruction ID: ad2594cb279b0d7c69f21cce23d359e7a6bb1c3c4406738002361895415fe47c
Opcode Fuzzy Hash: 2822e651211412edf68a1dfe95f2bc3b6fefa1f8c96052ee735d6f30d6500e6b
Instruction Fuzzy Hash: D09176B2A006099FCB18CFB9CD91AAEB7B9FB88304F14862DE4559B745D770A909CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E5183B6 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 90c22f9a6cac50d05fbd5c7a365977529953e2ec3ea3495e24839edd12ab3176
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: E891977210D0E34EF7A982BE85745BEFFF19A423A530A4B9DE4F2CA1C5EE24C154D621

Uniqueness

Uniqueness Score: -1.00%

Function 6E518671 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 3133fcbf1097eee2a18fc86508e04bf54cbc31a7139b966d46ff9e9c630791e4
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: F691637210C1A30EF7A982BE85754BEFFF15A523A130A4B9ED4F2CB1C5EE24D164D621

Uniqueness

Uniqueness Score: -1.00%

Function 6E5180EF Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: e619c830de58bea734d892655b6d7946669c3ebc61a274ec2817743afa0132e9
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: C891537324C0E34EF7AE46BE88744BEFFE15A423A170A4B9DD4F2CA1C5EE248154D621

Uniqueness

Uniqueness Score: -1.00%

Function 6E51C128 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df6d300a0ae18d0120c087cec5547a1d19dd64fd03924d3ebb6b7794aa540c1
Instruction ID: 1d030677b6f01056aae94b0866fcb6eb8ac858337505745e305580265f96b8a5
Opcode Fuzzy Hash: 0df6d300a0ae18d0120c087cec5547a1d19dd64fd03924d3ebb6b7794aa540c1
Instruction Fuzzy Hash: 24614B716CC70667FA5CD9E848A17FE33D9AB83704F004D3AD5A2DF180D75799428356

Uniqueness

Uniqueness Score: -1.00%

Function 6E517E45 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: c0383325b6a9a1be33d5ee403f19fd9512e2c094b469d1450abb034ef3fb8588
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 64815E7320D0E70EF79986BEC5744BEFFE15A423A130A4B9DE4F2CA1C5EE248554D620

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D1148 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eda52ccc4ca0bbaec6cba1f1f4bd460f507684888a2fc5ce753d1c6b51b066d
Instruction ID: 24006aee22b9faedaee47156931a4bea6dacca84c6d56b569236174a2ff8a752
Opcode Fuzzy Hash: 6eda52ccc4ca0bbaec6cba1f1f4bd460f507684888a2fc5ce753d1c6b51b066d
Instruction Fuzzy Hash: 537112726087828BC719CE6CC8C169AFBD2AFC9304F498A79C4D1CB266D278D95DC791

Uniqueness

Uniqueness Score: -1.00%

Function 6E3F8C90 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aa1c89db84f92c0156eb7906a55a2f1856ec2c1073974375ea374dc09869bb5
Instruction ID: 1597499cf48ccf00a75b17f2084c0223665f57909a5622e289ad5a9f93cd7d15
Opcode Fuzzy Hash: 8aa1c89db84f92c0156eb7906a55a2f1856ec2c1073974375ea374dc09869bb5
Instruction Fuzzy Hash: 2061973566195347E758DEADEDD07263363EBCB382F794630CE014B64ACA39F622C684

Uniqueness

Uniqueness Score: -1.00%

Function 6E508500 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39c211e4baf1e282b7b29bf0c79ecea21d1d372f2b6a882cfbbeb0350e46a6b9
Instruction ID: 093db695fdd2457db73072b23c7f485c6adf4d99fc390c89f5051cf52abdbb1b
Opcode Fuzzy Hash: 39c211e4baf1e282b7b29bf0c79ecea21d1d372f2b6a882cfbbeb0350e46a6b9
Instruction Fuzzy Hash: EE5137326185058BD708DE5CECE1AB577E1FB93321769425EE49ACB3C0CB35E816C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D1BB0 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4d94d86b38ca8f03d9e1e3ee7af2b26201590b916ed66a5977da3cf5149a9fd
Instruction ID: cebb36b2ab2c32c3bb4b5947ac3e07e43dd6b8d105f6447fe228d8281c52a422
Opcode Fuzzy Hash: e4d94d86b38ca8f03d9e1e3ee7af2b26201590b916ed66a5977da3cf5149a9fd
Instruction Fuzzy Hash: 84315263B112242F4605A6FE4C988BF7ABEAFC50AD7860528FD4993584DF505D0D91F1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D1A60 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d562de0bcbfbcc48c30785151740bb1d497c98a996b5762e9e63be47df97fce2
Instruction ID: 51b1cf5d30d5e846b2b9c12d0c71a15be4bd90add8dd0edada48394c0a171163
Opcode Fuzzy Hash: d562de0bcbfbcc48c30785151740bb1d497c98a996b5762e9e63be47df97fce2
Instruction Fuzzy Hash: D9319563F102242F9605A9FA5C948BF79EEAFD40BD78A0428FD4D93240EF415C0D91F1

Uniqueness

Uniqueness Score: -1.00%

Function 6E50E420 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ed1daf9b7d5df6591197c8ece7b8ef312eb7d35448ae6948dc99e5b3090d2c
Instruction ID: d04510fbf7b7affa12851d3ad55844d31e6569269e211e8c057eaa3c11806b44
Opcode Fuzzy Hash: a3ed1daf9b7d5df6591197c8ece7b8ef312eb7d35448ae6948dc99e5b3090d2c
Instruction Fuzzy Hash: B41181A69412302FDF00185F90A13F263C583AB766FD66562F888C37C2D86A658F73B4

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E4E80 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 130e9ea39e04419cf5d512d2ed00e3603dc3e2481d98501a9de6cd351abdaa7c
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 8F1104772400A387E28489FEC8B06A7A795EFCD226729436BD0618BF59D223E1579600

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D2990 Relevance: 59.7, APIs: 28, Strings: 6, Instructions: 243
windowthreadCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E3D2990(void* __ecx, WCHAR* __edx, void* __ebp, struct HWND__* _a4, intOrPtr _a8, signed short _a12) {
				char _v8;
				char _v12;
				signed int _v16;
				char _v142;
				short _v144;
				char _v148;
				char _v270;
				short _v272;
				intOrPtr _v280;
				struct HINSTANCE__* _v284;
				intOrPtr _v292;
				short _v300;
				char _v304;
				WCHAR* _v312;
				char _v332;
				char _v344;
				char _v360;
				char _v372;
				struct HWND__* _v376;
				struct HWND__* _v380;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				signed int _t56;
				void* _t60;
				int _t62;
				void* _t64;
				intOrPtr _t67;
				void* _t69;
				WCHAR* _t72;
				WCHAR* _t74;
				WCHAR* _t76;
				intOrPtr _t85;
				void* _t96;
				void* _t100;
				void* _t115;
				void* _t118;
				char* _t127;
				void* _t141;
				void* _t142;
				struct HWND__* _t144;
				void* _t145;
				void* _t149;
				signed int _t150;

				_t136 = __edx;
				_push(0xffffffff);
				_push(E6E3F99A1);
				_push( *[fs:0x0]);
				_t150 = _t149 - 0x160;
				_t54 =  *0x6e405204; // 0x2276585c
				_v16 = _t54 ^ _t150;
				_push(__ebp);
				_t56 =  *0x6e405204; // 0x2276585c
				_push(_t56 ^ _t150);
				 *[fs:0x0] =  &_v12;
				_t60 = _a8 - 2;
				_t144 = _a4;
				_t141 = __ecx;
				if(_t60 == 0) {
					PostQuitMessage(0);
					UnhookWindowsHookEx( *(_t141 + 0xc));
					L27:
					_t62 = 0;
					__eflags = 0;
					L28:
					 *[fs:0x0] = _v12;
					_pop(_t142);
					_pop(_t145);
					_pop(_t115);
					return E6E3E2840(_t62, _t115, _v16 ^ _t150, _t136, _t142, _t145);
				}
				_t64 = _t60 - 0x10e;
				if(_t64 == 0) {
					 *(_t141 + 0xc) = SetWindowsHookExW(3, 0x6e3d21a0, 0, GetCurrentThreadId());
					_v280 = 7;
					_v284 = 0;
					_v300 = 0;
					_v8 = 0;
					_t67 = E6E3D1FF0();
					__eflags = _t67;
					if(_t67 == 0) {
						_push(_t141 + 0x48);
						_t69 = E6E3D27B0(0, __ebp,  &_v332, L"Connecting to ");
						_t150 = _t150 + 0xc;
						_push(0xffffffff);
						_push(0);
						_push(_t69);
						_v8 = 2;
						E6E3D2590( &_v304);
						_t127 =  &_v344;
					} else {
						_push(_t141 + 0x48);
						_t96 = E6E3D27B0(0, __ebp,  &_v360, 0x6e3fb780);
						_t150 = _t150 + 0xc;
						_push(0xffffffff);
						_push(0);
						_push(_t96);
						_v8 = 1;
						E6E3D2590( &_v304);
						_t127 =  &_v372;
					}
					E6E3D23C0(_t127);
					_t72 = _v312;
					__eflags = _v292 - 8;
					if(_v292 < 8) {
						_t72 =  &_v312;
					}
					SetWindowTextW(_t144, _t72);
					__eflags =  *((intOrPtr*)(_t141 + 0x28)) - 8;
					if( *((intOrPtr*)(_t141 + 0x28)) < 8) {
						_t74 = _t141 + 0x14;
					} else {
						_t74 =  *(_t141 + 0x14);
					}
					SetDlgItemTextW(_t144, 0x3ea, _t74);
					__eflags =  *((intOrPtr*)(_t141 + 0x44)) - 8;
					if( *((intOrPtr*)(_t141 + 0x44)) < 8) {
						_t76 = _t141 + 0x30;
					} else {
						_t76 =  *(_t141 + 0x30);
					}
					SetDlgItemTextW(_t144, 0x3eb, _t76);
					_t118 = GetDlgItem;
					_v380 = GetDlgItem(_t144, 0x3ea);
					_v376 = GetDlgItem(_t144, 0x3eb);
					SendMessageW(_v380, 0xc5, 0x3c, 0);
					_t136 = _v376;
					SendMessageW(_v376, 0xc5, 0x3c, 0);
					CheckDlgButton(_t144, 0x3ef, 1);
					__eflags =  *((intOrPtr*)(_t141 + 0x24));
					if( *((intOrPtr*)(_t141 + 0x24)) != 0) {
						SetFocus(GetDlgItem(_t144, ??), 0x3eb);
					} else {
						SetFocus(GetDlgItem(_t144, ??), 0x3ea);
					}
					_t85 = E6E3D1FF0();
					__eflags = _t85;
					if(_t85 != 0) {
						_push(0x6e3fb6d4);
					} else {
						SetDlgItemTextW(_t144, 0x3ec, L"Username");
						SetDlgItemTextW(_t144, 0x3ed, L"Password");
						SetDlgItemTextW(_t144, 0x3ef, L"Remember");
						SetDlgItemTextW(_t144, 1, L"OK");
						SetDlgItemTextW(_t144, 2, L"Cancel");
						_push(L"Proxy Authorization");
					}
					SetDlgItemTextW(_t144, 0x3ee, ??);
					SetForegroundWindow(_t144);
					__eflags = _v292 - 8;
					if(__eflags >= 0) {
						E6E3E2756(_t118, _t141, _t144, __eflags, _v312);
						_t150 = _t150 + 4;
					}
					goto L27;
				}
				if(_t64 != 1) {
					goto L27;
				}
				_t100 = (_a12 & 0x0000ffff) - 1;
				if(_t100 == 0) {
					_v272 = 0;
					E6E3E2850(__ecx,  &_v270, 0, 0x7e);
					_v144 = 0;
					E6E3E2850(_t141,  &_v142, 0, 0x7e);
					_t150 = _t150 + 0x18;
					GetDlgItemTextW(_t144, 0x3ea,  &_v272, 0x3f);
					_t136 =  &_v144;
					GetDlgItemTextW(_t144, 0x3eb,  &_v144, 0x3f);
					 *((intOrPtr*)(_t141 + 0x64)) = IsDlgButtonChecked(_t144, 0x3ef);
					E6E3D2780( &_v272);
					E6E3D2780( &_v148);
					DestroyWindow(_t144);
					 *(_t141 + 8) = 2;
					goto L27;
				}
				if(_t100 != 1) {
					goto L27;
				}
				DestroyWindow(_t144);
				 *(_t141 + 8) = 1;
				_t62 = 1;
				goto L28;
			}

0x6e3d2990
0x6e3d2990
0x6e3d2992
0x6e3d299d
0x6e3d299e
0x6e3d29a4
0x6e3d29ab
0x6e3d29b3
0x6e3d29b6
0x6e3d29bd
0x6e3d29c5
0x6e3d29d2
0x6e3d29d5
0x6e3d29dc
0x6e3d29de
0x6e3d2c93
0x6e3d2c9d
0x6e3d2ca3
0x6e3d2ca3
0x6e3d2ca3
0x6e3d2ca5
0x6e3d2cac
0x6e3d2cb4
0x6e3d2cb5
0x6e3d2cb7
0x6e3d2ccc
0x6e3d2ccc
0x6e3d29e4
0x6e3d29e9
0x6e3d2ad6
0x6e3d2ad9
0x6e3d2ae1
0x6e3d2ae5
0x6e3d2aea
0x6e3d2af1
0x6e3d2af6
0x6e3d2af8
0x6e3d2b2e
0x6e3d2b39
0x6e3d2b3e
0x6e3d2b41
0x6e3d2b43
0x6e3d2b44
0x6e3d2b49
0x6e3d2b51
0x6e3d2b56
0x6e3d2afa
0x6e3d2afd
0x6e3d2b08
0x6e3d2b0d
0x6e3d2b10
0x6e3d2b12
0x6e3d2b13
0x6e3d2b18
0x6e3d2b20
0x6e3d2b25
0x6e3d2b25
0x6e3d2b5a
0x6e3d2b5f
0x6e3d2b68
0x6e3d2b6c
0x6e3d2b6e
0x6e3d2b6e
0x6e3d2b74
0x6e3d2b7a
0x6e3d2b7d
0x6e3d2b84
0x6e3d2b7f
0x6e3d2b7f
0x6e3d2b7f
0x6e3d2b94
0x6e3d2b96
0x6e3d2b99
0x6e3d2ba0
0x6e3d2b9b
0x6e3d2b9b
0x6e3d2b9b
0x6e3d2baa
0x6e3d2bac
0x6e3d2bc0
0x6e3d2bd4
0x6e3d2bd8
0x6e3d2bde
0x6e3d2bec
0x6e3d2bfa
0x6e3d2c00
0x6e3d2c04
0x6e3d2c16
0x6e3d2c06
0x6e3d2c16
0x6e3d2c16
0x6e3d2c1c
0x6e3d2c21
0x6e3d2c23
0x6e3d2c67
0x6e3d2c25
0x6e3d2c30
0x6e3d2c3d
0x6e3d2c4a
0x6e3d2c54
0x6e3d2c5e
0x6e3d2c60
0x6e3d2c60
0x6e3d2c72
0x6e3d2c75
0x6e3d2c7b
0x6e3d2c80
0x6e3d2c87
0x6e3d2c8c
0x6e3d2c8c
0x00000000
0x6e3d2c80
0x6e3d29f2
0x00000000
0x00000000
0x6e3d2a00
0x6e3d2a03
0x6e3d2a30
0x6e3d2a35
0x6e3d2a47
0x6e3d2a4f
0x6e3d2a5a
0x6e3d2a6a
0x6e3d2a6e
0x6e3d2a7c
0x6e3d2a8a
0x6e3d2a95
0x6e3d2aa5
0x6e3d2aab
0x6e3d2ab1
0x00000000
0x6e3d2ab1
0x6e3d2a08
0x00000000
0x00000000
0x6e3d2a0f
0x6e3d2a15
0x6e3d2a1c
0x00000000

APIs

DestroyWindow.USER32(?,2276585C), ref: 6E3D2A0F
_memset.LIBCMT ref: 6E3D2A35
_memset.LIBCMT ref: 6E3D2A4F
GetDlgItemTextW.USER32(?,000003EA,?,0000003F), ref: 6E3D2A6A
GetDlgItemTextW.USER32(?,000003EB,?,0000003F), ref: 6E3D2A7C
IsDlgButtonChecked.USER32(?,000003EF), ref: 6E3D2A84
DestroyWindow.USER32(?,?,2276585C), ref: 6E3D2AAB
GetCurrentThreadId.KERNEL32 ref: 6E3D2ABD
SetWindowsHookExW.USER32(00000003,6E3D21A0,00000000,00000000), ref: 6E3D2ACE
SetWindowTextW.USER32(?,?), ref: 6E3D2B74
SetDlgItemTextW.USER32(?,000003EA,?), ref: 6E3D2B94
SetDlgItemTextW.USER32(?,000003EB,?), ref: 6E3D2BAA
GetDlgItem.USER32(?,000003EA), ref: 6E3D2BB8
GetDlgItem.USER32(?,000003EB), ref: 6E3D2BC4
SendMessageW.USER32(?,000000C5,0000003C,00000000), ref: 6E3D2BD8
SendMessageW.USER32(?,000000C5,0000003C,00000000), ref: 6E3D2BEC
CheckDlgButton.USER32(?,000003EF,00000001), ref: 6E3D2BFA
GetDlgItem.USER32(?,000003EB), ref: 6E3D2C13
SetFocus.USER32(00000000), ref: 6E3D2C16
SetDlgItemTextW.USER32(?,000003EC,Username), ref: 6E3D2C30
PostQuitMessage.USER32(00000000), ref: 6E3D2C93
UnhookWindowsHookEx.USER32(?), ref: 6E3D2C9D

Strings

Username, xrefs: 6E3D2C25
Proxy Authorization, xrefs: 6E3D2C60
Cancel, xrefs: 6E3D2C56
Connecting to , xrefs: 6E3D2B33
Password, xrefs: 6E3D2C32
Remember, xrefs: 6E3D2C3F

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Item$Text$MessageWindow$ButtonDestroyHookSendWindows_memset$CheckCheckedCurrentFocusPostQuitThreadUnhook
String ID: Cancel$Connecting to $Password$Proxy Authorization$Remember$Username
API String ID: 3542682010-908114102
Opcode ID: db179ea16eee87557af88dca95862d5170c3cd4c8a931984c687aeb60b1b1e5d
Instruction ID: bf83c32a2b4f606e02b3a0ca37eaa590f6f8b7f0e1657cd7faa5d82f03d4a510
Opcode Fuzzy Hash: db179ea16eee87557af88dca95862d5170c3cd4c8a931984c687aeb60b1b1e5d
Instruction Fuzzy Hash: E181B1B2108B41BFE3119BA0CE85F9BB7ACFF49305F004919F1459B6C0DBB1A509CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6E5285B6 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 296COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E528626
_free.LIBCMT ref: 6E52863C
_free.LIBCMT ref: 6E52864D
_free.LIBCMT ref: 6E52865E
_free.LIBCMT ref: 6E528675
GetCPInfo.KERNEL32(?,?), ref: 6E5286BD

Part of subcall function 6E5316B3: _free.LIBCMT ref: 6E53171E

_free.LIBCMT ref: 6E528869
_free.LIBCMT ref: 6E52887C
_free.LIBCMT ref: 6E52888A
_free.LIBCMT ref: 6E528895
_free.LIBCMT ref: 6E5288D7
_free.LIBCMT ref: 6E5288DF
_free.LIBCMT ref: 6E5288E7
_free.LIBCMT ref: 6E5288EF
_free.LIBCMT ref: 6E5288FD

Strings

P0Un, xrefs: 6E528932

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free$Info
String ID: P0Un
API String ID: 2509303402-2749681760
Opcode ID: b8eb9e5980b765e5a6f07c52b144733897769f12c03ef34edd41408187abad6d
Instruction ID: a0ca3aa4727393dd51bdeabf2cce4250a49eda69bfc94e2749ccbdd9017c20ba
Opcode Fuzzy Hash: b8eb9e5980b765e5a6f07c52b144733897769f12c03ef34edd41408187abad6d
Instruction Fuzzy Hash: 31B18C71D0424AAEDB50CFF9C880BEEBBF8BF48308F144879E555A7281D776A841CB65

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DFD00 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 91
sleepsynchronizationwindowCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E6E3DFD00() {
				long _v4;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __ebp;
				void* _t16;
				void* _t20;
				void* _t21;
				struct HWND__* _t31;
				void* _t37;
				void* _t38;
				void* _t39;
				struct HWND__* _t41;
				struct _CRITICAL_SECTION* _t43;
				intOrPtr _t44;
				void* _t45;
				void* _t46;

				_t46 = GetTickCount;
				_t45 = _t39;
				_v4 = GetTickCount();
				_t16 =  *(_t45 + 0x40);
				if(_t16 != 0) {
					SetEvent(_t16);
				}
				_t43 = _t45 + 0x24;
				EnterCriticalSection(_t43);
				_t36 =  *((intOrPtr*)(_t45 + 0x20));
				LeaveCriticalSection(_t43);
				_t44 =  *((intOrPtr*)(_t45 + 0x20));
				E6E3D7C70( *((intOrPtr*)(_t45 + 0x20)), _t44, _t46, 0x6e4064d8, "HttpRelease ... remain: %d", _t36);
				_t37 = 0;
				if(GetTickCount() - _v4 <= 0xea60) {
					while(1) {
						_t44 = E6E3DFB90(_t45);
						if(_t44 == 0) {
							goto L11;
						}
						_t31 =  *0x6e4064ac; // 0x0
						if(_t31 != 0) {
							_t41 =  *0x6e4064ac; // 0x0
							PostMessageW(_t41, 0x10, 0, 0);
						}
						_t37 = _t37 + 1;
						if(_t37 >= 0xa) {
							Sleep(0x32);
						} else {
							Sleep(0xa);
						}
						if(GetTickCount() - _v4 <= 0xea60) {
							continue;
						}
						goto L11;
					}
				}
				L11:
				_t20 =  *(_t45 + 0x3c);
				_t38 = CloseHandle;
				if(_t20 != 0) {
					WaitForSingleObject(_t20, 0xffffffff);
					CloseHandle( *(_t45 + 0x3c));
					 *(_t45 + 0x3c) = 0;
				}
				_t21 =  *(_t45 + 0x40);
				if(_t21 != 0) {
					CloseHandle(_t21);
					 *(_t45 + 0x40) = 0;
				}
				_push(_t44);
				E6E3D7C70(_t38, _t44, _t46, 0x6e4064d8, "HttpRelease cost %d ms, remain_task=%d", GetTickCount() - _v4);
				return 0 | _t44 == 0x00000000;
			}

0x6e3dfd03
0x6e3dfd0b
0x6e3dfd0f
0x6e3dfd13
0x6e3dfd18
0x6e3dfd1b
0x6e3dfd1b
0x6e3dfd21
0x6e3dfd25
0x6e3dfd2b
0x6e3dfd2f
0x6e3dfd40
0x6e3dfd42
0x6e3dfd4a
0x6e3dfd57
0x6e3dfd60
0x6e3dfd67
0x6e3dfd6b
0x00000000
0x00000000
0x6e3dfd6d
0x6e3dfd74
0x6e3dfd76
0x6e3dfd83
0x6e3dfd83
0x6e3dfd89
0x6e3dfd8d
0x6e3dfd95
0x6e3dfd8f
0x6e3dfd95
0x6e3dfd95
0x6e3dfda6
0x00000000
0x00000000
0x00000000
0x6e3dfda6
0x6e3dfd60
0x6e3dfda8
0x6e3dfda8
0x6e3dfdab
0x6e3dfdb3
0x6e3dfdb8
0x6e3dfdc2
0x6e3dfdc4
0x6e3dfdc4
0x6e3dfdcb
0x6e3dfdd0
0x6e3dfdd3
0x6e3dfdd5
0x6e3dfdd5
0x6e3dfddc
0x6e3dfdee
0x6e3dfe02

APIs

GetTickCount.KERNEL32 ref: 6E3DFD0D
SetEvent.KERNEL32(?,?,?,?,?,?,6E3E2003), ref: 6E3DFD1B
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6E3E2003), ref: 6E3DFD25
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6E3E2003), ref: 6E3DFD2F
GetTickCount.KERNEL32 ref: 6E3DFD4C
PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 6E3DFD83
Sleep.KERNEL32(00000032), ref: 6E3DFD95
GetTickCount.KERNEL32 ref: 6E3DFD9B
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6E3DFDB8
CloseHandle.KERNEL32(?), ref: 6E3DFDC2
CloseHandle.KERNEL32(?), ref: 6E3DFDD3
GetTickCount.KERNEL32 ref: 6E3DFDDD

Strings

HttpRelease ... remain: %d, xrefs: 6E3DFD36
HttpRelease cost %d ms, remain_task=%d, xrefs: 6E3DFDE4

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CountTick$CloseCriticalHandleSection$EnterEventLeaveMessageObjectPostSingleSleepWait
String ID: HttpRelease ... remain: %d$HttpRelease cost %d ms, remain_task=%d
API String ID: 117499682-348217293
Opcode ID: 266c8cdc9e7fb819bae78455e1e7dec03baa75354704c63646d0218ca6c76cc7
Instruction ID: f0ed4ce084a574c490bcc57c00a8ade0ef0b28f36727a344353f12aae415b59a
Opcode Fuzzy Hash: 266c8cdc9e7fb819bae78455e1e7dec03baa75354704c63646d0218ca6c76cc7
Instruction Fuzzy Hash: 2F21D2B2200706AFD7209BB5DCC4F2B73E8BB4A750F200929F5569B684CB75F4098725

Uniqueness

Uniqueness Score: -1.00%

Function 6E4FC3D0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 85libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,00000104,?,77C06000), ref: 6E4FC41F
PathRemoveFileSpecW.SHLWAPI(?,?,77C06000), ref: 6E4FC432
PathAppendW.SHLWAPI(?,PopMgrStub.dll,?,77C06000), ref: 6E4FC440
PathFileExistsW.SHLWAPI(?,?,77C06000), ref: 6E4FC44D
PathRemoveFileSpecW.SHLWAPI(?,?,77C06000), ref: 6E4FC45E
PathRemoveFileSpecW.SHLWAPI(?,?,77C06000), ref: 6E4FC467
PathAppendW.SHLWAPI(?,plugin\PopMgrStub.dll,?,77C06000), ref: 6E4FC475
PathFileExistsW.SHLWAPI(?,?,77C06000), ref: 6E4FC482
LoadLibraryW.KERNEL32(?,?,?,77C06000), ref: 6E4FC4A7
GetProcAddress.KERNEL32(00000000,GetPopMgr), ref: 6E4FC4B7

Strings

plugin\PopMgrStub.dll, xrefs: 6E4FC469
traysub, xrefs: 6E4FC4CF
PopMgrStub.dll, xrefs: 6E4FC434
GetPopMgr, xrefs: 6E4FC4B1

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Path$File$RemoveSpec$AppendExists$AddressLibraryLoadModuleNameProc
String ID: GetPopMgr$PopMgrStub.dll$plugin\PopMgrStub.dll$traysub
API String ID: 494645682-2950127087
Opcode ID: 336deb4df5e3fd9c7e0e4e0a195ff1e3bf4a95976c965a232b211c32468b647f
Instruction ID: 84fdfcf0785e3098713d4d1c6d7b04366e3a109e9ae4ff5af1e31b7ee44bad0c
Opcode Fuzzy Hash: 336deb4df5e3fd9c7e0e4e0a195ff1e3bf4a95976c965a232b211c32468b647f
Instruction Fuzzy Hash: 0F3189B5A01309EBDF10EFF1CC4CEAA73BCAB44700F4186A6A519D7241EB30EA05CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F02F0 Relevance: 24.2, APIs: 2, Strings: 14, Instructions: 166COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E565004,E97A779A,00000010,?,?,?,from,?,?), ref: 6E4F0327
LeaveCriticalSection.KERNEL32(6E565004,?,?,?,from,?,?), ref: 6E4F036B

Strings

ldslite, xrefs: 6E4F03F6
ludashi, xrefs: 6E4F038E
bizhi, xrefs: 6E4F042A
SOFTWARE\QiLu Inc.\mininews_bizhi, xrefs: 6E4F0443
SOFTWARE\QiLu Inc.\mininews, xrefs: 6E4F03A7
SOFTWARE\QiLu Inc.\mininews_ldsgamemaster, xrefs: 6E4F04B1
SOFTWARE\QiLu Inc.\mininews_desktop, xrefs: 6E4F047A
lite_show, xrefs: 6E4F040A
lds_show, xrefs: 6E4F03A2
gamemaster, xrefs: 6E4F0498
SOFTWARE\QiLu Inc.\mininews_lite, xrefs: 6E4F040F
360desktop, xrefs: 6E4F0461
desktop_show, xrefs: 6E4F0475
show, xrefs: 6E4F043E, 6E4F04AC

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: 360desktop$SOFTWARE\QiLu Inc.\mininews$SOFTWARE\QiLu Inc.\mininews_bizhi$SOFTWARE\QiLu Inc.\mininews_desktop$SOFTWARE\QiLu Inc.\mininews_ldsgamemaster$SOFTWARE\QiLu Inc.\mininews_lite$bizhi$desktop_show$gamemaster$lds_show$ldslite$lite_show$ludashi$show
API String ID: 3168844106-1669637978
Opcode ID: cf4c00d63e6088daa1b98154c92b9ebb532168ab28d4692bad8b05531d971c40
Instruction ID: 0b30c891abdf5c243ed1167152fd7cdeeb9bb18dfd20d584a5010a80a445a887
Opcode Fuzzy Hash: cf4c00d63e6088daa1b98154c92b9ebb532168ab28d4692bad8b05531d971c40
Instruction Fuzzy Hash: 5F514B31A45701EBEB409FF98D41F9A73E8DF81325F04462AFD18EA3C1FB7599068691

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E2020 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 234
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6E3E2020(void* __ecx, char _a4, signed int _a8) {
				char _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t44;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				signed int _t58;
				signed int _t76;
				intOrPtr* _t81;
				signed int _t91;
				char _t94;
				void* _t124;
				signed int _t126;
				void* _t133;
				intOrPtr _t135;
				signed int _t136;
				void* _t137;
				void* _t138;
				struct _CRITICAL_SECTION* _t142;
				signed int _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t148;
				void* _t149;
				void* _t151;

				_push(0xffffffff);
				_push(E6E3FAB28);
				_push( *[fs:0x0]);
				_push(_t142);
				_push(_t133);
				_t44 =  *0x6e405204; // 0x2276585c
				_push(_t44 ^ _t144);
				 *[fs:0x0] =  &_v12;
				_t140 = __ecx;
				_t94 = _a4;
				E6E3D6400(_t142, _t94);
				_v8 = 0;
				_t49 = E6E3E3A6E(_v0, "speed_limit_up");
				_t145 = _t144 + 8;
				if(_t49 != 0) {
					_t50 = E6E3E3A6E(_a4, "speed_limit_down");
					_t146 = _t145 + 8;
					if(_t50 != 0) {
						_t51 = E6E3E3A6E(_a4, "speed_avg_interval");
						_t147 = _t146 + 8;
						if(_t51 != 0) {
							_t52 = E6E3E3A6E(_a4, "speed_avg_clean");
							_t148 = _t147 + 8;
							if(_t52 != 0) {
								_t125 = _a4;
								_t53 = E6E3E3A6E(_a4, "delete_all_task");
								_t149 = _t148 + 8;
								if(_t53 != 0) {
									if(E6E3D4EA0( &_a4, "cancel_all_task") != 0) {
										if(E6E3D4EA0( &_a4, "direct_noproxy") != 0) {
											if(E6E3D4EA0( &_a4, "cancel_task") != 0) {
												E6E3D4ED0( &_a4, _t125);
												_t58 = 0;
											} else {
												_push(_t94);
												E6E3D7C70(_t94, _t133, _t142, 0x6e4064d8, "[%u] GlobalSetParam %s", __ecx);
												_t149 = _t149 + 0x10;
												E6E3E1D00(_t140, _t125, _a8);
												E6E3D4ED0( &_v0, _t125);
												_t58 = 1;
											}
										} else {
											_t135 = E6E3E3F5E(_a8);
											_push(_t135);
											_push(_t94);
											E6E3D7C70(_t94, _t135, _t142, 0x6e4064d8, "[%u] GlobalSetParam %s:%d", __ecx);
											_t149 = _t149 + 0x18;
											 *0x6e4064d4 = _t135;
											E6E3D4ED0( &_a4, _t125);
											_t58 = 1;
										}
									} else {
										_push(_t94);
										E6E3D7C70(_t94, _t133, _t142, 0x6e4064d8, "[%u] GlobalSetParam %s", __ecx);
										_t149 = _t149 + 0x10;
										E6E3E06B0(_t140);
										E6E3D4ED0( &_a4, _t125);
										_t58 = 1;
									}
								} else {
									_push(_t94);
									E6E3D7C70(_t94, _t133, _t142, 0x6e4064d8, "[%u] GlobalSetParam %s", __ecx);
									_t149 = _t149 + 0x10;
									E6E3DFB90(_t140);
									E6E3D4ED0( &_a4, _t125);
									_t58 = 1;
								}
							} else {
								E6E3D49B0(__ecx + 0x20f8);
								E6E3D49B0(__ecx + 0xc8);
								_push(_t94);
								E6E3D7C70(_t94, _t133, _t142, 0x6e4064d8, "[%u] GlobalSetParam %s", __ecx);
								_t149 = _t148 + 0x10;
								E6E3D4ED0( &_a4, _t124);
								_t58 = 1;
							}
							goto L29;
						}
						_t126 = _a8;
						_t76 = E6E3E3F5E(_t126);
						_t151 = _t147 + 4;
						_t136 = _t76;
						E6E3D49F0(__ecx + 0x20f8, _t136);
						E6E3D49F0(__ecx + 0xc8, _t136);
						_push(_t136);
						_push(_t94);
						_push(__ecx);
						_push("[%u] GlobalSetParam %s = %d/s");
						goto L8;
					} else {
						_t126 = _a8;
						_t137 = E6E3E3F5E(_t126);
						_t151 = _t146 + 4;
						if(_t137 <= 0 || _t137 > 0x5000) {
							_t136 = 0;
						}
						E6E3E0330(_t140 + 0x88, _t136 << 0xa);
						goto L7;
					}
				} else {
					_t138 = E6E3E3F5E(_a8);
					_t151 = _t145 + 4;
					if(_t138 <= 0 || _t138 > 0x5000) {
						_t136 = 0;
					}
					_t90 = _t136 << 0xa;
					_t142 = _t140 + 0x6c;
					_t126 = (0 | _t136 << 0x0000000a <= 0x00000000) - 0x00000001 & _t90;
					_a8 = _t126;
					EnterCriticalSection(_t142);
					_t91 = _a8;
					if( *(_t140 + 0x54) != _t91) {
						 *(_t140 + 0x54) = _t91;
						 *((intOrPtr*)(_t140 + 0x50)) = 0;
						 *((intOrPtr*)(_t140 + 0x58)) = 0;
					}
					LeaveCriticalSection(_t142);
					L7:
					_push(_t136);
					_push(_t94);
					_push(_t140);
					_push("[%u] GlobalSetParam %s = %d KB/s");
					L8:
					_push(0x6e4064d8);
					E6E3D7C70(_t94, _t136, _t142);
					_t81 = _a4 + 0xfffffff0;
					_t149 = _t151 + 0x14;
					_v4 = 0xffffffff;
					asm("lock xadd [ecx], edx");
					if((_t126 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t81)) + 4))))(_t81);
					}
					_t58 = 1;
					L29:
					 *[fs:0x0] = _v12;
					return _t58;
				}
			}

0x6e3e2020
0x6e3e2022
0x6e3e202d
0x6e3e202f
0x6e3e2031
0x6e3e2032
0x6e3e2039
0x6e3e203e
0x6e3e2044
0x6e3e2046
0x6e3e204f
0x6e3e205e
0x6e3e2066
0x6e3e206b
0x6e3e2070
0x6e3e211c
0x6e3e2121
0x6e3e2126
0x6e3e2165
0x6e3e216a
0x6e3e216f
0x6e3e21af
0x6e3e21b4
0x6e3e21b9
0x6e3e21f8
0x6e3e2202
0x6e3e2207
0x6e3e220c
0x6e3e224c
0x6e3e228c
0x6e3e22d5
0x6e3e230b
0x6e3e2310
0x6e3e22d7
0x6e3e22d7
0x6e3e22e3
0x6e3e22ec
0x6e3e22f2
0x6e3e22fb
0x6e3e2300
0x6e3e2300
0x6e3e228e
0x6e3e2298
0x6e3e229a
0x6e3e229b
0x6e3e22a7
0x6e3e22ac
0x6e3e22b3
0x6e3e22b9
0x6e3e22be
0x6e3e22be
0x6e3e224e
0x6e3e224e
0x6e3e225a
0x6e3e225f
0x6e3e2264
0x6e3e226d
0x6e3e2272
0x6e3e2272
0x6e3e220e
0x6e3e220e
0x6e3e221a
0x6e3e221f
0x6e3e2224
0x6e3e222d
0x6e3e2232
0x6e3e2232
0x6e3e21bb
0x6e3e21c1
0x6e3e21cc
0x6e3e21d1
0x6e3e21dd
0x6e3e21e2
0x6e3e21e9
0x6e3e21ee
0x6e3e21ee
0x00000000
0x6e3e21b9
0x6e3e2171
0x6e3e2176
0x6e3e217b
0x6e3e217e
0x6e3e2187
0x6e3e2193
0x6e3e2198
0x6e3e2199
0x6e3e219a
0x6e3e219b
0x00000000
0x6e3e2128
0x6e3e2128
0x6e3e2132
0x6e3e2134
0x6e3e2139
0x6e3e2143
0x6e3e2143
0x6e3e2151
0x00000000
0x6e3e2151
0x6e3e2076
0x6e3e2080
0x6e3e2082
0x6e3e2087
0x6e3e2091
0x6e3e2091
0x6e3e2097
0x6e3e209f
0x6e3e20a4
0x6e3e20a6
0x6e3e20aa
0x6e3e20b0
0x6e3e20b7
0x6e3e20b9
0x6e3e20be
0x6e3e20c1
0x6e3e20c1
0x6e3e20c5
0x6e3e20cb
0x6e3e20cb
0x6e3e20cc
0x6e3e20cd
0x6e3e20ce
0x6e3e20d3
0x6e3e20d3
0x6e3e20d8
0x6e3e20e1
0x6e3e20e4
0x6e3e20e7
0x6e3e20f5
0x6e3e20fc
0x6e3e2106
0x6e3e2106
0x6e3e2108
0x6e3e2312
0x6e3e2316
0x6e3e2325
0x6e3e2325

APIs

Part of subcall function 6E3E3A6E: __mbsicmp_l.LIBCMT ref: 6E3E3A7B

Part of subcall function 6E3E3F5E: __wcstoi64.LIBCMT ref: 6E3E3F6A

EnterCriticalSection.KERNEL32(?), ref: 6E3E20AA
LeaveCriticalSection.KERNEL32(?), ref: 6E3E20C5

Part of subcall function 6E3E06B0: EnterCriticalSection.KERNEL32(6E4064D8), ref: 6E3E06D3
Part of subcall function 6E3E06B0: SetEvent.KERNEL32(?), ref: 6E3E0724
Part of subcall function 6E3E06B0: GetCurrentThreadId.KERNEL32 ref: 6E3E0733
Part of subcall function 6E3E06B0: WaitForSingleObject.KERNEL32(00000000,00000000), ref: 6E3E074A
Part of subcall function 6E3E06B0: LeaveCriticalSection.KERNEL32(?), ref: 6E3E076F

Strings

speed_avg_clean, xrefs: 6E3E21A9
[%u] GlobalSetParam %s = %d/s, xrefs: 6E3E219B
cancel_all_task, xrefs: 6E3E223C
speed_limit_up, xrefs: 6E3E2058
speed_avg_interval, xrefs: 6E3E215F
delete_all_task, xrefs: 6E3E21FC
direct_noproxy, xrefs: 6E3E227C
[%u] GlobalSetParam %s = %d KB/s, xrefs: 6E3E20CE
speed_limit_down, xrefs: 6E3E2116
[%u] GlobalSetParam %s:%d, xrefs: 6E3E229D
cancel_task, xrefs: 6E3E22C5
[%u] GlobalSetParam %s, xrefs: 6E3E21D3, 6E3E2210, 6E3E2250, 6E3E22D9

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CurrentEventObjectSingleThreadWait__mbsicmp_l__wcstoi64
String ID: [%u] GlobalSetParam %s$[%u] GlobalSetParam %s = %d KB/s$[%u] GlobalSetParam %s = %d/s$[%u] GlobalSetParam %s:%d$cancel_all_task$cancel_task$delete_all_task$direct_noproxy$speed_avg_clean$speed_avg_interval$speed_limit_down$speed_limit_up
API String ID: 2319627647-1053684850
Opcode ID: e912b651cf3d24e7bdbc02835693cca38a62c3ea69293c5531b8e98c983dcb28
Instruction ID: 28ce5971e414bb101e95945a549260c7e6cbe511878ab27da978f286c5179819
Opcode Fuzzy Hash: e912b651cf3d24e7bdbc02835693cca38a62c3ea69293c5531b8e98c983dcb28
Instruction Fuzzy Hash: 1671F5B2544211ABD310D7E6DD40EAB76ECDFD4358F00092EF49A9B650EB21EE46CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E26C0 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 87COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6E568538,00000000), ref: 6E4E26C7
GetLastError.KERNEL32 ref: 6E4E26D1
InitializeCriticalSectionAndSpinCount.KERNEL32(6E5689B8,00000000,00000000), ref: 6E4E2707
GetLastError.KERNEL32 ref: 6E4E2711

Part of subcall function 6E4E6440: __CxxThrowException@8.LIBVCRUNTIME ref: 6E4E6457

Part of subcall function 6E514C02: __onexit.LIBCMT ref: 6E514C08

Strings

Ludashi, xrefs: 6E4E275D
CouponMaster, xrefs: 6E4E279C
$FTn, xrefs: 6E4E2772
MYNovel, xrefs: 6E4E27B8
MasterPDFData, xrefs: 6E4E27C6
360wp, xrefs: 6E4E2780
ApkMagicEmu, xrefs: 6E4E27AA
LDSGameMaster, xrefs: 6E4E278E

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CountCriticalErrorInitializeLastSectionSpin$Exception@8Throw__onexit
String ID: $FTn$360wp$ApkMagicEmu$CouponMaster$LDSGameMaster$Ludashi$MYNovel$MasterPDFData
API String ID: 2794862081-733789301
Opcode ID: 9be51676df0bec50c6d75560ccf29492e3dfb6362c1c8d6c916aa5b4a0e61ded
Instruction ID: 1a680b1c3b70529a8ec41bb8bfe3e00837e84d8ebd9f37d47a76d0e850cfedc8
Opcode Fuzzy Hash: 9be51676df0bec50c6d75560ccf29492e3dfb6362c1c8d6c916aa5b4a0e61ded
Instruction Fuzzy Hash: 5F2181F0900209DBEB00DFE1D909BEE7BF8AF4030DF104519EA05AB741EF759A158B6A

Uniqueness

Uniqueness Score: -1.00%

Function 6E502330 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 341processmemoryCOMMON

Download Yara Rule

APIs

SysAllocStringLen.OLEAUT32(xLPn,00000000), ref: 6E5023BC
CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 6E5023E1
CloseHandle.KERNEL32(?), ref: 6E502563
CloseHandle.KERNEL32(?), ref: 6E502568

Part of subcall function 6E50CA10: EnterCriticalSection.KERNEL32(6E56845C,E97A779A,?,00000000,?), ref: 6E50CA51
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(00000010), ref: 6E50CAC7
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(0000005C), ref: 6E50CAFD

Part of subcall function 6E50CA10: LeaveCriticalSection.KERNEL32(6E56845C), ref: 6E50CBDD

Strings

] sucessfully!, xrefs: 6E502503
] failed!, xrefs: 6E502683
xLPn, xrefs: 6E5023AF, 6E50266D, 6E5023BB
D, xrefs: 6E502370
xLPn, xrefs: 6E5024ED
[CreateProcess , xrefs: 6E5024E2, 6E502662
(null), xrefs: 6E5024F0, 6E5024FC, 6E502670, 6E50267C

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$CloseHandleInitialize$AllocCreateEnterLeaveProcessString
String ID: (null)$D$[CreateProcess $] failed!$] sucessfully!$xLPn$xLPn
API String ID: 231122227-3880457218
Opcode ID: 7532d162febf4c4237c498b99e8fc32010e3d8f8caf2ca1d71c08e615bee7aab
Instruction ID: ae134ba7987d0a2e2eddcbdf6100beccc6f197bc0145027558f75184653f3ab3
Opcode Fuzzy Hash: 7532d162febf4c4237c498b99e8fc32010e3d8f8caf2ca1d71c08e615bee7aab
Instruction Fuzzy Hash: 05D1CF74E01609DFDB01CFA8C954BADBBF5AF49324F148158F526AB391DB38AE01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E52CAD1 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E52CAE5

Part of subcall function 6E52DFD6: HeapFree.KERNEL32(00000000,00000000,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?), ref: 6E52DFEC
Part of subcall function 6E52DFD6: GetLastError.KERNEL32(?,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?,?), ref: 6E52DFFE

_free.LIBCMT ref: 6E52CAF1
_free.LIBCMT ref: 6E52CAFC
_free.LIBCMT ref: 6E52CB07
_free.LIBCMT ref: 6E52CB12
_free.LIBCMT ref: 6E52CB1D
_free.LIBCMT ref: 6E52CB28
_free.LIBCMT ref: 6E52CB33
_free.LIBCMT ref: 6E52CB3E
_free.LIBCMT ref: 6E52CB4C

Strings

p2Un, xrefs: 6E52CADC

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: p2Un
API String ID: 776569668-5417776
Opcode ID: 03f1159a8d2a3575eebb56b66398a3887b148937b5a38a5e958c8c32d3e74a8f
Instruction ID: 87df40e4c994765394d82c3d72adc68246f19ee47eab7ee03e69599fe068d31b
Opcode Fuzzy Hash: 03f1159a8d2a3575eebb56b66398a3887b148937b5a38a5e958c8c32d3e74a8f
Instruction Fuzzy Hash: 5311A27610014DAFCB01DF94CA41CD93BA9FF54258B0184A5BA088F2A1EB72EE509F8A

Uniqueness

Uniqueness Score: -1.00%

Function 6E52A24A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMON

Download Yara Rule

APIs

Part of subcall function 6E529F89: CreateFileW.KERNEL32(00000000,00000000,?,6E52A2F3,?,?,00000000,?,6E52A2F3,00000000,0000000C), ref: 6E529FA6

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E52A35E
__dosmaperr.LIBCMT ref: 6E52A365
GetFileType.KERNEL32(00000000), ref: 6E52A371
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E52A37B
__dosmaperr.LIBCMT ref: 6E52A384
CloseHandle.KERNEL32(00000000), ref: 6E52A3A4
CloseHandle.KERNEL32(?), ref: 6E52A4EE
GetLastError.KERNEL32 ref: 6E52A520
__dosmaperr.LIBCMT ref: 6E52A527

Strings

H, xrefs: 6E52A4AC

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: a73b33357a1ce372c27808ed1e88f4192a20d87a3ff677d91a40d1d7f610e4f2
Instruction ID: 6695fcebf2f37c55362cadeed939372f0f08843ac3291d65fffe4cc382b4e53d
Opcode Fuzzy Hash: a73b33357a1ce372c27808ed1e88f4192a20d87a3ff677d91a40d1d7f610e4f2
Instruction Fuzzy Hash: F8A12032A141048FDF0ADFA8C8517EE7BF4AB4B324F144169E915AF2D2DB318C16CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E500E90 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 201fileCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,E97A779A,?,?,00000001), ref: 6E500ED1

Part of subcall function 6E50CA10: EnterCriticalSection.KERNEL32(6E56845C,E97A779A,?,00000000,?), ref: 6E50CA51
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(00000010), ref: 6E50CAC7
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(0000005C), ref: 6E50CAFD

Part of subcall function 6E4F29E0: std::locale::_Init.LIBCPMT ref: 6E4F2AC5
Part of subcall function 6E4F29E0: std::locale::_Init.LIBCPMT ref: 6E4F2B48

Part of subcall function 6E4F4780: MultiByteToWideChar.KERNEL32(00000000,00000000,6E55EC0C,6E55EC0D,?,00000000,6E55EC0E,E97A779A), ref: 6E4F48EB

EnterCriticalSection.KERNEL32(6E565004,E97A779A,?,?,00000001), ref: 6E500EFE
LeaveCriticalSection.KERNEL32(6E565004,?,?,00000001), ref: 6E500F47
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,?,00000004,?,E97A779A,?,?,00000001), ref: 6E500F86
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,E97A779A,?,?,00000001), ref: 6E500FA2
UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,?,?,?,E97A779A,?,?,00000001), ref: 6E501101

Strings

CE76A57B-F783-4213-87E5-F3BE4605FDC7, xrefs: 6E500F66
%s_%s_%lu, xrefs: 6E500F6B
CShareData::WriteData MapViewOfFile fail, xrefs: 6E50106A

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$File$EnterInitInitializeViewstd::locale::_$ByteCharCloseCreateHandleLeaveMappingMultiUnmapWide
String ID: %s_%s_%lu$CE76A57B-F783-4213-87E5-F3BE4605FDC7$CShareData::WriteData MapViewOfFile fail
API String ID: 103415678-1489050157
Opcode ID: ee852e89d270355da587a927c53c491954414a6bc17ea7e4a0642751e79c0332
Instruction ID: 7117ccec4231c2f2f5fcd8805c494c58785eb9a48d4a873c6b81a271017c88d4
Opcode Fuzzy Hash: ee852e89d270355da587a927c53c491954414a6bc17ea7e4a0642751e79c0332
Instruction Fuzzy Hash: 78819070900648EFDB01DFE4D955BEEBBF8AF05318F000969F915AB281DB74AA44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E1060 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E6E3E1060(void* __ecx, intOrPtr _a8) {
				long _v8;
				char _v16;
				char _v28;
				void* _v32;
				char _v36;
				struct _CRITICAL_SECTION* _v40;
				void* _v44;
				intOrPtr _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t33;
				long _t38;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr _t42;
				intOrPtr _t45;
				intOrPtr* _t51;
				long _t54;
				void* _t58;
				intOrPtr* _t60;
				intOrPtr* _t72;
				intOrPtr _t75;
				intOrPtr _t76;
				void* _t79;
				signed int _t80;
				signed int _t82;

				_push(0xffffffff);
				_push(E6E3FA878);
				_push( *[fs:0x0]);
				_t82 = (_t80 & 0xfffffff8) - 0x1c;
				_t33 =  *0x6e405204; // 0x2276585c
				_push(_t33 ^ _t82);
				 *[fs:0x0] =  &_v16;
				_t58 = __ecx;
				_v44 = __ecx;
				GetTickCount();
				_t38 = WaitForSingleObject( *(_t58 + 0x40), 0xfa);
				if(_t38 != 0) {
					while(_t38 != 0xffffffff) {
						_t39 = _t58 + 0x24;
						_v40 = _t39;
						EnterCriticalSection(_t39);
						_t72 =  *((intOrPtr*)(_t58 + 4));
						_t60 = _t58 + 4;
						_t79 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c))));
						_v8 = 0;
						_v36 = _t72;
						_v32 = _t79;
						while(1) {
							_t75 =  *((intOrPtr*)(_t60 + 0x18));
							_t42 =  *_t60;
							if(_t72 == 0 || _t72 != _t42) {
								E6E3E3E0D();
							}
							if(_t79 == _t75) {
								break;
							}
							if(_t72 != 0) {
								_t45 =  *_t72;
							} else {
								E6E3E3E0D();
								_t45 = 0;
							}
							if(_t79 ==  *((intOrPtr*)(_t45 + 0x18))) {
								E6E3E3E0D();
							}
							_t76 = _a8;
							if( *((intOrPtr*)(_t76 + 0x5a0)) == 0) {
								L19:
								E6E3E0460( &_v36, _t69);
								_t79 = _v32;
								_t72 = _v36;
								continue;
							} else {
								SetEvent( *(_t76 + 0x59c));
								if( *(_t76 + 0x598) == 0) {
									L17:
									E6E3DB710(_t60, _t69, _t79);
									E6E3E2756(_t60, _t72, _t76, _t96, _t76);
									_push(_t79);
									_push(_t72);
									_push( &_v28);
									_t51 = E6E3E0D90(_t60, _t69);
									_t72 =  *_t51;
									_t79 =  *((intOrPtr*)(_t51 + 4));
									_v48 = _t72;
									_v44 = _t79;
									E6E3D7C70(_t60, _t72, _t79, 0x6e4064d8, "[%u] HttpDelete by Async", _t76);
									_t82 = _t82 + 0x10;
									continue;
								} else {
									if(GetCurrentThreadId() ==  *((intOrPtr*)(_t76 + 0x594))) {
										goto L19;
									} else {
										_t69 =  *(_t76 + 0x598);
										_t54 = WaitForSingleObject( *(_t76 + 0x598), 0);
										_t96 = _t54;
										if(_t54 != 0) {
											goto L19;
										} else {
											goto L17;
										}
									}
								}
							}
							goto L21;
						}
						_v8 = 0xffffffff;
						LeaveCriticalSection(_v40);
						_t69 = _v44;
						_t38 = WaitForSingleObject( *(_v44 + 0x40), 0xfa);
						__eflags = _t38;
						if(_t38 != 0) {
							_t58 = _v44;
							continue;
						}
						goto L21;
					}
				}
				L21:
				 *[fs:0x0] = _v16;
				return _t38;
			}

0x6e3e1066
0x6e3e1068
0x6e3e1073
0x6e3e1074
0x6e3e107b
0x6e3e1082
0x6e3e1087
0x6e3e108d
0x6e3e108f
0x6e3e1093
0x6e3e10a2
0x6e3e10aa
0x6e3e10b6
0x6e3e10bf
0x6e3e10c3
0x6e3e10c7
0x6e3e10d2
0x6e3e10d5
0x6e3e10d8
0x6e3e10da
0x6e3e10e2
0x6e3e10e6
0x6e3e10f0
0x6e3e10f0
0x6e3e10f3
0x6e3e10f7
0x6e3e10fd
0x6e3e10fd
0x6e3e1104
0x00000000
0x00000000
0x6e3e110c
0x6e3e11ad
0x6e3e1112
0x6e3e1112
0x6e3e1117
0x6e3e1117
0x6e3e111c
0x6e3e111e
0x6e3e111e
0x6e3e1123
0x6e3e112d
0x6e3e11b4
0x6e3e11b8
0x6e3e11bd
0x6e3e11c1
0x00000000
0x6e3e1133
0x6e3e113a
0x6e3e1147
0x6e3e116a
0x6e3e116c
0x6e3e1172
0x6e3e117a
0x6e3e117b
0x6e3e1180
0x6e3e1183
0x6e3e1188
0x6e3e118a
0x6e3e1198
0x6e3e119c
0x6e3e11a0
0x6e3e11a5
0x00000000
0x6e3e1149
0x6e3e1155
0x00000000
0x6e3e1157
0x6e3e1157
0x6e3e1160
0x6e3e1166
0x6e3e1168
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3e1168
0x6e3e1155
0x6e3e1147
0x00000000
0x6e3e112d
0x6e3e11cf
0x6e3e11d7
0x6e3e11dd
0x6e3e11ea
0x6e3e11f0
0x6e3e11f2
0x6e3e10b2
0x00000000
0x6e3e10b2
0x00000000
0x6e3e11f2
0x6e3e10b6
0x6e3e11f8
0x6e3e11fc
0x6e3e120b

APIs

GetTickCount.KERNEL32 ref: 6E3E1093
WaitForSingleObject.KERNEL32(?,000000FA), ref: 6E3E10A2
EnterCriticalSection.KERNEL32(?), ref: 6E3E10C7
SetEvent.KERNEL32(?), ref: 6E3E113A
GetCurrentThreadId.KERNEL32 ref: 6E3E1149
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 6E3E1160
LeaveCriticalSection.KERNEL32(?), ref: 6E3E11D7
WaitForSingleObject.KERNEL32(?,000000FA), ref: 6E3E11EA

Strings

[%u] HttpDelete by Async, xrefs: 6E3E118E

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ObjectSingleWait$CriticalSection$CountCurrentEnterEventLeaveThreadTick
String ID: [%u] HttpDelete by Async
API String ID: 1722845734-426803185
Opcode ID: 6007b71f862f3478877bb0890b008812c491cf20e6f703c13ad667c4012ae3c3
Instruction ID: b33d1cf86abe983c04f95178dd3e31eb2ee448bbd97e1355b8b72584d41610cd
Opcode Fuzzy Hash: 6007b71f862f3478877bb0890b008812c491cf20e6f703c13ad667c4012ae3c3
Instruction Fuzzy Hash: 1A41A271104715DFC750DFA4D884B5BBBE8FF89314F100A5AE96A9B685DB31E808CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D86B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 69
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E3D86B0(void* __fp0, intOrPtr _a4) {
				long _v4;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __ebp;
				long _t15;
				intOrPtr _t17;
				intOrPtr _t22;
				void* _t23;
				struct _CRITICAL_SECTION* _t31;
				void* _t32;
				void* _t33;
				void* _t34;

				_t42 = __fp0;
				_t32 = _t23;
				E6E3D8640(_t23, __fp0);
				_t33 = GetTickCount;
				_t15 = GetTickCount();
				_t22 = _a4;
				_v4 = _t15;
				while( *((intOrPtr*)(_t22 + 0xc)) != 0) {
					_t31 = _t22 + 0x24;
					EnterCriticalSection(_t31);
					E6E3D7E10(_t22, 0);
					_t17 =  *((intOrPtr*)(_t22 + 8));
					_push(_t31);
					if(_t17 <=  *((intOrPtr*)(_t22 + 0xc))) {
						LeaveCriticalSection();
						return _t17;
					}
					LeaveCriticalSection();
					_t15 = WaitForSingleObject( *(_t32 + 0x59c), 0x32);
					if(_t15 == 0) {
						break;
					}
					_t15 = GetTickCount() - _v4;
					if(_t15 > 0x7d0) {
						break;
					}
					_t15 = GetTickCount();
					if(_t15 >  *((intOrPtr*)(_t32 + 0x90)) + 0x3e8) {
						 *((intOrPtr*)(_t32 + 0x90)) = GetTickCount();
						_t15 = E6E3D8280(_t32, _t42);
						if( *(_t32 + 0x538) != 0) {
							E6E3D7C70(_t22, _t31, _t33, 0x6e4064d8, "[%u] callback", _t32);
							_t15 =  *(_t32 + 0x538);
							_t34 = _t34 + 0xc;
							if(_t15 != 0) {
								_t15 =  *((intOrPtr*)( *((intOrPtr*)( *_t15))))(_t15, _t32, _t32 + 0xb4);
							}
						}
					}
				}
				return _t15;
			}

0x6e3d86b0
0x6e3d86b5
0x6e3d86b7
0x6e3d86bc
0x6e3d86c2
0x6e3d86c4
0x6e3d86c8
0x6e3d86d0
0x6e3d86da
0x6e3d86de
0x6e3d86e8
0x6e3d86ed
0x6e3d86f3
0x6e3d86f4
0x6e3d877f
0x00000000
0x6e3d877f
0x6e3d86fa
0x6e3d8709
0x6e3d8711
0x00000000
0x00000000
0x6e3d8715
0x6e3d871e
0x00000000
0x00000000
0x6e3d8720
0x6e3d8730
0x6e3d8736
0x6e3d873c
0x6e3d8748
0x6e3d8755
0x6e3d875a
0x6e3d8760
0x6e3d8765
0x6e3d8778
0x6e3d8778
0x6e3d8765
0x6e3d8748
0x6e3d8730
0x6e3d878a

APIs

Part of subcall function 6E3D8640: GetTickCount.KERNEL32 ref: 6E3D864A
Part of subcall function 6E3D8640: GetTickCount.KERNEL32 ref: 6E3D865C

GetTickCount.KERNEL32 ref: 6E3D86C2
EnterCriticalSection.KERNEL32(?), ref: 6E3D86DE

Part of subcall function 6E3D7E10: GetTickCount.KERNEL32 ref: 6E3D7E15
Part of subcall function 6E3D7E10: EnterCriticalSection.KERNEL32(?,?,?,6E3D8389,00000000,?,?,15555555), ref: 6E3D7E21
Part of subcall function 6E3D7E10: LeaveCriticalSection.KERNEL32(?,?,?,6E3D8389,00000000,?,?,15555555), ref: 6E3D7E7D

LeaveCriticalSection.KERNEL32(?,00000000), ref: 6E3D86FA
WaitForSingleObject.KERNEL32(?,00000032), ref: 6E3D8709
GetTickCount.KERNEL32 ref: 6E3D8713
GetTickCount.KERNEL32 ref: 6E3D8720
GetTickCount.KERNEL32 ref: 6E3D8732
LeaveCriticalSection.KERNEL32(?,00000000), ref: 6E3D877F

Strings

[%u] callback, xrefs: 6E3D874B

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CountTick$CriticalSection$Leave$Enter$ObjectSingleWait
String ID: [%u] callback
API String ID: 4197149237-1007728669
Opcode ID: ab40e4d0172d04614f5ae8470bb2386d6bd959f4ca56f1deef3b01d7d6b3d288
Instruction ID: 271e2fb544036643d22694e04cf295862afb2d851c53d42fe2c1361f6bb7c8bc
Opcode Fuzzy Hash: ab40e4d0172d04614f5ae8470bb2386d6bd959f4ca56f1deef3b01d7d6b3d288
Instruction Fuzzy Hash: C721C0721007019FD710DFB4DC84BABB7ACEF85365F104819E66A8B285CB31F808CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D2CF5 Relevance: 15.1, APIs: 10, Instructions: 68
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3D2CF5(struct HINSTANCE__* __eax, long __ecx) {
				struct tagMSG _v32;
				struct HWND__* _t7;
				long _t8;
				long _t11;
				int _t12;
				struct HWND__** _t31;

				_t31 = __ecx;
				_t7 = CreateDialogParamW(__eax, 0x3e9, 0, 0x6e3d2cd0, __ecx);
				 *_t31 = _t7;
				if(_t7 == 0) {
					_t8 = GetLastError();
					_t31[2] = 1;
					return _t8;
				} else {
					ShowWindow(_t7, 0);
					ShowWindow( *_t31, 5);
					_t11 = GetWindowLongW( *_t31, 0xfffffff0);
					if(_t11 != 0) {
						SetWindowLongW( *_t31, 0xfffffff0, _t11);
					}
					_t12 = GetMessageW( &_v32, 0, 0, 0);
					if(_t12 != 0) {
						do {
							TranslateMessage( &_v32);
							DispatchMessageW( &_v32);
							_t12 = GetMessageW( &_v32, 0, 0, 0);
						} while (_t12 != 0);
					}
					return _t12;
				}
			}

0x6e3d2cf9
0x6e3d2d09
0x6e3d2d0f
0x6e3d2d13
0x6e3d2d8d
0x6e3d2d93
0x6e3d2d9e
0x6e3d2d15
0x6e3d2d1f
0x6e3d2d26
0x6e3d2d2d
0x6e3d2d35
0x6e3d2d3d
0x6e3d2d3d
0x6e3d2d54
0x6e3d2d58
0x6e3d2d67
0x6e3d2d6c
0x6e3d2d73
0x6e3d2d80
0x6e3d2d82
0x6e3d2d86
0x6e3d2d8c
0x6e3d2d8c

APIs

CreateDialogParamW.USER32(?,000003E9,00000000,6E3D2CD0), ref: 6E3D2D09
ShowWindow.USER32(00000000,00000000,?,?,000003E9,00000000,6E3D2CD0), ref: 6E3D2D1F
ShowWindow.USER32(?,00000005,?,?,000003E9,00000000,6E3D2CD0), ref: 6E3D2D26
GetWindowLongW.USER32(?,000000F0), ref: 6E3D2D2D
SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 6E3D2D3D
GetMessageW.USER32(000003E9,00000000,00000000,00000000), ref: 6E3D2D54
TranslateMessage.USER32(6E3D2CD0), ref: 6E3D2D6C
DispatchMessageW.USER32(6E3D2CD0), ref: 6E3D2D73
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 6E3D2D80
GetLastError.KERNEL32(?,000003E9,00000000,6E3D2CD0), ref: 6E3D2D8D

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: MessageWindow$LongShow$CreateDialogDispatchErrorLastParamTranslate
String ID:
API String ID: 3651736782-0
Opcode ID: c67060b7d48c70cac2a10b4e98705c1cd8ee9987cbb7bafb19b57a6daa1ac7f3
Instruction ID: f6ef00cc81c32e6d3590379477f2df5470421bd803b878bd70a6dd5b7d8ed6fe
Opcode Fuzzy Hash: c67060b7d48c70cac2a10b4e98705c1cd8ee9987cbb7bafb19b57a6daa1ac7f3
Instruction Fuzzy Hash: 071191B6240706BBEA20AF69DC45F57B7ECAF45710F600A09F951EB1C4EA74F504CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F8440 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 449timeCOMMON

Download Yara Rule

APIs

KillTimer.USER32(00000000,00000064,?,E97A779A), ref: 6E4F84B3
SHGetValueW.SHLWAPI(80000001,Software\Ludashi,mini_sel_test,00000004,00000000,00000000), ref: 6E4F84E9
SetTimer.USER32(00000004,00000064,00000000,00000000), ref: 6E4F8504

Part of subcall function 6E50CA10: EnterCriticalSection.KERNEL32(6E56845C,E97A779A,?,00000000,?), ref: 6E50CA51
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(00000010), ref: 6E50CAC7
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(0000005C), ref: 6E50CAFD

Part of subcall function 6E50CA10: LeaveCriticalSection.KERNEL32(6E56845C), ref: 6E50CBDD

EnterCriticalSection.KERNEL32(6E56503C,pull_mininews_avoid_appinstalltime,00000022), ref: 6E4F892D
LeaveCriticalSection.KERNEL32(6E56503C), ref: 6E4F8970

Part of subcall function 6E4E91E0: FindResourceExW.KERNEL32(00000000,00000006,[jNn,00000000,00000000,?,?,?,6E4E6A5B,?), ref: 6E4E921E
Part of subcall function 6E4E91E0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,6E4E6A5B,?), ref: 6E4E9267

Strings

mini_sel_test, xrefs: 6E4F84DA
pull_mininews_avoid_appinstalltime, xrefs: 6E4F88F4, 6E4F8906, 6E4F8910
Software\Ludashi, xrefs: 6E4F84DF

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$EnterFindInitializeLeaveResourceTimer$KillValue
String ID: Software\Ludashi$mini_sel_test$pull_mininews_avoid_appinstalltime
API String ID: 3858426034-3847250660
Opcode ID: c49926b8db0979434ec26ef751c88fdc4707326a0c8f2e0246a526d603bebde9
Instruction ID: 144712f8f94e7886611bda4ac93870ec78fa1fa6ee3056ce0b5d8d256858cf39
Opcode Fuzzy Hash: c49926b8db0979434ec26ef751c88fdc4707326a0c8f2e0246a526d603bebde9
Instruction Fuzzy Hash: B9029B70900608DBDB00CFF9C854BEEB7B8AF49719F1045AAD516AB3D1EB349A05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F44F0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 181COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E4F4571
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E4F45D8
__Getctype.LIBCPMT ref: 6E4F4621
__Getcvt.LIBCPMT ref: 6E4F4631
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6E4F4692
std::_Lockit::~_Lockit.LIBCPMT ref: 6E4F4749
__CxxThrowException@8.LIBVCRUNTIME ref: 6E4F477A

Strings

bad locale name, xrefs: 6E4F4764

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: std::_$Locinfo::_Lockit$Exception@8GetctypeGetcvtLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throw
String ID: bad locale name
API String ID: 3553424984-1405518554
Opcode ID: ef5fcd86089f8ae972b6ac0be224fdb60cb0f9897803bea3cd0fc9300d693994
Instruction ID: af2ca49871c11724faa67acd75728412f2d8b3581fb37006baa0bf9eb3959b00
Opcode Fuzzy Hash: ef5fcd86089f8ae972b6ac0be224fdb60cb0f9897803bea3cd0fc9300d693994
Instruction Fuzzy Hash: 2E81ACB0D04388DAEB00CFF8CA04BCEBBF8AF51704F104599D554AB382EBB59A49CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E53422F Relevance: 13.8, APIs: 9, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfa08d7131c649abce45faeead4af12aa3c4751b6f8850638d7ba852c7fd7aff
Instruction ID: 5d28eda6f5e63ecea29d627be055b447d92aaabed814bf184f7aa6d70a606b57
Opcode Fuzzy Hash: cfa08d7131c649abce45faeead4af12aa3c4751b6f8850638d7ba852c7fd7aff
Instruction Fuzzy Hash: BCC1E470E0425A9FDF42CFE8C850BEDBBF5AF4A314F244554E514AB392EB329942CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D2CF0 Relevance: 13.6, APIs: 9, Instructions: 64
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3D2CF0(long __ecx) {
				struct tagMSG _v32;
				struct HINSTANCE__* _t6;
				struct HWND__* _t7;
				long _t8;
				long _t11;
				int _t12;
				struct HWND__** _t32;

				_t6 =  *0x6e4064d0; // 0x6e3d0000
				_t32 = __ecx;
				_t7 = CreateDialogParamW(_t6, 0x3e9, 0, 0x6e3d2cd0, __ecx);
				 *_t32 = _t7;
				if(_t7 == 0) {
					_t8 = GetLastError();
					_t32[2] = 1;
					return _t8;
				} else {
					ShowWindow(_t7, 0);
					ShowWindow( *_t32, 5);
					_t11 = GetWindowLongW( *_t32, 0xfffffff0);
					if(_t11 != 0) {
						SetWindowLongW( *_t32, 0xfffffff0, _t11);
					}
					_t12 = GetMessageW( &_v32, 0, 0, 0);
					if(_t12 != 0) {
						do {
							TranslateMessage( &_v32);
							DispatchMessageW( &_v32);
							_t12 = GetMessageW( &_v32, 0, 0, 0);
						} while (_t12 != 0);
					}
					return _t12;
				}
			}

0x6e3d2cf0
0x6e3d2cf9
0x6e3d2d09
0x6e3d2d0f
0x6e3d2d13
0x6e3d2d8d
0x6e3d2d93
0x6e3d2d9e
0x6e3d2d15
0x6e3d2d1f
0x6e3d2d26
0x6e3d2d2d
0x6e3d2d35
0x6e3d2d3d
0x6e3d2d3d
0x6e3d2d54
0x6e3d2d58
0x6e3d2d67
0x6e3d2d6c
0x6e3d2d73
0x6e3d2d80
0x6e3d2d82
0x6e3d2d86
0x6e3d2d8c
0x6e3d2d8c

APIs

CreateDialogParamW.USER32(?,000003E9,00000000,6E3D2CD0), ref: 6E3D2D09
ShowWindow.USER32(00000000,00000000,?,?,000003E9,00000000,6E3D2CD0), ref: 6E3D2D1F
ShowWindow.USER32(?,00000005,?,?,000003E9,00000000,6E3D2CD0), ref: 6E3D2D26
GetWindowLongW.USER32(?,000000F0), ref: 6E3D2D2D
SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 6E3D2D3D
GetMessageW.USER32(000003E9,00000000,00000000,00000000), ref: 6E3D2D54
TranslateMessage.USER32(6E3D2CD0), ref: 6E3D2D6C
DispatchMessageW.USER32(6E3D2CD0), ref: 6E3D2D73
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 6E3D2D80
GetLastError.KERNEL32(?,000003E9,00000000,6E3D2CD0), ref: 6E3D2D8D

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: MessageWindow$LongShow$CreateDialogDispatchErrorLastParamTranslate
String ID:
API String ID: 3651736782-0
Opcode ID: 5a1f0a57a542dd71da55810299f6573b8845ee444d1ea1db02feb9276fdb14ca
Instruction ID: d86314da726ed187295206b775f1f47d6db462e672e8bc74fc4045a534ce02a6
Opcode Fuzzy Hash: 5a1f0a57a542dd71da55810299f6573b8845ee444d1ea1db02feb9276fdb14ca
Instruction Fuzzy Hash: 9C1170B2640306BBEA10AFA9DD45F56B7ECAF45B10F200609BA51EB1C4DA74F504CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F63C0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 318windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6E50CA10: EnterCriticalSection.KERNEL32(6E56845C,E97A779A,?,00000000,?), ref: 6E50CA51
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(00000010), ref: 6E50CAC7
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(0000005C), ref: 6E50CAFD

EnterCriticalSection.KERNEL32(6E565020,00000000), ref: 6E4F6570

Part of subcall function 6E50CA10: LeaveCriticalSection.KERNEL32(6E56845C), ref: 6E50CBDD

LeaveCriticalSection.KERNEL32(6E565020), ref: 6E4F65B8
EnterCriticalSection.KERNEL32(6E56503C,pull_mininews_avoid_appinstalltime,6E544CD0,00000000), ref: 6E4F66FC
LeaveCriticalSection.KERNEL32(6E56503C), ref: 6E4F673F
PostMessageW.USER32(?,00000465,00000000,00000000), ref: 6E4F67BA

Strings

pull_mininews_avoid_appinstalltime, xrefs: 6E4F66DF
IMininewsConfigEvent_QueryResult bSucess =, xrefs: 6E4F64E4

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Initialize$MessagePost
String ID: IMininewsConfigEvent_QueryResult bSucess =$pull_mininews_avoid_appinstalltime
API String ID: 3678589508-2512497124
Opcode ID: 8eb810bca178c554b6003a380b990fc205f7559c102d57ff9b2e70f2278d6ab7
Instruction ID: bc0d154aea7671b64b571d037d2ad19c8b958e68ca15a4ba18f352f6dfacb79e
Opcode Fuzzy Hash: 8eb810bca178c554b6003a380b990fc205f7559c102d57ff9b2e70f2278d6ab7
Instruction Fuzzy Hash: 0AD1A070901605DFDF00CFB8C854BADBBB4AF85724F14869AE426AB3D1DB349A06CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E52CBF1 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,000000FF,6E51A631,000000FF,00000007,?,6E51AD1B,000000FF,00000007,000000FF,?), ref: 6E52CBF5
_free.LIBCMT ref: 6E52CC28
_free.LIBCMT ref: 6E52CC50
SetLastError.KERNEL32(00000000,00000007,000000FF,?), ref: 6E52CC5D
SetLastError.KERNEL32(00000000,00000007,000000FF,?), ref: 6E52CC69
_abort.LIBCMT ref: 6E52CC6F

Strings

0eVn, xrefs: 6E52CC43

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID: 0eVn
API String ID: 3160817290-3650656507
Opcode ID: a246c361fb663e44b8f3cbc340bbf33d05bf46959799b90ce8f11122d573177f
Instruction ID: bbacf4470aa9b1ebc086025629dfdf01466055dfa39b87777c72782c8deaab34
Opcode Fuzzy Hash: a246c361fb663e44b8f3cbc340bbf33d05bf46959799b90ce8f11122d573177f
Instruction Fuzzy Hash: F0F02633044E006FC65262E95D04A9A16ED9FD2769F2A0834F728AF1D1FF20CC028254

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F6F00 Relevance: 12.2, APIs: 8, Instructions: 214threadwindowCOMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000000E), ref: 6E4F6F89
GetCurrentThreadId.KERNEL32 ref: 6E4F6FBC
EnterCriticalSection.KERNEL32(6E567D80), ref: 6E4F6FDC
LeaveCriticalSection.KERNEL32(6E567D80), ref: 6E4F7000
CreateWindowExW.USER32(00000000,?,00000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000,00000000), ref: 6E4F7044

Part of subcall function 6E505DDD: GetProcessHeap.KERNEL32(00000008,00000008,00000000,6E4F27EE), ref: 6E505DE2
Part of subcall function 6E505DDD: HeapAlloc.KERNEL32(00000000), ref: 6E505DE9

DestroyWindow.USER32(?), ref: 6E4F7072
PostQuitMessage.USER32(00000000), ref: 6E4F707A

Part of subcall function 6E4F1500: EnterCriticalSection.KERNEL32(?,E97A779A), ref: 6E4F1570
Part of subcall function 6E4F1500: GetClassInfoExW.USER32(00000000,?,?), ref: 6E4F15A7
Part of subcall function 6E4F1500: GetClassInfoExW.USER32(00000000,?,00000030), ref: 6E4F15BE
Part of subcall function 6E4F1500: LeaveCriticalSection.KERNEL32(?), ref: 6E4F15D2

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$ClassEnterHeapInfoLeaveWindow$AllocCreateCurrentDestroyErrorLastMessagePostProcessQuitThread
String ID:
API String ID: 208376217-0
Opcode ID: 51d27f3596c2d96287897f512009df210a7ed77878011a0dece6627e02071a38
Instruction ID: 2b83950bdea586d52e27071058a1e299b3dc975db09868091e167ee1758e3cfe
Opcode Fuzzy Hash: 51d27f3596c2d96287897f512009df210a7ed77878011a0dece6627e02071a38
Instruction Fuzzy Hash: E881DF70A14705DFEB10CFA8C844FAABBB4FB81714F104A2AE815873D1DB75A916CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F0A50 Relevance: 12.1, APIs: 8, Instructions: 117fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000001,00000001,00000000,00000003,00000001,00000000), ref: 6E4F0A86
CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 6E4F0AAD
MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 6E4F0AC0
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 6E4F0AD8
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 6E4F0AE3
UnmapViewOfFile.KERNEL32(?), ref: 6E4F0B23
CloseHandle.KERNEL32(?), ref: 6E4F0B32
CloseHandle.KERNEL32(00000000), ref: 6E4F0B35

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: File$CloseCreateHandlePointerView$MappingUnmap
String ID:
API String ID: 1912120305-0
Opcode ID: bc04b1601646a8990d419b734a43b9cb8279c5d1974cf41ec23184f0a495d763
Instruction ID: 8bbc2e8e71d74728440f916499e832239cb2492d9086300086aa0e5df9c64688
Opcode Fuzzy Hash: bc04b1601646a8990d419b734a43b9cb8279c5d1974cf41ec23184f0a495d763
Instruction Fuzzy Hash: 9C317531A41218E7DB119FF58C55FDFBBACEF86718F21411AB908AB281EB709D51C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DAD40 Relevance: 12.1, APIs: 8, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E6E3DAD40() {
				char _v4;
				char _v12;
				intOrPtr* _v16;
				void* __ecx;
				void* __edi;
				signed int _t54;
				intOrPtr _t66;
				intOrPtr* _t74;
				intOrPtr* _t87;
				signed int _t92;

				_push(0xffffffff);
				_push(E6E3FA2BE);
				_push( *[fs:0x0]);
				_push(_t74);
				_t54 =  *0x6e405204; // 0x2276585c
				_push(_t54 ^ _t92);
				 *[fs:0x0] =  &_v12;
				_t87 = _t74;
				_v16 = _t87;
				 *_t87 = 0x6e3fbcac;
				InitializeCriticalSection(_t87 + 0x34);
				 *((intOrPtr*)(_t87 + 0x10)) = 0;
				 *((intOrPtr*)(_t87 + 0x18)) = 0;
				 *((intOrPtr*)(_t87 + 0x1c)) = 0;
				 *((intOrPtr*)(_t87 + 0x14)) = 0;
				 *((intOrPtr*)(_t87 + 0x28)) = 0;
				 *((intOrPtr*)(_t87 + 0x2c)) = 0;
				 *((intOrPtr*)(_t87 + 0x20)) = 0;
				 *((intOrPtr*)(_t87 + 0x30)) = GetTickCount();
				_v4 = 0;
				InitializeCriticalSection(_t87 + 0x74);
				 *((intOrPtr*)(_t87 + 0x50)) = 0;
				 *((intOrPtr*)(_t87 + 0x58)) = 0;
				 *((intOrPtr*)(_t87 + 0x5c)) = 0;
				 *((intOrPtr*)(_t87 + 0x54)) = 0;
				 *((intOrPtr*)(_t87 + 0x68)) = 0;
				 *((intOrPtr*)(_t87 + 0x6c)) = 0;
				 *((intOrPtr*)(_t87 + 0x60)) = 0;
				 *((intOrPtr*)(_t87 + 0x70)) = GetTickCount();
				_v4 = 1;
				E6E3E1850(0);
				_t84 = _t87 + 0xb4;
				_v4 = 2;
				E6E3E2850(_t87 + 0xb4, _t84, 0, 0x484);
				 *((intOrPtr*)(_t87 + 0x544)) = 0;
				 *((intOrPtr*)(_t87 + 0x550)) = 0;
				 *((intOrPtr*)(_t87 + 0x554)) = 0;
				 *((intOrPtr*)(_t87 + 0x558)) = 0;
				 *((intOrPtr*)(_t87 + 0x53c)) = 0x1e;
				 *((intOrPtr*)(_t87 + 0x540)) = 0x270f;
				 *(_t87 + 0x55c) = 1;
				 *((intOrPtr*)(_t87 + 0x548)) = 0xea60;
				 *((intOrPtr*)(_t87 + 0x54c)) = 0xa;
				E6E3E1850(0);
				_v4 = 3;
				E6E3E1850(0);
				 *((intOrPtr*)(_t87 + 0x5bc)) = 0xf;
				 *((intOrPtr*)(_t87 + 0x5b8)) = 0;
				 *((char*)(_t87 + 0x5a8)) = 0;
				_v4 = 5;
				 *((intOrPtr*)(_t87 + 0x59c)) = CreateEventW(0, 1, 0, 0);
				 *((intOrPtr*)(_t87 + 0x598)) = 0;
				 *((intOrPtr*)(_t87 + 0x594)) = 0;
				 *((intOrPtr*)(_t87 + 0x538)) = 0;
				 *((intOrPtr*)(_t87 + 0x560)) = 0;
				 *((intOrPtr*)(_t87 + 0x5a0)) = 0;
				 *((intOrPtr*)(_t87 + 0xac)) = 0;
				 *((intOrPtr*)(_t87 + 0xb0)) = 0;
				_t66 =  *0x6e4064d4; // 0x0
				 *((intOrPtr*)(_t87 + 8)) = _t66;
				E6E3E2850(_t84, _t84, 0, 0x484);
				E6E3E2850(_t84, _t87 + 0x4dc0, 0, 0x800);
				E6E3D95A0(_t87);
				 *[fs:0x0] = _v12;
				return _t87;
			}

0x6e3dad40
0x6e3dad42
0x6e3dad4d
0x6e3dad4e
0x6e3dad53
0x6e3dad5a
0x6e3dad5f
0x6e3dad65
0x6e3dad67
0x6e3dad75
0x6e3dad7b
0x6e3dad85
0x6e3dad88
0x6e3dad8b
0x6e3dad8e
0x6e3dad91
0x6e3dad94
0x6e3dad97
0x6e3dad9c
0x6e3dada3
0x6e3dada7
0x6e3dada9
0x6e3dadac
0x6e3dadaf
0x6e3dadb2
0x6e3dadb5
0x6e3dadb8
0x6e3dadbb
0x6e3dadc0
0x6e3dadc9
0x6e3dadce
0x6e3dadd8
0x6e3dade0
0x6e3dade5
0x6e3dadea
0x6e3dadf0
0x6e3dadf6
0x6e3dadfc
0x6e3dae0b
0x6e3dae15
0x6e3dae1f
0x6e3dae29
0x6e3dae33
0x6e3dae3d
0x6e3dae48
0x6e3dae4d
0x6e3dae52
0x6e3dae5c
0x6e3dae62
0x6e3dae6d
0x6e3dae7d
0x6e3dae83
0x6e3dae89
0x6e3dae8f
0x6e3dae95
0x6e3dae9b
0x6e3daea1
0x6e3daea7
0x6e3daead
0x6e3daeb3
0x6e3daeb7
0x6e3daec9
0x6e3daed3
0x6e3daede
0x6e3daeed

APIs

InitializeCriticalSection.KERNEL32(?,2276585C,?,?,?,?,?,?,6E3FA2BE,000000FF), ref: 6E3DAD7B
GetTickCount.KERNEL32 ref: 6E3DAD9A
InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,6E3FA2BE,000000FF), ref: 6E3DADA7
GetTickCount.KERNEL32 ref: 6E3DADBE
_memset.LIBCMT ref: 6E3DADE5
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6E3DAE72
_memset.LIBCMT ref: 6E3DAEB7
_memset.LIBCMT ref: 6E3DAEC9

Part of subcall function 6E3D95A0: _memset.LIBCMT ref: 6E3D95C6
Part of subcall function 6E3D95A0: _memset.LIBCMT ref: 6E3D95D8
Part of subcall function 6E3D95A0: GetTickCount.KERNEL32 ref: 6E3D962C

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: _memset$CountTick$CriticalInitializeSection$CreateEvent
String ID:
API String ID: 505661922-0
Opcode ID: 5857b456bf7d8caac7cadf8afffa72f40faf04715c3cadc82950991e4d331753
Instruction ID: 5148e1423bf2e4a26776aa18850d86818b8df33ed58681e567cdaa8a9bdfea14
Opcode Fuzzy Hash: 5857b456bf7d8caac7cadf8afffa72f40faf04715c3cadc82950991e4d331753
Instruction Fuzzy Hash: F241C4B1904F409FD320DF6AC980797FBE8FB49705F900A2ED1AE86A41D775A548CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E53013A Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E5301BC
_free.LIBCMT ref: 6E5301E0
_free.LIBCMT ref: 6E530367
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E553C00), ref: 6E530379
WideCharToMultiByte.KERNEL32(00000000,00000000,6E569974,000000FF,00000000,0000003F,00000000,?,?), ref: 6E5303F1
WideCharToMultiByte.KERNEL32(00000000,00000000,6E5699C8,000000FF,?,0000003F,00000000,?), ref: 6E53041E
_free.LIBCMT ref: 6E530533

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 1a0bef6c1360fc992d99933e45b72a2153a59b047e71a9df1d64cf4762332618
Instruction ID: 27ad07af6126d20319c353d1383408dafb5c35c066204442450573e492c7dc16
Opcode Fuzzy Hash: 1a0bef6c1360fc992d99933e45b72a2153a59b047e71a9df1d64cf4762332618
Instruction Fuzzy Hash: 41C1F7719043659FDB50CFE8C850AEABBFCAF86314F2445AAE594A7191FB318E42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E8E10 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 297COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E565004,E97A779A), ref: 6E4E8E53
LeaveCriticalSection.KERNEL32(6E565004), ref: 6E4E8E9C
SHGetValueW.SHLWAPI(80000001,00000010,showtype,00000004,?,?), ref: 6E4E8EED

Strings

close ever, xrefs: 6E4E8FD3
less than 7 day, xrefs: 6E4E911F
showtype, xrefs: 6E4E8EE2

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$EnterLeaveValue
String ID: close ever$less than 7 day$showtype
API String ID: 1327302620-3545935292
Opcode ID: 7fdc4a1bafe3cc23cf4e8c130cae21700636bd3cfef9ef97cd7af577db6f645e
Instruction ID: 1ac20039fa9807f0af0df1c9c15254afb221881737577b3f140a43e9342dda83
Opcode Fuzzy Hash: 7fdc4a1bafe3cc23cf4e8c130cae21700636bd3cfef9ef97cd7af577db6f645e
Instruction Fuzzy Hash: AAC1E170D01208DFEB00CFB8C844BEDBBB4AF45325F1486AAD525AB3D1DB759A05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E53A9A5 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(02EC21F8,02EC21F8,?,7FFFFFFF,?,?,6E53AC7E,02EC21F8,02EC21F8,?,02EC21F8,?,?,?,?,02EC21F8), ref: 6E53AA51
MultiByteToWideChar.KERNEL32(02EC21F8,00000009,02EC21F8,02EC21F8,00000000,00000000,?,6E53AC7E,02EC21F8,02EC21F8,?,02EC21F8,?,?,?,?), ref: 6E53AAD4
MultiByteToWideChar.KERNEL32(02EC21F8,00000001,02EC21F8,02EC21F8,00000000,6E53AC7E,?,6E53AC7E,02EC21F8,02EC21F8,?,02EC21F8,?,?,?,?), ref: 6E53AB67
MultiByteToWideChar.KERNEL32(02EC21F8,00000009,02EC21F8,02EC21F8,00000000,00000000,?,6E53AC7E,02EC21F8,02EC21F8,?,02EC21F8,?,?,?,?), ref: 6E53AB7E

Part of subcall function 6E52E010: HeapAlloc.KERNEL32(00000000,?,?,?,6E514890,?,?,6E4F28FA,00000010,E97A779A,?,?,6E53E3CF,000000FF), ref: 6E52E042

MultiByteToWideChar.KERNEL32(02EC21F8,00000001,02EC21F8,02EC21F8,00000000,02EC21F8,?,6E53AC7E,02EC21F8,02EC21F8,?,02EC21F8,?,?,?,?), ref: 6E53ABFA
__freea.LIBCMT ref: 6E53AC25
__freea.LIBCMT ref: 6E53AC31

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocHeapInfo
String ID:
API String ID: 2171645-0
Opcode ID: 5137bffa6f9ab2291450fe72357c3baeddea87513d838179069baab24396c18e
Instruction ID: b0cf842834d9f0094c91e17b53310b9a2add8415e6aa27a6b26ffdf1d08fa1d7
Opcode Fuzzy Hash: 5137bffa6f9ab2291450fe72357c3baeddea87513d838179069baab24396c18e
Instruction Fuzzy Hash: 8D91A572E0022A9FDF118EE5C961EEEBBF59B49354F244959E910E7182F735DC40C760

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E1D00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 216
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E3E1D00(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				char _v8;
				char _v16;
				char _v20;
				char _v276;
				char _v280;
				char _v288;
				char _v292;
				intOrPtr _v300;
				char _v324;
				intOrPtr _v328;
				intOrPtr _v336;
				intOrPtr _v344;
				char _v348;
				struct _CRITICAL_SECTION* _v352;
				intOrPtr _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				intOrPtr _v372;
				signed int _v376;
				intOrPtr _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v393;
				void* _v396;
				intOrPtr _v400;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t82;
				char _t89;
				signed int _t98;
				struct _CRITICAL_SECTION* _t99;
				intOrPtr _t102;
				intOrPtr* _t108;
				char _t114;
				intOrPtr _t117;
				char _t131;
				void* _t135;
				intOrPtr _t137;
				char _t139;
				void* _t162;
				signed int _t165;
				intOrPtr _t173;
				intOrPtr* _t176;
				signed int _t179;
				intOrPtr* _t180;
				intOrPtr _t182;
				intOrPtr* _t183;
				void* _t184;
				signed int _t185;
				signed int _t187;
				void* _t188;
				void* _t189;
				void* _t193;

				_t162 = __edx;
				_push(0xffffffff);
				_push(E6E3FAAF7);
				_push( *[fs:0x0]);
				_t187 = (_t185 & 0xfffffff8) - 0x180;
				_push(_t135);
				_t82 =  *0x6e405204; // 0x2276585c
				_push(_t82 ^ _t187);
				 *[fs:0x0] =  &_v16;
				_t173 = __ecx;
				_v344 = __ecx;
				_t178 = _a4;
				E6E3D7C70(_t135, __ecx, _t184, 0x6e4064d8, "CancelTask %s", _a4);
				_t188 = _t187 + 0xc;
				_v280 =  &_v276;
				E6E3D3370( &_v276,  &_v280, _t162, _a4, 3);
				_v16 = 0;
				E6E3D7A20(_v288);
				_t89 = _v292;
				_v20 = 2;
				_t191 = _t89 -  &_v288;
				if(_t89 !=  &_v288) {
					_push(_t89);
					E6E3E27B2(0, _t173, _t178, _t191);
					_t188 = _t188 + 4;
				}
				E6E3E1850(_t191);
				_v8 = 3;
				E6E3E0950(0, _t173, _t191,  &_v393);
				_v16 = 4;
				E6E3E12B0(0,  &_v384, 0x3e8,  &_v393);
				_push(0);
				_push( &_v388);
				_push(0x20);
				_push(_v400);
				E6E3E1920();
				_t189 = _t188 + 0x10;
				_t98 = _v372 - _v376 >> 2;
				_t179 = 0;
				if(_t98 <= 0) {
					L10:
					_t99 = _t173 + 0x24;
					_v392 = 0;
					_v352 = _t99;
					EnterCriticalSection(_t99);
					_t180 =  *((intOrPtr*)(_t173 + 4));
					_t137 =  *((intOrPtr*)( *((intOrPtr*)(_t173 + 0x1c))));
					_v8 = 5;
					_v384 = _t180;
					_v380 = _t137;
					while(1) {
						_t102 =  *((intOrPtr*)(_t173 + 4));
						_v328 =  *((intOrPtr*)(_t173 + 0x1c));
						if(_t180 == 0 || _t180 != _t102) {
							E6E3E3E0D();
						}
						if(_t137 == _v328) {
							break;
						}
						if(_t180 != 0) {
							_t182 =  *_t180;
						} else {
							E6E3E3E0D();
							_t182 = 0;
						}
						if(_t137 ==  *((intOrPtr*)(_t182 + 0x18))) {
							E6E3E3E0D();
						}
						_t183 =  *((intOrPtr*)(_t137 + 0xc));
						_t114 =  *((intOrPtr*)( *((intOrPtr*)( *_t183 + 0x40))))();
						_t139 = _v324;
						_t170 =  &_v348;
						_v348 = _t114;
						_v336 = _v300;
						_t176 = E6E3E07C0( &_v324,  &_v292,  &_v348);
						_t117 =  *_t176;
						if(_t117 == 0 || _t117 != _t139) {
							E6E3E3E0D();
						}
						if( *((intOrPtr*)(_t176 + 4)) != _v336) {
							_t170 =  *(_t183 + 0x59c);
							SetEvent( *(_t183 + 0x59c));
							if( *(_t183 + 0x598) != 0 && GetCurrentThreadId() !=  *((intOrPtr*)(_t183 + 0x594))) {
								WaitForSingleObject( *(_t183 + 0x598), 0);
							}
							_v392 = _v392 + 1;
						}
						E6E3E0460( &_v384, _t170);
						_t137 = _v380;
						_t180 = _v384;
						_t173 = _v344;
					}
					LeaveCriticalSection(_v352);
					_v8 = 3;
					E6E3E1A10( &_v324, _t184);
					_t105 = _v364;
					__eflags = _v364;
					if(__eflags != 0) {
						E6E3E2756(_t137, 0, _t180, __eflags, _t105);
						_t189 = _t189 + 4;
					}
					_t165 = _v376;
					_v364 = 0;
					_v360 = 0;
					_v356 = 0;
					E6E3E2756(_t137, 0, _t180, __eflags, _t165);
					_t108 = _v388 + 0xfffffff0;
					_v8 = 0xffffffff;
					asm("lock xadd [ecx], edx");
					__eflags = (_t165 | 0xffffffff) - 1;
					if((_t165 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t108)) + 4))))(_t108);
					}
					 *[fs:0x0] = _v16;
					return _v392;
				} else {
					_t193 = 0 - _t98;
					do {
						if(_t193 >= 0) {
							E6E3E3E0D();
						}
						_t126 =  *((intOrPtr*)(_v364 + _t179 * 4));
						if( *((intOrPtr*)(_v364 + _t179 * 4)) != 0) {
							_t131 = E6E3E5261(_t126);
							_t189 = _t189 + 4;
							_v392 = _t131;
							if(_t131 != 0) {
								_push( &_v392);
								_push( &_v292);
								E6E3E1360( &_v324);
							}
						}
						_t179 = _t179 + 1;
					} while (_t179 < _v360 - _v364 >> 2);
					goto L10;
				}
			}

0x6e3e1d00
0x6e3e1d06
0x6e3e1d08
0x6e3e1d13
0x6e3e1d14
0x6e3e1d1a
0x6e3e1d1d
0x6e3e1d24
0x6e3e1d2c
0x6e3e1d32
0x6e3e1d34
0x6e3e1d38
0x6e3e1d46
0x6e3e1d4b
0x6e3e1d5f
0x6e3e1d66
0x6e3e1d79
0x6e3e1d80
0x6e3e1d85
0x6e3e1d93
0x6e3e1d9b
0x6e3e1d9d
0x6e3e1d9f
0x6e3e1da0
0x6e3e1da5
0x6e3e1da5
0x6e3e1dac
0x6e3e1dbf
0x6e3e1dc7
0x6e3e1dd5
0x6e3e1ddd
0x6e3e1de6
0x6e3e1deb
0x6e3e1dec
0x6e3e1dee
0x6e3e1def
0x6e3e1dfc
0x6e3e1dff
0x6e3e1e02
0x6e3e1e06
0x6e3e1e53
0x6e3e1e53
0x6e3e1e57
0x6e3e1e5b
0x6e3e1e5f
0x6e3e1e6a
0x6e3e1e6d
0x6e3e1e6f
0x6e3e1e77
0x6e3e1e7b
0x6e3e1e80
0x6e3e1e83
0x6e3e1e88
0x6e3e1e8e
0x6e3e1e94
0x6e3e1e94
0x6e3e1e9d
0x00000000
0x00000000
0x6e3e1ea5
0x6e3e1f59
0x6e3e1eab
0x6e3e1eab
0x6e3e1eb0
0x6e3e1eb0
0x6e3e1eb5
0x6e3e1eb7
0x6e3e1eb7
0x6e3e1ebc
0x6e3e1ec6
0x6e3e1ecc
0x6e3e1ed0
0x6e3e1ed4
0x6e3e1ee0
0x6e3e1eee
0x6e3e1ef0
0x6e3e1ef4
0x6e3e1efa
0x6e3e1efa
0x6e3e1f06
0x6e3e1f08
0x6e3e1f0f
0x6e3e1f1c
0x6e3e1f35
0x6e3e1f35
0x6e3e1f3b
0x6e3e1f3b
0x6e3e1f43
0x6e3e1f48
0x6e3e1f4c
0x6e3e1f50
0x6e3e1f50
0x6e3e1f65
0x6e3e1f6f
0x6e3e1f77
0x6e3e1f7c
0x6e3e1f80
0x6e3e1f82
0x6e3e1f85
0x6e3e1f8a
0x6e3e1f8a
0x6e3e1f8d
0x6e3e1f92
0x6e3e1f96
0x6e3e1f9a
0x6e3e1f9e
0x6e3e1fa7
0x6e3e1fad
0x6e3e1fbe
0x6e3e1fc3
0x6e3e1fc5
0x6e3e1fcf
0x6e3e1fcf
0x6e3e1fdc
0x6e3e1fea
0x6e3e1e08
0x6e3e1e08
0x6e3e1e0a
0x6e3e1e0a
0x6e3e1e0c
0x6e3e1e0c
0x6e3e1e15
0x6e3e1e1a
0x6e3e1e1d
0x6e3e1e22
0x6e3e1e25
0x6e3e1e2b
0x6e3e1e31
0x6e3e1e39
0x6e3e1e3e
0x6e3e1e3e
0x6e3e1e2b
0x6e3e1e4b
0x6e3e1e4f
0x00000000
0x6e3e1e0a

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,00000003), ref: 6E3E1E5F

Part of subcall function 6E3E27B2: __lock.LIBCMT ref: 6E3E27D0
Part of subcall function 6E3E27B2: ___sbh_find_block.LIBCMT ref: 6E3E27DB
Part of subcall function 6E3E27B2: ___sbh_free_block.LIBCMT ref: 6E3E27EA
Part of subcall function 6E3E27B2: HeapFree.KERNEL32(00000000,00000001,6E403180,0000000C,6E3E59A4,00000000,6E403280,0000000C,6E3E59DE,00000001,6E3E8E8D,?,6E3E939D,00000004,6E4034B0,0000000C), ref: 6E3E281A
Part of subcall function 6E3E27B2: GetLastError.KERNEL32(?,6E3E939D,00000004,6E4034B0,0000000C,6E3E9495,00000001,6E3E8E9C,00000000,00000000,00000000,?,6E3E8E9C,00000001,00000214), ref: 6E3E282B

SetEvent.KERNEL32(?,?,?), ref: 6E3E1F0F
GetCurrentThreadId.KERNEL32 ref: 6E3E1F1E
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 6E3E1F35
LeaveCriticalSection.KERNEL32(?), ref: 6E3E1F65

Strings

CancelTask %s, xrefs: 6E3E1D3C

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$CurrentEnterErrorEventFreeHeapLastLeaveObjectSingleThreadWait___sbh_find_block___sbh_free_block__lock
String ID: CancelTask %s
API String ID: 47246925-1255384341
Opcode ID: 8c8f5581aa1add91c6bcb597be7218d992612d3f0228d43c008bfd1266b6ef31
Instruction ID: ecf384c7405c48c4fb67e76342286a2a927cbf13994a1b49f08fbc74d45d19c2
Opcode Fuzzy Hash: 8c8f5581aa1add91c6bcb597be7218d992612d3f0228d43c008bfd1266b6ef31
Instruction Fuzzy Hash: 36816BB25087519FC760CFA8C880A9BF7E8BFC9314F104A1EF59997650DB31E949CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E53615C Relevance: 10.7, APIs: 7, Instructions: 204COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E5361CB
_free.LIBCMT ref: 6E5361D9
_free.LIBCMT ref: 6E536307
_free.LIBCMT ref: 6E536312

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 30849d932f7cd72dda990ceec5f7ba8f48205bbb9864a9c7fb513e6c935458ea
Instruction ID: 5ae8bc99322a19fbae9795469c1c7b541a33e4e115bf4d3bf1b8ef45e5c3436f
Opcode Fuzzy Hash: 30849d932f7cd72dda990ceec5f7ba8f48205bbb9864a9c7fb513e6c935458ea
Instruction Fuzzy Hash: 0661E571D14315AFDB60CFE8C841BAABBF4EF45314F2049ADE954EB281EBB09D418B90

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F29E0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 182COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 6E4F2AC5
std::locale::_Init.LIBCPMT ref: 6E4F2B48

Strings

ios_base::badbit set, xrefs: 6E4F2C0B, 6E4F2C34
ios_base::failbit set, xrefs: 6E4F2C15
ios_base::eofbit set, xrefs: 6E4F2C1A

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Initstd::locale::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 1620887387-1866435925
Opcode ID: 79bb74c8f933eb835ba383bd873c0aca9aa06cb1f166f879f51dd3e5692149af
Instruction ID: c7a63457aec28f26a0dbacc1d4ffa644448552a322a0df11b17310c459fee968
Opcode Fuzzy Hash: 79bb74c8f933eb835ba383bd873c0aca9aa06cb1f166f879f51dd3e5692149af
Instruction Fuzzy Hash: B27133B0900745DFEB10CFA8C585B86BBF4FB48314F00866AD95A9B785E7B5E909CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E4D40 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 175COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E4E4E8C
___std_exception_copy.LIBVCRUNTIME ref: 6E4E4EE2

Strings

ios_base::badbit set, xrefs: 6E4E4E54, 6E4E4E7D, 6E4E4EB2
ios_base::failbit set, xrefs: 6E4E4E5E
ios_base::eofbit set, xrefs: 6E4E4E63
`Un, xrefs: 6E4E4EBC

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Exception@8Throw___std_exception_copy
String ID: `Un$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 284963293-1352659064
Opcode ID: 63fab6bc3c2bc10251952dc335992349e1068f8675c27122ce1d51793a53fc01
Instruction ID: 036995b659e0e5ccd8323ef0566cc2fd26c644053a4dacf35e8ceb8a4af51cc5
Opcode Fuzzy Hash: 63fab6bc3c2bc10251952dc335992349e1068f8675c27122ce1d51793a53fc01
Instruction Fuzzy Hash: D8516875A00609DFCB10CFA8C584F99BBF8FF09365F11826AE9159BB91D771E901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E3EB0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 154COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 6E4E3F90
std::ios_base::_Addstd.LIBCPMT ref: 6E4E4034
__CxxThrowException@8.LIBVCRUNTIME ref: 6E4E4096

Strings

ios_base::badbit set, xrefs: 6E4E405E, 6E4E4087
ios_base::failbit set, xrefs: 6E4E4068
ios_base::eofbit set, xrefs: 6E4E406D

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: AddstdException@8InitThrowstd::ios_base::_std::locale::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3446850132-1866435925
Opcode ID: c17a5c75a306f291cfb053eebf1d2208d8c34b820afd94a08c73ae626271a119
Instruction ID: 4f51627b82b3f30ff978c2363a59348ddebc1828f2a1ba5eae65a8987224d237
Opcode Fuzzy Hash: c17a5c75a306f291cfb053eebf1d2208d8c34b820afd94a08c73ae626271a119
Instruction Fuzzy Hash: 35515AB09007059FEB10CFA4C494B9ABBF4FF04318F00892EE95A9BB91D7B5E905CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E52A9C2 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,6E52B137,00000000,00000000,00000000,00000000,00000000,6E51C1FE), ref: 6E52AA04
__fassign.LIBCMT ref: 6E52AA7F
__fassign.LIBCMT ref: 6E52AA9A
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 6E52AAC0
WriteFile.KERNEL32(?,00000000,00000000,6E52B137,00000000,?,?,?,?,?,?,?,?,?,6E52B137,00000000), ref: 6E52AADF
WriteFile.KERNEL32(?,00000000,00000001,6E52B137,00000000,?,?,?,?,?,?,?,?,?,6E52B137,00000000), ref: 6E52AB18

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 9fb972677d86e75e9a4ea155356b9fb05c92ae294a3995cc8e8bfc8b57334237
Instruction ID: aad2ebe56accb0b49b7e0b5586222c99d196629513da353f7d3698269128980c
Opcode Fuzzy Hash: 9fb972677d86e75e9a4ea155356b9fb05c92ae294a3995cc8e8bfc8b57334237
Instruction Fuzzy Hash: FA51B470E00249DFDB01CFE8C895AEEBBF9EF49700F15452AE955E7291DB309941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DFB90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E3DFB90(intOrPtr __ecx, intOrPtr _a20, intOrPtr* _a24, char _a32) {
				char _v0;
				long _v8;
				char _v16;
				intOrPtr _v32;
				char _v36;
				struct _CRITICAL_SECTION* _v40;
				intOrPtr _v44;
				intOrPtr _v52;
				struct _CRITICAL_SECTION* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t29;
				struct _CRITICAL_SECTION* _t32;
				intOrPtr _t34;
				struct _CRITICAL_SECTION _t37;
				intOrPtr* _t46;
				long _t50;
				intOrPtr _t54;
				struct _CRITICAL_SECTION* _t70;
				intOrPtr _t73;
				void** _t76;
				intOrPtr* _t79;
				signed int _t81;
				signed int _t83;

				_push(0xffffffff);
				_push(E6E3FA878);
				_push( *[fs:0x0]);
				_t83 = (_t81 & 0xfffffff8) - 0x1c;
				_t29 =  *0x6e405204; // 0x2276585c
				_push(_t29 ^ _t83);
				 *[fs:0x0] =  &_v16;
				_v44 = __ecx;
				_t32 =  &_a32;
				_v40 = _t32;
				EnterCriticalSection(_t32);
				_t54 =  *_a24;
				_t70 = _v0;
				_t79 =  &_v0;
				_v8 = 0;
				_v36 = _t70;
				_v32 = _t54;
				while(1) {
					_t73 = _a20;
					_t34 =  *_t79;
					if(_t70 == 0 || _t70 != _t34) {
						E6E3E3E0D();
					}
					if(_t54 == _t73) {
						break;
					}
					if(_t70 != 0) {
						_t37 =  *_t70;
					} else {
						E6E3E3E0D();
						_t37 = 0;
					}
					if(_t54 ==  *((intOrPtr*)(_t37 + 0x18))) {
						E6E3E3E0D();
					}
					_t76 =  *(_t54 + 0xc);
					_t67 =  *_t76;
					 *( *( *_t76))(0);
					SetEvent(_t76[0x167]);
					if(_t76[0x166] == 0) {
						L12:
						 *( *( *_t76))(0);
						E6E3DB710(_t54,  *( *_t76), _t79);
						E6E3E2756(_t54, _t70, _t76, _t94, _t76);
						_push(_t54);
						_push(_t70);
						_push( &_v36);
						_t46 = E6E3E0D90(_t79,  *( *_t76));
						_t70 =  *_t46;
						_t54 =  *((intOrPtr*)(_t46 + 4));
						_v56 = _t70;
						_v52 = _t54;
						E6E3D7C70(_t54, _t70, _t79, 0x6e4064d8, "[%u] HttpDelete by Release", _t76);
						_t83 = _t83 + 0x10;
						continue;
					} else {
						if(GetCurrentThreadId() == _t76[0x165]) {
							L14:
							E6E3E0460( &_v40, _t67);
							_t54 = _v36;
							_t70 = _v40;
							continue;
						} else {
							_t67 = _t76[0x166];
							_t50 = WaitForSingleObject(_t76[0x166], 0);
							_t94 = _t50;
							if(_t50 != 0) {
								goto L14;
							} else {
								goto L12;
							}
						}
					}
					L16:
				}
				LeaveCriticalSection(_v40);
				 *[fs:0x0] = _v16;
				return  *((intOrPtr*)(_v44 + 0x20));
				goto L16;
			}

0x6e3dfb96
0x6e3dfb98
0x6e3dfba3
0x6e3dfba4
0x6e3dfbab
0x6e3dfbb2
0x6e3dfbb7
0x6e3dfbbf
0x6e3dfbc3
0x6e3dfbc7
0x6e3dfbcb
0x6e3dfbd4
0x6e3dfbd6
0x6e3dfbd9
0x6e3dfbdc
0x6e3dfbe4
0x6e3dfbe8
0x6e3dfbf0
0x6e3dfbf0
0x6e3dfbf3
0x6e3dfbf8
0x6e3dfbfe
0x6e3dfbfe
0x6e3dfc05
0x00000000
0x00000000
0x6e3dfc0d
0x6e3dfcb5
0x6e3dfc13
0x6e3dfc13
0x6e3dfc18
0x6e3dfc18
0x6e3dfc1d
0x6e3dfc1f
0x6e3dfc1f
0x6e3dfc24
0x6e3dfc27
0x6e3dfc2f
0x6e3dfc38
0x6e3dfc45
0x6e3dfc68
0x6e3dfc70
0x6e3dfc74
0x6e3dfc7a
0x6e3dfc82
0x6e3dfc83
0x6e3dfc88
0x6e3dfc8b
0x6e3dfc90
0x6e3dfc92
0x6e3dfca0
0x6e3dfca4
0x6e3dfca8
0x6e3dfcad
0x00000000
0x6e3dfc47
0x6e3dfc53
0x6e3dfcbc
0x6e3dfcc0
0x6e3dfcc5
0x6e3dfcc9
0x00000000
0x6e3dfc55
0x6e3dfc55
0x6e3dfc5e
0x6e3dfc64
0x6e3dfc66
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3dfc66
0x6e3dfc53
0x00000000
0x6e3dfc45
0x6e3dfcde
0x6e3dfcea
0x6e3dfcf9
0x00000000

APIs

EnterCriticalSection.KERNEL32(?,2276585C,?,?,?,00000000,?,?,?,6E3FA878,000000FF,77143130,6E3DFD67), ref: 6E3DFBCB
SetEvent.KERNEL32(?), ref: 6E3DFC38
GetCurrentThreadId.KERNEL32 ref: 6E3DFC47
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 6E3DFC5E
LeaveCriticalSection.KERNEL32(?), ref: 6E3DFCDE

Strings

[%u] HttpDelete by Release, xrefs: 6E3DFC96

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$CurrentEnterEventLeaveObjectSingleThreadWait
String ID: [%u] HttpDelete by Release
API String ID: 3926687403-1244800116
Opcode ID: 07b394efca45e29874f637f59aeb2fa721c9c18834175277fc279e04c648d0af
Instruction ID: 43442db6e20a198327bc8f5f153ab7c99168679ef43afd7c0daefd34eeb68dd0
Opcode Fuzzy Hash: 07b394efca45e29874f637f59aeb2fa721c9c18834175277fc279e04c648d0af
Instruction Fuzzy Hash: 9941AD726047059FC710DFA8D880B5BB7E8EF89714F20491DE9AA9B351DB31E905CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F6DD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,00000001,?,00000000,00000000), ref: 6E4F6E56
GetWindowLongW.USER32(00000001,000000FC), ref: 6E4F6E6A
CallWindowProcW.USER32(?,00000001,00000082,00000000,00000000), ref: 6E4F6E80
GetWindowLongW.USER32(00000001,000000FC), ref: 6E4F6E99
SetWindowLongW.USER32(00000001,000000FC,?), ref: 6E4F6EA8

Strings

$, xrefs: 6E4F6E0A

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Window$Long$CallProc
String ID: $
API String ID: 513923721-3993045852
Opcode ID: 09faf274c7db3644efe8482cb964ecbb27215b902cbc2db72daa878f989df0bc
Instruction ID: d0345666d0d76c10f7c1248141c8aa7042ac2328f633138847958e96cb9445ab
Opcode Fuzzy Hash: 09faf274c7db3644efe8482cb964ecbb27215b902cbc2db72daa878f989df0bc
Instruction Fuzzy Hash: 75412772500609EFCB20DF99C984A9BBBF5FF48710F11861EE99A972A0D731E951CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E50ECB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E568538,E97A779A,?,?), ref: 6E50ECFE

Strings

GenuineIotel, xrefs: 6E50E803, 6E50EF21
%s,%x,%s, xrefs: 6E50EF9F
GenuineIntel,50657,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, xrefs: 6E50ED0E, 6E50ED22, 6E50ED4F, 6E50ED72, 6E50EDB1, 6E50EDBE, 6E50EDBF, 6E50F032

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalEnterSection
String ID: %s,%x,%s$GenuineIntel,50657,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$GenuineIotel
API String ID: 1904992153-2801590137
Opcode ID: 1f0dc8c98e8a3fed50e29d96a38ea1a68ab8014373b8ce5c93a405c2a4899501
Instruction ID: f591f7abc4f329696b8864ca225e5fd3d66ee42c4f108ef582804b28da025e2f
Opcode Fuzzy Hash: 1f0dc8c98e8a3fed50e29d96a38ea1a68ab8014373b8ce5c93a405c2a4899501
Instruction Fuzzy Hash: 87413D71D106199FDB50CFA9CC84BADBBF8FB49314F25826AE548E7211EB7099848F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D70B0 Relevance: 10.6, APIs: 7, Instructions: 81
fileCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E6E3D70B0(void** __ecx, void* _a4, long _a8) {
				struct _OVERLAPPED* _v4;
				void* _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				void _v24;
				long _v28;
				struct _CRITICAL_SECTION* _t34;
				void* _t40;
				void** _t48;

				_t48 = __ecx;
				if( *((intOrPtr*)(__ecx)) != 0) {
					_t34 = __ecx + 0x18;
					EnterCriticalSection(_t34);
					__eflags = _t48[5];
					if(_t48[5] != 0) {
						_v8 = 0;
						_v4 = 0;
						__imp__GetFileSizeEx( *_t48,  &_v8);
						_t40 = _t48[5];
						__eflags = _v12;
						if(__eflags >= 0) {
							if(__eflags > 0) {
								L6:
								_v16 = 0;
								_v12 = 0;
								SetFilePointer( *_t48, 0,  &_v12, 0);
								SetEndOfFile( *_t48);
								__eflags = _t48[3];
								if(_t48[3] != 0) {
									_v24 = 0xfeff;
									_v28 = 0;
									WriteFile( *_t48,  &_v24, 2,  &_v28, 0);
								}
							} else {
								__eflags = _v16 - _t40;
								if(_v16 > _t40) {
									goto L6;
								}
							}
						}
					}
					_v12 = 0;
					WriteFile( *_t48, _a4, _a8,  &_v12, 0);
					LeaveCriticalSection(_t34);
					return 1;
				} else {
					return 0;
				}
			}

0x6e3d70b5
0x6e3d70bb
0x6e3d70c9
0x6e3d70cd
0x6e3d70d9
0x6e3d70dc
0x6e3d70e6
0x6e3d70ea
0x6e3d70ee
0x6e3d70f8
0x6e3d70fd
0x6e3d70ff
0x6e3d7101
0x6e3d710b
0x6e3d7115
0x6e3d7119
0x6e3d711d
0x6e3d7126
0x6e3d712c
0x6e3d712f
0x6e3d7141
0x6e3d7149
0x6e3d714d
0x6e3d714d
0x6e3d7103
0x6e3d7107
0x6e3d7109
0x00000000
0x00000000
0x6e3d7109
0x6e3d7101
0x6e3d70ff
0x6e3d7162
0x6e3d7166
0x6e3d7169
0x6e3d717b
0x6e3d70be
0x6e3d70c4
0x6e3d70c4

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,2276585C), ref: 6E3D70CD
GetFileSizeEx.KERNEL32(?,?,?,?,?,?,?,?,?,2276585C), ref: 6E3D70EE
SetFilePointer.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,2276585C), ref: 6E3D711D
SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,2276585C), ref: 6E3D7126
WriteFile.KERNEL32(00000000), ref: 6E3D714D
WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,2276585C), ref: 6E3D7166
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,2276585C), ref: 6E3D7169

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: File$CriticalSectionWrite$EnterLeavePointerSize
String ID:
API String ID: 1303596850-0
Opcode ID: 594e2413f411128793cedd8d22952bec7e4337bb229284de882b5e5c325c6856
Instruction ID: 8772ed3305cfe674c1f93c6129eafadab3eae217aa1c2201ffb7d318bf4456a6
Opcode Fuzzy Hash: 594e2413f411128793cedd8d22952bec7e4337bb229284de882b5e5c325c6856
Instruction Fuzzy Hash: 302113B2504601AFD324DF69D884C6BB7EDFFC8714B204A1EF89A86244D730E949CF26

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E06B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E6E3E06B0(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __ebp;
				struct _CRITICAL_SECTION* _t21;
				struct _CRITICAL_SECTION* _t24;
				void* _t34;
				intOrPtr _t35;
				void* _t40;
				struct _CRITICAL_SECTION* _t42;
				intOrPtr _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t46;
				void* _t47;

				_push("CancelAllTask");
				_push(0x6e4064d8);
				_t40 = __ecx;
				E6E3D7C70(_t34, __ecx, _t44);
				_t21 = _t40 + 0x24;
				_t47 = _t46 + 8;
				 *(_t47 + 0x14) = _t21;
				EnterCriticalSection(_t21);
				_t42 =  *(_t40 + 4);
				_t45 =  *((intOrPtr*)( *((intOrPtr*)(_t40 + 0x1c))));
				 *(_t47 + 0x14) = _t42;
				 *((intOrPtr*)(_t47 + 0x18)) = _t45;
				while(1) {
					_t35 =  *((intOrPtr*)(_t40 + 0x1c));
					_t24 =  *(_t40 + 4);
					if(_t42 == 0 || _t42 != _t24) {
						E6E3E3E0D();
					}
					if(_t45 == _t35) {
						break;
					}
					if(_t42 != 0) {
						_t42 =  *_t42;
					} else {
						E6E3E3E0D();
					}
					if(_t45 ==  *((intOrPtr*)(_t42 + 0x18))) {
						E6E3E3E0D();
					}
					_t43 =  *((intOrPtr*)(_t45 + 0xc));
					SetEvent( *(_t43 + 0x59c));
					if( *(_t43 + 0x598) != 0 && GetCurrentThreadId() !=  *((intOrPtr*)(_t43 + 0x594))) {
						_t39 =  *(_t43 + 0x598);
						WaitForSingleObject( *(_t43 + 0x598), 0);
					}
					E6E3E0460(_t47 + 0x14, _t39);
					_t45 =  *((intOrPtr*)(_t47 + 0x18));
					_t42 =  *(_t47 + 0x14);
				}
				LeaveCriticalSection( *(_t47 + 0x10));
				return  *((intOrPtr*)(_t40 + 0x20));
			}

0x6e3e06b7
0x6e3e06bc
0x6e3e06c1
0x6e3e06c3
0x6e3e06c8
0x6e3e06cb
0x6e3e06cf
0x6e3e06d3
0x6e3e06de
0x6e3e06e1
0x6e3e06e3
0x6e3e06e7
0x6e3e06f0
0x6e3e06f0
0x6e3e06f3
0x6e3e06f8
0x6e3e06fe
0x6e3e06fe
0x6e3e0705
0x00000000
0x00000000
0x6e3e0709
0x6e3e0763
0x6e3e070b
0x6e3e070b
0x6e3e070b
0x6e3e0713
0x6e3e0715
0x6e3e0715
0x6e3e071a
0x6e3e0724
0x6e3e0731
0x6e3e0741
0x6e3e074a
0x6e3e074a
0x6e3e0754
0x6e3e0759
0x6e3e075d
0x6e3e075d
0x6e3e076f
0x6e3e077e

APIs

EnterCriticalSection.KERNEL32(6E4064D8), ref: 6E3E06D3
SetEvent.KERNEL32(?), ref: 6E3E0724
GetCurrentThreadId.KERNEL32 ref: 6E3E0733
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 6E3E074A
LeaveCriticalSection.KERNEL32(?), ref: 6E3E076F

Strings

CancelAllTask, xrefs: 6E3E06B7

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$CurrentEnterEventLeaveObjectSingleThreadWait
String ID: CancelAllTask
API String ID: 3926687403-126249077
Opcode ID: 2d47d72e220feba9d75b44a2b8ee41fa846be7cac25de4113b9b90bbc3c67f0e
Instruction ID: e07da8df6a97ff84a3c8860e69dab43c0bac5de93e15d33dab3a0cc2511e766c
Opcode Fuzzy Hash: 2d47d72e220feba9d75b44a2b8ee41fa846be7cac25de4113b9b90bbc3c67f0e
Instruction Fuzzy Hash: D7218075500B26DFCB20DFE4D544A9BB7A8EB89711F01085AE89697A00EB31F848CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E536631 Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6E536378: _free.LIBCMT ref: 6E5363A1

_free.LIBCMT ref: 6E53667F

Part of subcall function 6E52DFD6: HeapFree.KERNEL32(00000000,00000000,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?), ref: 6E52DFEC
Part of subcall function 6E52DFD6: GetLastError.KERNEL32(?,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?,?), ref: 6E52DFFE

_free.LIBCMT ref: 6E53668A
_free.LIBCMT ref: 6E536695
_free.LIBCMT ref: 6E5366E9
_free.LIBCMT ref: 6E5366F4
_free.LIBCMT ref: 6E5366FF
_free.LIBCMT ref: 6E53670A

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 0392a377bef7942079e2d1539242768fc47faae2ebf926a37be5c2c4de86e8bc
Instruction ID: 9ad1b81ddd651daaf4e22bdeacffaf8aa05233a5f6d825914fa97cc0a0384125
Opcode Fuzzy Hash: 0392a377bef7942079e2d1539242768fc47faae2ebf926a37be5c2c4de86e8bc
Instruction Fuzzy Hash: 04112E71950B18BAD520EBF0CC05FCBB7ECAF80718F504C39A399A6090E7B5A9058B95

Uniqueness

Uniqueness Score: -1.00%

Function 6E52C5E0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E52C5FE

Part of subcall function 6E52DFD6: HeapFree.KERNEL32(00000000,00000000,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?), ref: 6E52DFEC
Part of subcall function 6E52DFD6: GetLastError.KERNEL32(?,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?,?), ref: 6E52DFFE

_free.LIBCMT ref: 6E52C610
_free.LIBCMT ref: 6E52C623
_free.LIBCMT ref: 6E52C634
_free.LIBCMT ref: 6E52C645

Strings

PkVn, xrefs: 6E52C5F4

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: PkVn
API String ID: 776569668-3894428402
Opcode ID: b0c88622bc4d28ebf949f7ced019bbb2cb513682e945e6fe7c24aa4fa460774b
Instruction ID: 6d88a3eef943304e49bfcb5d9894390abf59b9a823360f3a69836fbb84a1981b
Opcode Fuzzy Hash: b0c88622bc4d28ebf949f7ced019bbb2cb513682e945e6fe7c24aa4fa460774b
Instruction Fuzzy Hash: 51F0DAF1819E249FCE919FAC98404A43BF4FB47B687021616F5119B2F1DF7248429FCA

Uniqueness

Uniqueness Score: -1.00%

Function 6E52651C Relevance: 9.3, APIs: 6, Instructions: 264COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6E5266A9
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E5266C5
__allrem.LIBCMT ref: 6E5266DC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E5266FA
__allrem.LIBCMT ref: 6E526711
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E52672F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 848bb464c9bc724f62b02dde0ac00feedab8e9a44f60cd6f25087ddffbe53107
Instruction ID: fde579cc121eae1f4713fa461d6de63a9348ebff06ef6d65512ccf3b730b3fda
Opcode Fuzzy Hash: 848bb464c9bc724f62b02dde0ac00feedab8e9a44f60cd6f25087ddffbe53107
Instruction Fuzzy Hash: CC81D8B1610B069FE7109FF9DC91BAA73E8AF85724F24493AE611D66C0E7B4ED008790

Uniqueness

Uniqueness Score: -1.00%

Function 6E4FA840 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 488COMMON

Download Yara Rule

APIs

Part of subcall function 6E4E6850: EnterCriticalSection.KERNEL32(6E565004,E97A779A,?,00000000,6E53CB5F,000000FF,?,6E50549D,00000000), ref: 6E4E6881
Part of subcall function 6E4E6850: LeaveCriticalSection.KERNEL32(6E565004,?,00000000,6E53CB5F,000000FF,?,6E50549D,00000000), ref: 6E4E68CA

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,E97A779A), ref: 6E4FA8A1

Part of subcall function 6E4E4550: std::locale::_Init.LIBCPMT ref: 6E4E45FB

Part of subcall function 6E4E5A30: MultiByteToWideChar.KERNEL32(00000000,00000000,(null),(null),00000001,6E53C909,(null),00000000,E97A779A,?), ref: 6E4E5AB8

Part of subcall function 6E4E5B60: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 6E4E5BED

std::locale::_Init.LIBCPMT ref: 6E4FABCD

Strings

\FTn, xrefs: 6E4FAB4D
tFTn, xrefs: 6E4FABB3
&pop_round=%s, xrefs: 6E4FA8B0

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalInitSectionstd::locale::_$ByteCharCreateEnterEventIos_base_dtorLeaveMultiWidestd::ios_base::_
String ID: &pop_round=%s$\FTn$tFTn
API String ID: 3374064737-3268215710
Opcode ID: 4fd224fb65fe5db7451f2ece7f29d45254be1bb51fd605b208926639d2493f81
Instruction ID: 2b26efc39a073a399a31ca8bc72c8734fedde00c0d969da62ef03a4cc0ce2982
Opcode Fuzzy Hash: 4fd224fb65fe5db7451f2ece7f29d45254be1bb51fd605b208926639d2493f81
Instruction Fuzzy Hash: 0622BD70E01248DFDB10CFA8C954BDDBBF5AF44714F1485AAE51AAB380DB349E46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E530FFA Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,6E53124B,00000001,00000001,00000000), ref: 6E531054
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E53124B,00000001,00000001,00000000,?,?,?), ref: 6E5310DA
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E5311D4
__freea.LIBCMT ref: 6E5311E1

Part of subcall function 6E52E010: HeapAlloc.KERNEL32(00000000,?,?,?,6E514890,?,?,6E4F28FA,00000010,E97A779A,?,?,6E53E3CF,000000FF), ref: 6E52E042

__freea.LIBCMT ref: 6E5311EA
__freea.LIBCMT ref: 6E53120F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocHeap
String ID:
API String ID: 3147120248-0
Opcode ID: 819f35390fc75a9dbf167d5c0cdef004e994528bc9ca1151ee2a09de537359db
Instruction ID: ff15de52b46f9660dfe6278364ad5fac58a2aa1d06ed6f078da44db30582253b
Opcode Fuzzy Hash: 819f35390fc75a9dbf167d5c0cdef004e994528bc9ca1151ee2a09de537359db
Instruction Fuzzy Hash: CA51DF72610226AFEB158EF4CE41EFB77E9EB81754B214A29F914DB140FB34DC48C6A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E528954 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6E528980
__cftoe.LIBCMT ref: 6E5289B2

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 2e61df7dc14393a9aaaaf02268cc8bb74d4d07ece9466f4be0856f19cc984603
Instruction ID: e2e531ccba8daa88fff2bfcb3b51acb52b251d8b698e21d95e50a1a7cbb1a6c9
Opcode Fuzzy Hash: 2e61df7dc14393a9aaaaf02268cc8bb74d4d07ece9466f4be0856f19cc984603
Instruction Fuzzy Hash: FC51E972904105AFDB518BE88C40AFE77EDEF89334F20453AE924A61C1EF35D9008A66

Uniqueness

Uniqueness Score: -1.00%

Function 6E50C3A0 Relevance: 9.1, APIs: 6, Instructions: 108synchronizationCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,E97A779A,?,00000000,6E5424F8,000000FF,?,6E50D3AF,00000BB8), ref: 6E50C3D3
LeaveCriticalSection.KERNEL32(?), ref: 6E50C3EB
LeaveCriticalSection.KERNEL32(?), ref: 6E50C4C0
WaitForSingleObject.KERNEL32(?,?), ref: 6E50C4CC
EnterCriticalSection.KERNEL32(?), ref: 6E50C4E2
LeaveCriticalSection.KERNEL32(?), ref: 6E50C4FB

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$ObjectSingleWait
String ID:
API String ID: 3286975823-0
Opcode ID: 911634333b6315c69efd05ca3fc6d05a84a226675aeae3d68821f33fddddda3d
Instruction ID: f8497dbe28ccbe9d2166ec046f7ec0c7ee584714d0ea250847bdbb153c580df2
Opcode Fuzzy Hash: 911634333b6315c69efd05ca3fc6d05a84a226675aeae3d68821f33fddddda3d
Instruction Fuzzy Hash: FD4111B0901A1ACFDB05CF94C554BEEBBF0FF0A314F118659E805AB380DB359A85CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E518B48 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6E518AA5,6E514985,6E514DD6,?,6E514FF3,?,00000001,?,?,00000001,?,6E5631E8,0000000C,6E5150E7), ref: 6E518B56
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E518B64
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E518B7D
SetLastError.KERNEL32(00000000,6E514FF3,?,00000001,?,?,00000001,?,6E5631E8,0000000C,6E5150E7,?,00000001,?), ref: 6E518BCF

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 47d4788067f363ae920e43343f06a786b181c1b1b35223cf9504b0907544bc06
Instruction ID: 6eb04773cde26060e0eb70f4cb34bda9a5b11ebb042776bc88ab138776588b5b
Opcode Fuzzy Hash: 47d4788067f363ae920e43343f06a786b181c1b1b35223cf9504b0907544bc06
Instruction Fuzzy Hash: 8E017B7221CB126EFBB616F9ACC09F637D8EB4377D3210A39F624851E0EF914C428281

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E828D Relevance: 9.0, APIs: 6, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E6E3E828D(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t48;
				intOrPtr _t57;
				void* _t58;
				void* _t61;

				_t61 = __eflags;
				_t53 = __edx;
				_push(0x2c);
				_push(0x6e403380);
				E6E3E55C4(__ebx, __edi, __esi);
				_t48 = __ecx;
				_t55 =  *((intOrPtr*)(_t58 + 0xc));
				_t57 =  *((intOrPtr*)(_t58 + 8));
				 *((intOrPtr*)(_t58 - 0x1c)) = __ecx;
				 *(_t58 - 0x34) =  *(_t58 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc)) - 4));
				 *((intOrPtr*)(_t58 - 0x28)) = E6E3E336E(_t58 - 0x3c,  *((intOrPtr*)(_t57 + 0x18)));
				 *((intOrPtr*)(_t58 - 0x2c)) =  *((intOrPtr*)(E6E3E8EEA(__ecx, __edx, _t55, _t61) + 0x88));
				 *((intOrPtr*)(_t58 - 0x30)) =  *((intOrPtr*)(E6E3E8EEA(_t48, __edx, _t55, _t61) + 0x8c));
				 *((intOrPtr*)(E6E3E8EEA(_t48, _t53, _t55, _t61) + 0x88)) = _t57;
				 *((intOrPtr*)(E6E3E8EEA(_t48, _t53, _t55, _t61) + 0x8c)) =  *((intOrPtr*)(_t58 + 0x10));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *((intOrPtr*)(_t58 + 0x10)) = 1;
				 *(_t58 - 4) = 1;
				 *((intOrPtr*)(_t58 - 0x1c)) = E6E3E3413(_t55,  *((intOrPtr*)(_t58 + 0x14)), _t48,  *((intOrPtr*)(_t58 + 0x18)),  *((intOrPtr*)(_t58 + 0x1c)));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *(_t58 - 4) = 0xfffffffe;
				 *((intOrPtr*)(_t58 + 0x10)) = 0;
				E6E3E83B3(_t48, _t53, _t55, _t57, _t61);
				return E6E3E5609( *((intOrPtr*)(_t58 - 0x1c)));
			}

0x6e3e828d
0x6e3e828d
0x6e3e828d
0x6e3e828f
0x6e3e8294
0x6e3e8299
0x6e3e829b
0x6e3e829e
0x6e3e82a1
0x6e3e82a4
0x6e3e82ab
0x6e3e82bc
0x6e3e82ca
0x6e3e82d8
0x6e3e82e0
0x6e3e82ee
0x6e3e82f4
0x6e3e82fb
0x6e3e82fe
0x6e3e8314
0x6e3e8317
0x6e3e838c
0x6e3e8393
0x6e3e839a
0x6e3e83a7

APIs

__CreateFrameInfo.LIBCMT ref: 6E3E82B5

Part of subcall function 6E3E336E: __getptd.LIBCMT ref: 6E3E337C
Part of subcall function 6E3E336E: __getptd.LIBCMT ref: 6E3E338A

__getptd.LIBCMT ref: 6E3E82BF

Part of subcall function 6E3E8EEA: __getptd_noexit.LIBCMT ref: 6E3E8EED
Part of subcall function 6E3E8EEA: __amsg_exit.LIBCMT ref: 6E3E8EFA

__getptd.LIBCMT ref: 6E3E82CD
__getptd.LIBCMT ref: 6E3E82DB
__getptd.LIBCMT ref: 6E3E82E6
_CallCatchBlock2.LIBCMT ref: 6E3E830C

Part of subcall function 6E3E3413: __CallSettingFrame@12.LIBCMT ref: 6E3E345F

Part of subcall function 6E3E83B3: __getptd.LIBCMT ref: 6E3E83C2
Part of subcall function 6E3E83B3: __getptd.LIBCMT ref: 6E3E83D0

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: 0395f1b3c48ff3b7bb2b5c66e0fee06ae916ec32f7e7d302e28c4e17d6967949
Instruction ID: 4adeaf0adc5749c8f4e275d8cf3d99724a844af33b10e876b2a4dcf3d06badab
Opcode Fuzzy Hash: 0395f1b3c48ff3b7bb2b5c66e0fee06ae916ec32f7e7d302e28c4e17d6967949
Instruction Fuzzy Hash: 0511C3B1C40219EFDB00DFE4C544BEDBBB4FF48318F14886AE854AB650DB399A159F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E50CFB0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 160COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 6E50CFFC
OutputDebugStringW.KERNEL32(00000000,?,?,?,?,?,?,?,?,],?,?,?,?,E97A779A), ref: 6E50D0A0

Strings

open , xrefs: 6E50D055
], xrefs: 6E50D037
error. [, xrefs: 6E50D04F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: DebugOutputString__wsopen_s
String ID: error. [$]$open
API String ID: 4178560094-2562772567
Opcode ID: c55f4eff82bacbea3a1139f2969fb5cb0d40e00f78bf8896d3c9ca9418a46ebe
Instruction ID: aa4bfda246efdb120106b23b49a9b697757f9e8c2207b36088f9b90393e8ce45
Opcode Fuzzy Hash: c55f4eff82bacbea3a1139f2969fb5cb0d40e00f78bf8896d3c9ca9418a46ebe
Instruction Fuzzy Hash: A051D871A00318AFDB20CBB4CD50F9AB3F9AF45718F004A9AF518A72C1EB34AA45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E4EA390 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 6E4EA3D1
__Getcvt.LIBCPMT ref: 6E4EA430

Strings

true, xrefs: 6E4EA47E
false, xrefs: 6E4EA46B
,, xrefs: 6E4EA4D1

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Getcvt
String ID: ,$false$true
API String ID: 1921796781-760133229
Opcode ID: 20c23469b19cf191344990c02a0ee71b36f13728a4f6bc435a3e98294bda041c
Instruction ID: 6263e71e289dab87b641eda8c4dc08452c2e052cbf9771dc169149ccb65a43aa
Opcode Fuzzy Hash: 20c23469b19cf191344990c02a0ee71b36f13728a4f6bc435a3e98294bda041c
Instruction Fuzzy Hash: A95158B1C00758DADB11CFE4C940BEEBBF8FF08304F10865AE555AB651EB74AA85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DFE90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E3DFE90(void* __edi, void* __ebp, void* __eflags, signed int _a4) {
				intOrPtr _v0;
				struct HINSTANCE__* _v4;
				struct HINSTANCE__* _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v2062;
				short _v2064;
				signed int _v2068;
				struct HINSTANCE__* _v2072;
				char _v2076;
				char _v2084;
				intOrPtr _v2088;
				intOrPtr _v2096;
				void* __ebx;
				void* __esi;
				signed int _t29;
				signed int _t31;
				void* _t40;
				void* _t45;
				intOrPtr* _t51;
				intOrPtr* _t60;
				void* _t65;
				signed int _t75;
				signed int _t81;
				signed int _t88;
				void* _t89;
				void* _t91;
				signed int _t92;
				signed int _t94;

				_t86 = __edi;
				_push(0xffffffff);
				_push(E6E3FA8D8);
				_push( *[fs:0x0]);
				_t92 = _t91 - 0x810;
				_t29 =  *0x6e405204; // 0x2276585c
				_v16 = _t29 ^ _t92;
				_t31 =  *0x6e405204; // 0x2276585c
				_push(_t31 ^ _t92);
				 *[fs:0x0] =  &_v12;
				_t88 = _a4;
				_v2072 = 0;
				_v4 = 0;
				_v2068 = _t88;
				_v2064 = 0;
				E6E3E2850(__edi,  &_v2062, 0, 0x7fe);
				_t85 =  &_v2064;
				GetModuleFileNameW(0,  &_v2064, 0x104);
				E6E3D7A20( &_v2064);
				_v8 = 0;
				_v2076 = 1;
				_t40 = E6E3E5235( *_t88, 0x5c);
				_t94 = _t92 + 0x14;
				if(_t40 == 0) {
					L4:
					_push(8);
					_push(L"test.exe");
					E6E3D7520(_t88);
					L5:
					if(_v0 != 0) {
						_t45 = E6E3E5235( *_t88, 0x2e);
						_t94 = _t94 + 8;
						if(_t45 != 0) {
							_t47 = _t45 -  *_t88 >> 1;
							if(_t45 -  *_t88 >> 1 > 0) {
								_push(E6E3DF820(0,  &_v2084, _t47));
								_t75 = _t88;
								_v20 = 2;
								E6E3DDB40(_t75);
								_t51 = _v2096 + 0xfffffff0;
								_v24 = 0;
								_t24 = _t51 + 0xc; // -228
								_t85 = _t24;
								asm("lock xadd [edx], ecx");
								if((_t75 | 0xffffffff) - 1 <= 0) {
									_t85 =  *((intOrPtr*)( *_t51));
									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t51)) + 4))))(_t51);
								}
							}
						}
					}
					 *[fs:0x0] = _v20;
					_pop(_t89);
					_pop(_t65);
					return E6E3E2840(_t88, _t65, _v24 ^ _t94, _t85, _t86, _t89);
				}
				_t55 = _t40 -  *_t88 >> 1;
				if(_t40 -  *_t88 >> 1 <= 0) {
					goto L4;
				} else {
					_push(E6E3DF960( &_v2076, _t55 + 1));
					_t81 = _t88;
					_v12 = 1;
					E6E3DDB40(_t81);
					_t60 = _v2088 + 0xfffffff0;
					_v16 = 0;
					_t17 = _t60 + 0xc; // -228
					_t85 = _t17;
					asm("lock xadd [edx], ecx");
					if((_t81 | 0xffffffff) - 1 <= 0) {
						_t85 =  *((intOrPtr*)( *_t60));
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t60)) + 4))))(_t60);
					}
					goto L5;
				}
			}

0x6e3dfe90
0x6e3dfe90
0x6e3dfe92
0x6e3dfe9d
0x6e3dfe9e
0x6e3dfea4
0x6e3dfeab
0x6e3dfeb4
0x6e3dfebb
0x6e3dfec3
0x6e3dfec9
0x6e3dfede
0x6e3dfee3
0x6e3dfeea
0x6e3dfeee
0x6e3dfef3
0x6e3dff00
0x6e3dff06
0x6e3dff13
0x6e3dff1d
0x6e3dff24
0x6e3dff2c
0x6e3dff31
0x6e3dff36
0x6e3dff8a
0x6e3dff8a
0x6e3dff8c
0x6e3dff93
0x6e3dff98
0x6e3dff9f
0x6e3dffa6
0x6e3dffab
0x6e3dffb0
0x6e3dffb4
0x6e3dffb8
0x6e3dffc7
0x6e3dffc8
0x6e3dffca
0x6e3dffd5
0x6e3dffde
0x6e3dffe1
0x6e3dffe8
0x6e3dffe8
0x6e3dffee
0x6e3dfff5
0x6e3dfff9
0x6e3dffff
0x6e3dffff
0x6e3dfff5
0x6e3dffb8
0x6e3dffb0
0x6e3e000a
0x6e3e0012
0x6e3e0013
0x6e3e0028
0x6e3e0028
0x6e3dff3a
0x6e3dff3e
0x00000000
0x6e3dff40
0x6e3dff4e
0x6e3dff4f
0x6e3dff51
0x6e3dff5c
0x6e3dff65
0x6e3dff68
0x6e3dff6f
0x6e3dff6f
0x6e3dff75
0x6e3dff7c
0x6e3dff80
0x6e3dff86
0x6e3dff86
0x00000000
0x6e3dff7c

APIs

_memset.LIBCMT ref: 6E3DFEF3
GetModuleFileNameW.KERNEL32(00000000,?,00000104,2276585C), ref: 6E3DFF06
_wcsrchr.LIBCMT ref: 6E3DFF2C
_wcsrchr.LIBCMT ref: 6E3DFFA6

Strings

test.exe, xrefs: 6E3DFF8C

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: _wcsrchr$FileModuleName_memset
String ID: test.exe
API String ID: 742933569-3248336334
Opcode ID: 5fd112aacd773a71c2fb8b22027b07861c11c7d976ff97e04ff73ce71e3e722c
Instruction ID: d1f0e62c5b2d15557c05bbac93180f530686f6c5367c3e5363ea5d0940bfba5d
Opcode Fuzzy Hash: 5fd112aacd773a71c2fb8b22027b07861c11c7d976ff97e04ff73ce71e3e722c
Instruction Fuzzy Hash: D2417FB12046419FD724CFA8C890BAAB3D8FF89314F148E1DE0D9CB281DB7599098BD2

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D83B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 122
networksynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E6E3D83B0(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __ebp;
				long _t35;
				long _t37;
				long _t40;
				signed char _t43;
				signed char _t44;
				signed int _t45;
				signed int _t47;
				void* _t48;
				long _t53;
				signed int _t55;
				long _t56;
				void* _t57;
				void* _t58;
				void* _t59;

				_t57 = __ecx;
				_t55 =  *(__ecx + 0x548);
				if( *((intOrPtr*)(__ecx + 0xc0)) == 0 &&  *((intOrPtr*)(_t58 + 0x14)) >= 3) {
					_t45 =  *(__ecx + 0x54c);
					if(_t45 != 0) {
						_t55 = _t45 * _t55;
					}
				}
				_t53 =  *(_t58 + 0x18);
				if(_t53 < 0) {
					_t53 = 0;
				}
				_t47 = _t55;
				if(_t55 <= _t53) {
					_t56 = 0;
				} else {
					_t56 = _t55 - _t53;
				}
				 *(_t58 + 0x20) = 0;
				if(InternetGetConnectedState(_t58 + 0x1c, 0) == 0) {
					L13:
					 *(_t58 + 0x18) = 0;
				} else {
					_t44 =  *(_t58 + 0x18);
					 *(_t58 + 0x18) = 1;
					if((_t44 & 0x00000001) == 0 && (_t44 & 0x00000002) == 0 && (_t44 & 0x00000004) == 0) {
						goto L13;
					}
				}
				_push(_t56);
				_push(_t53);
				_push(_t47);
				_push( *((intOrPtr*)(_t57 + 0x544)));
				_push( *((intOrPtr*)(_t58 + 0x14)));
				E6E3D7C70(_t47, _t53, _t57, 0x6e4064d8, "[%u] Retry %d of %d, interval %d ms(run %d ms, need %d ms)", _t57);
				_t59 = _t58 + 0x20;
				if(_t56 <= 0) {
					L31:
					return 1;
				} else {
					_t48 = WaitForSingleObject;
					while(1) {
						_t35 = 0x3e8;
						if(_t56 < 0x3e8) {
							_t35 = _t56;
						}
						_t56 = _t56 - _t35;
						_t37 = WaitForSingleObject( *(_t57 + 0x59c), _t35);
						if(_t37 == 0 || _t37 == 0xffffffff) {
							break;
						}
						 *((intOrPtr*)(_t59 + 0x1c)) = 0;
						if(InternetGetConnectedState(_t59 + 0x18, 0) == 0) {
							L27:
							_t40 = 0;
						} else {
							_t43 =  *((intOrPtr*)(_t59 + 0x14));
							if((_t43 & 0x00000001) == 0) {
								if((_t43 & 0x00000002) == 0) {
									if((_t43 & 0x00000004) == 0) {
										goto L27;
									} else {
										_t40 = 1;
									}
								} else {
									_t40 = 1;
								}
							} else {
								_t40 = 1;
							}
						}
						if(_t40 ==  *(_t59 + 0x18) || _t40 == 0) {
							 *(_t59 + 0x18) = _t40;
							if(_t56 > 0) {
								continue;
							} else {
								goto L31;
							}
						} else {
							E6E3D7C70(_t48, 0, _t57, 0x6e4064d8, "[%u] network is plug in, retry now", _t57);
							return 1;
						}
						goto L34;
					}
					return 0;
				}
				L34:
			}

0x6e3d83b2
0x6e3d83bc
0x6e3d83c3
0x6e3d83cc
0x6e3d83d4
0x6e3d83d9
0x6e3d83d9
0x6e3d83d4
0x6e3d83db
0x6e3d83e1
0x6e3d83e3
0x6e3d83e3
0x6e3d83e7
0x6e3d83e9
0x6e3d83ef
0x6e3d83eb
0x6e3d83eb
0x6e3d83eb
0x6e3d83f8
0x6e3d8408
0x6e3d8422
0x6e3d8422
0x6e3d840a
0x6e3d840a
0x6e3d840e
0x6e3d8418
0x00000000
0x00000000
0x6e3d8418
0x6e3d8434
0x6e3d8435
0x6e3d8436
0x6e3d8437
0x6e3d8438
0x6e3d8444
0x6e3d844b
0x6e3d8450
0x6e3d84d0
0x6e3d84d6
0x6e3d8452
0x6e3d8452
0x6e3d8460
0x6e3d8460
0x6e3d8467
0x6e3d8469
0x6e3d8469
0x6e3d846c
0x6e3d8475
0x6e3d8479
0x00000000
0x00000000
0x6e3d8486
0x6e3d8492
0x6e3d84b9
0x6e3d84b9
0x6e3d8494
0x6e3d8494
0x6e3d849a
0x6e3d84a5
0x6e3d84b0
0x00000000
0x6e3d84b2
0x6e3d84b2
0x6e3d84b2
0x6e3d84a7
0x6e3d84a7
0x6e3d84a7
0x6e3d849c
0x6e3d849c
0x6e3d849c
0x6e3d849a
0x6e3d84bf
0x6e3d84c7
0x6e3d84cb
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3d84d9
0x6e3d84e4
0x6e3d84f5
0x6e3d84f5
0x00000000
0x6e3d84bf
0x6e3d84fe
0x6e3d84fe
0x00000000

APIs

InternetGetConnectedState.WININET(?,00000000), ref: 6E3D8400
WaitForSingleObject.KERNEL32(?,000003E8), ref: 6E3D8475
InternetGetConnectedState.WININET(?,00000000), ref: 6E3D848A

Strings

[%u] network is plug in, retry now, xrefs: 6E3D84DA
[%u] Retry %d of %d, interval %d ms(run %d ms, need %d ms), xrefs: 6E3D843A

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ConnectedInternetState$ObjectSingleWait
String ID: [%u] Retry %d of %d, interval %d ms(run %d ms, need %d ms)$[%u] network is plug in, retry now
API String ID: 3265286889-1726105944
Opcode ID: 97907873455da0831589c6d1924d47cb21181caf1c99005d6b4bec1036ff3485
Instruction ID: 46a7718ad84d47a848117868b513b7c3cd04c85b142b73ee9098fb6ac07f015c
Opcode Fuzzy Hash: 97907873455da0831589c6d1924d47cb21181caf1c99005d6b4bec1036ff3485
Instruction Fuzzy Hash: 273109732186015AD762CEEE9840BDB77BCDB81758F011526F898D7240D732F88E87A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D7F80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3D7F80(void* __eflags, long _a4, CHAR* _a8, long _a12) {
				void* __edi;
				CHAR* _t12;
				void* _t13;
				CHAR* _t14;
				void* _t15;
				char _t18;
				char _t19;
				char _t20;
				char* _t22;
				char* _t23;
				long _t24;
				CHAR* _t25;
				long _t26;

				_t25 = _a8;
				_t24 = _a12;
				E6E3E2850(_t24, _t25, 0, _t24);
				_t26 = _a4;
				FormatMessageA(0x1200, 0, _t26, 0x400, _t25, _t24, 0);
				if( *_t25 == 0) {
					_t15 = GetModuleHandleW(L"wininet.dll");
					if(_t15 != 0) {
						FormatMessageA(0xa00, _t15, _t26, 0x400, _t25, _t24, 0);
					}
				}
				_t12 = _t25;
				_t22 =  &(_t12[1]);
				do {
					_t18 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t18 != 0);
				_t13 = _t12 - _t22;
				if(_t13 <= 1) {
					L13:
					return _t13;
				}
				while(1) {
					_t19 = _t25[_t13 - 1];
					if(_t19 != 0xd && _t19 != 0xa && _t19 != 0xa1a3) {
						goto L13;
					}
					_t25[_t13 - 1] = 0;
					_t14 = _t25;
					_t23 =  &(_t14[1]);
					do {
						_t20 =  *_t14;
						_t14 =  &(_t14[1]);
					} while (_t20 != 0);
					_t13 = _t14 - _t23;
					if(_t13 > 1) {
						continue;
					}
					goto L13;
				}
				goto L13;
			}

0x6e3d7f83
0x6e3d7f88
0x6e3d7f90
0x6e3d7f95
0x6e3d7fb3
0x6e3d7fb8
0x6e3d7fbf
0x6e3d7fc7
0x6e3d7fd9
0x6e3d7fd9
0x6e3d7fc7
0x6e3d7fdb
0x6e3d7fdd
0x6e3d7fe0
0x6e3d7fe0
0x6e3d7fe2
0x6e3d7fe3
0x6e3d7fe7
0x6e3d7fec
0x6e3d8025
0x6e3d8025
0x6e3d8025
0x6e3d7ff0
0x6e3d7ff0
0x6e3d7ff7
0x00000000
0x00000000
0x6e3d8009
0x6e3d800e
0x6e3d8010
0x6e3d8013
0x6e3d8013
0x6e3d8015
0x6e3d8016
0x6e3d801a
0x6e3d801f
0x00000000
0x00000000
0x00000000
0x6e3d801f
0x00000000

APIs

_memset.LIBCMT ref: 6E3D7F90
FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,?,00000000), ref: 6E3D7FB3
GetModuleHandleW.KERNEL32(wininet.dll), ref: 6E3D7FBF
FormatMessageA.KERNEL32(00000A00,00000000,?,00000400,?,?,00000000), ref: 6E3D7FD9

Strings

wininet.dll, xrefs: 6E3D7FBA

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: FormatMessage$HandleModule_memset
String ID: wininet.dll
API String ID: 75614370-3354682871
Opcode ID: 7a4c26e51fef22c4bf6c1212bd3a50c1093161de7d5db36d1095069d9c2754fd
Instruction ID: a6bf704a7d368390aeff0da6ab8635853c2570b46c8d131561645e6615fa9273
Opcode Fuzzy Hash: 7a4c26e51fef22c4bf6c1212bd3a50c1093161de7d5db36d1095069d9c2754fd
Instruction Fuzzy Hash: E8114C333087557BE32149A59C28F67BBDCDF83754F205444F691DB1C5C653B4098265

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E863A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 28%

			E6E3E863A(void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* __ebp;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t30 = _a20;
				if(_a20 != 0) {
					_push(_a20);
					_push(__ebx);
					_push(__esi);
					_push(_a4);
					E6E3E85A8(__ebx, __edi, __esi, _t30);
					_t28 = _t28 + 0x10;
				}
				_t31 = _a28;
				_push(_a4);
				if(_a28 != 0) {
					_push(_a28);
				} else {
					_push(_t27);
				}
				E6E3E30C6(_t23);
				_push( *_t26);
				_push(_a16);
				_push(_a12);
				_push(_t27);
				E6E3E8025(_t22, _t25, _t26, _t27, _t31);
				_push(0x100);
				_push(_a24);
				_push(_a16);
				 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t26 + 4)) + 1;
				_push(_a8);
				_push(_t27);
				_push(_a4);
				_t20 = E6E3E828D(_t22,  *((intOrPtr*)(_t22 + 0xc)), _t25, _t26, _t27, _t31);
				if(_t20 != 0) {
					E6E3E308D(_t20, _t27);
					return _t20;
				}
				return _t20;
			}

0x6e3e863a
0x6e3e863a
0x6e3e863a
0x6e3e863a
0x6e3e863a
0x6e3e863f
0x6e3e8643
0x6e3e8645
0x6e3e8648
0x6e3e8649
0x6e3e864a
0x6e3e864d
0x6e3e8652
0x6e3e8652
0x6e3e8655
0x6e3e8659
0x6e3e865c
0x6e3e8661
0x6e3e865e
0x6e3e865e
0x6e3e865e
0x6e3e8664
0x6e3e8669
0x6e3e866b
0x6e3e866e
0x6e3e8671
0x6e3e8672
0x6e3e867a
0x6e3e867f
0x6e3e8683
0x6e3e8686
0x6e3e8689
0x6e3e868f
0x6e3e8690
0x6e3e8693
0x6e3e869d
0x6e3e86a1
0x00000000
0x6e3e86a1
0x6e3e86a7

APIs

___BuildCatchObject.LIBCMT ref: 6E3E864D

Part of subcall function 6E3E85A8: ___BuildCatchObjectHelper.LIBCMT ref: 6E3E85DE

_UnwindNestedFrames.LIBCMT ref: 6E3E8664
___FrameUnwindToState.LIBCMT ref: 6E3E8672

Strings

3@n, xrefs: 6E3E863C
csm, xrefs: 6E3E8649, 6E3E865E, 6E3E8671, 6E3E868F, 6E3E869F

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm$3@n
API String ID: 2163707966-3039758118
Opcode ID: 32c301eaa533a436a01d07373844c6ac660380b76bb08e45d9ab0d8acaffc403
Instruction ID: 0d82c769aa9979fea0e6aec1b5580edfd2c5b485251ff2577911138f6a7b230f
Opcode Fuzzy Hash: 32c301eaa533a436a01d07373844c6ac660380b76bb08e45d9ab0d8acaffc403
Instruction Fuzzy Hash: BE014B31800129BFDF124F91DC44EEA3F6AEF08358F084452BD5815520D732D871DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E7FDC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E3E7FDC(void* __edx, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _t11;
				intOrPtr* _t15;
				intOrPtr* _t19;
				void* _t23;
				void* _t25;

				_t26 = __esi;
				_t24 = __edx;
				_t11 =  *((intOrPtr*)( *_a4));
				if(_t11 == 0xe0434f4d) {
					__eflags =  *((intOrPtr*)(E6E3E8EEA(_t23, __edx, _t25, __eflags) + 0x90));
					if(__eflags > 0) {
						_t15 = E6E3E8EEA(_t23, __edx, _t25, __eflags) + 0x90;
						 *_t15 =  *_t15 - 1;
						__eflags =  *_t15;
					}
					goto L5;
				} else {
					_t32 = _t11 - 0xe06d7363;
					if(_t11 != 0xe06d7363) {
						L5:
						__eflags = 0;
						return 0;
					} else {
						 *(E6E3E8EEA(_t23, __edx, _t25, _t32) + 0x90) =  *(_t16 + 0x90) & 0x00000000;
						_push(8);
						_push(0x6e403470);
						E6E3E55C4(_t23, _t25, __esi);
						_t19 =  *((intOrPtr*)(E6E3E8EEA(_t23, __edx, _t25, _t32) + 0x78));
						if(_t19 != 0) {
							_v8 = _v8 & 0x00000000;
							 *_t19();
							_v8 = 0xfffffffe;
						}
						return E6E3E5609(E6E3ED56D(_t23, _t24, _t25, _t26));
					}
				}
			}

0x6e3e7fdc
0x6e3e7fdc
0x6e3e7fe6
0x6e3e7fed
0x6e3e800c
0x6e3e8013
0x6e3e801a
0x6e3e801f
0x6e3e801f
0x6e3e801f
0x00000000
0x6e3e7fef
0x6e3e7fef
0x6e3e7ff4
0x6e3e8021
0x6e3e8021
0x6e3e8024
0x6e3e7ff6
0x6e3e7ffb
0x6e3e922e
0x6e3e9230
0x6e3e9235
0x6e3e923f
0x6e3e9244
0x6e3e9246
0x6e3e924a
0x6e3e9255
0x6e3e9255
0x6e3e9266
0x6e3e9266
0x6e3e7ff4

APIs

__getptd.LIBCMT ref: 6E3E7FF6

Part of subcall function 6E3E8EEA: __getptd_noexit.LIBCMT ref: 6E3E8EED
Part of subcall function 6E3E8EEA: __amsg_exit.LIBCMT ref: 6E3E8EFA

__getptd.LIBCMT ref: 6E3E8007
__getptd.LIBCMT ref: 6E3E8015

Strings

MOC, xrefs: 6E3E7FE8
csm, xrefs: 6E3E7FEF

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: MOC$csm
API String ID: 803148776-1389381023
Opcode ID: f90adaf505bd7176a4a23f39a4e84a8ff104d351929d5e7dbc2ad29c81f389c5
Instruction ID: 5e778ea8cbc91142120ed8188c27ab045fb1ceb9b2dd9076d14a24ef371553a8
Opcode Fuzzy Hash: f90adaf505bd7176a4a23f39a4e84a8ff104d351929d5e7dbc2ad29c81f389c5
Instruction Fuzzy Hash: 2DE04F36D54128EFC700DBE4C044B6873A8EFD5318F1909E7D44CCBA22C775EC809692

Uniqueness

Uniqueness Score: -1.00%

Function 6E50CA10 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E56845C,E97A779A,?,00000000,?), ref: 6E50CA51
InitializeCriticalSection.KERNEL32(00000010), ref: 6E50CAC7
InitializeCriticalSection.KERNEL32(0000005C), ref: 6E50CAFD
LeaveCriticalSection.KERNEL32(6E56845C), ref: 6E50CBDD

Strings

CQPn, xrefs: 6E50CBE3

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$Initialize$EnterLeave
String ID: CQPn
API String ID: 3592042555-3576331587
Opcode ID: 06b068244dab2f9e0be0b785bbbdaf31746efe2dfa291996ab5db0364ade9259
Instruction ID: fc033665064198c3804b842fe24805f1d936ff968e0941fc6f0951ec94cd5466
Opcode Fuzzy Hash: 06b068244dab2f9e0be0b785bbbdaf31746efe2dfa291996ab5db0364ade9259
Instruction Fuzzy Hash: F9514AB0900744CFEB90CF98C48475ABBF4FB06319F118559E9099F395DBB9A808CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D9640 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 135sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,2276585C), ref: 6E3D96A2

Strings

lP@n, xrefs: 6E3D9779
[%u] [ProxyAuth] Show Dialog, xrefs: 6E3D96C6
[%u] [ProxyAuth] btn=%d, [%s:%s] user_len:%d pwd_len:%d savepass:%d, xrefs: 6E3D9796
[%u] [ProxyAuth] wait other, xrefs: 6E3D967C

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Sleep
String ID: [%u] [ProxyAuth] Show Dialog$[%u] [ProxyAuth] btn=%d, [%s:%s] user_len:%d pwd_len:%d savepass:%d$[%u] [ProxyAuth] wait other$lP@n
API String ID: 3472027048-1604334063
Opcode ID: 6021c82a3b095e1da818b6dae190d8c9d2d297c3eab15a99c5442e55e35b38bb
Instruction ID: 8b561ae16f0071c3c3ef671980022870d508322ebe24c6111f813341af9f7ca9
Opcode Fuzzy Hash: 6021c82a3b095e1da818b6dae190d8c9d2d297c3eab15a99c5442e55e35b38bb
Instruction Fuzzy Hash: 2141F771524500AFDB20DFA5DA60F6F73F9FB85320F50493DE4468B280D7B59948CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E52C38E Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6E52C400
_free.LIBCMT ref: 6E52C420

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 699a98ab8808455016872c29daf7d27952aae24a939204048e88e580448190d8
Instruction ID: 3906678b0b7f93482643018e3c63fb42c88feef66cd7ff2d879627d8411acdb0
Opcode Fuzzy Hash: 699a98ab8808455016872c29daf7d27952aae24a939204048e88e580448190d8
Instruction Fuzzy Hash: 7241A032E002049FDB14CFA8C980AAAB3F5EF85714F118969D515EB391DB71E902CB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F4950 Relevance: 7.6, APIs: 5, Instructions: 120COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E4F49A2
std::_Lockit::_Lockit.LIBCPMT ref: 6E4F49C4
std::_Lockit::~_Lockit.LIBCPMT ref: 6E4F49EC
std::_Facet_Register.LIBCPMT ref: 6E4F4A4F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E4F4A76

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 435fe7ec875dba6acbf775542fe602655b965ca9c780ef248ffd42b4dd0c5ac3
Instruction ID: 411d67a6f7bf42b340d093861735eb9240776cb585075d769951a2b01081a43b
Opcode Fuzzy Hash: 435fe7ec875dba6acbf775542fe602655b965ca9c780ef248ffd42b4dd0c5ac3
Instruction Fuzzy Hash: 0C41BA71D00625CFCB91CFA8C584BAEBBF4EF45710F05419AE815AB391DB74AE06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E502BD0 Relevance: 7.6, APIs: 5, Instructions: 117fileCOMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI(?,E97A779A,?,?,?,6E4FF04B,?,?), ref: 6E502BFB
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 6E502C45
GetFileSize.KERNEL32(00000000,?), ref: 6E502C6A
ReadFile.KERNEL32(00000000,6E4FF04B,00000000,?,00000000,00000000,00000000), ref: 6E502CC8
CloseHandle.KERNEL32(00000000), ref: 6E502D05

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: File$CloseCreateExistsHandlePathReadSize
String ID:
API String ID: 147478526-0
Opcode ID: 8ca149794c5d678779a65988d69793e5d4802f440b6e1480225639585e1392b1
Instruction ID: dd323571fb09596b1ba4f3f8c470c30e7ead977e15e913d76137d52ffd117883
Opcode Fuzzy Hash: 8ca149794c5d678779a65988d69793e5d4802f440b6e1480225639585e1392b1
Instruction Fuzzy Hash: 9241D675A04215EBEBA0CFE9C805BAFB7F8FB45760F114619FE20A72C1DB7499009B91

Uniqueness

Uniqueness Score: -1.00%

Function 6E503EB0 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,00000001,?,00000001,?), ref: 6E503EFE
GetModuleFileNameExW.PSAPI(00000000,00000000,?,00000400,?,?,?,?,00000001,?), ref: 6E503F33
_wcschr.LIBVCRUNTIME ref: 6E503F58
GetLongPathNameW.KERNEL32(?,?,00000400), ref: 6E503F77
CloseHandle.KERNEL32(00000000,00000000,00000000,?,00000400,?,?,?,?,00000001,?), ref: 6E503FA7

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Name$CloseFileHandleLongModuleOpenPathProcess_wcschr
String ID:
API String ID: 1913222062-0
Opcode ID: 3e592dd077e749d813f5e6b0dfb123459e0205fe4e993497752ccf082b101794
Instruction ID: f55c365a14f45ae5d58842bb250c48b73a7ad05b9ca03bdcd5531495635749ec
Opcode Fuzzy Hash: 3e592dd077e749d813f5e6b0dfb123459e0205fe4e993497752ccf082b101794
Instruction Fuzzy Hash: 062185B1D4461CAAEB51EAE4CD45FDA73ECAB04709F0544A1A708E7180EF74AE488BE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D7280 Relevance: 7.6, APIs: 5, Instructions: 84
stringCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E6E3D7280(void* __eax, short** __ecx, void* __edx, short* _a4, int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t13;
				void* _t21;
				int _t25;
				int _t28;
				void* _t31;
				int _t33;
				short* _t36;

				_t21 = __edx;
				_t36 = _a4;
				_t18 = __ecx;
				if(_t36 != 0) {
					_t25 = lstrlenW(_t36) + 1;
					_t28 = _t25 * 4;
					E6E3D71F0(_t18, _t21, _t25, _t36, _t18, _t28,  &(_t18[1]), 0x80);
					_t20 = _a8;
					_t13 = WideCharToMultiByte(_a8, 0, _t36, _t25,  *_t18, _t28, 0, 0);
					asm("sbb esi, esi");
					_t31 =  ~_t13 + 1;
					if(_t31 != 0) {
						_t13 = GetLastError();
						if(_t13 == 0x7a) {
							_t33 = WideCharToMultiByte(_a8, 0, _t36, _t25, 0, 0, 0, 0);
							E6E3D71F0(_t18, _a8, _t25, _t36, _t18, _t33,  &(_t18[1]), 0x80);
							_t20 = _a8;
							_t13 = WideCharToMultiByte(_a8, 0, _t36, _t25,  *_t18, _t33, 0, 0);
							asm("sbb esi, esi");
							_t31 =  ~_t13 + 1;
						}
						if(_t31 != 0) {
							_t13 = L6E3D30D0(_t18, _t20, _t25, _t31);
						}
					}
					return _t13;
				} else {
					 *__ecx = _t36;
					return __eax;
				}
			}

0x6e3d7280
0x6e3d7282
0x6e3d7286
0x6e3d728a
0x6e3d72a6
0x6e3d72a8
0x6e3d72b1
0x6e3d72b8
0x6e3d72ca
0x6e3d72d4
0x6e3d72d6
0x6e3d72d9
0x6e3d72db
0x6e3d72e4
0x6e3d72fd
0x6e3d730a
0x6e3d7311
0x6e3d7323
0x6e3d732d
0x6e3d732f
0x6e3d732f
0x6e3d7332
0x6e3d7334
0x6e3d7334
0x6e3d7332
0x6e3d733d
0x6e3d728c
0x6e3d728c
0x6e3d7290
0x6e3d7290

APIs

lstrlenW.KERNEL32(?,?,?,?,?,6E3D7BF9,\Xv",00000003,6E3FB8F0,00000000,?), ref: 6E3D7296
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,?,00000000,00000000,?,?,2276585C), ref: 6E3D72CA
GetLastError.KERNEL32(?,?,2276585C), ref: 6E3D72DB
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000000,00000000,00000000,?,?,2276585C), ref: 6E3D72F7
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,2276585C), ref: 6E3D7323

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: ed25dc4e8c3c3576bac811b512c012345155984bce3194a9707243f7f201691d
Instruction ID: eaa7d11d7dda492957c7fbfdf2c7c1b60110302ccce07188dd48ea62628fb6c2
Opcode Fuzzy Hash: ed25dc4e8c3c3576bac811b512c012345155984bce3194a9707243f7f201691d
Instruction Fuzzy Hash: 3E210672641325BBE3305A548C88F677B2CEB82B94F244554FE46AE2C1DB61B804C6F8

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DD3C0 Relevance: 7.6, APIs: 5, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3DD3C0(void* __ecx) {
				long _v4;
				void* _v8;
				long _t15;
				long _t18;
				long _t28;
				void* _t35;

				_t35 = __ecx;
				_t15 = GetLastError();
				if(_t15 == 0x3e5) {
					_v8 =  *((intOrPtr*)(_t35 + 0x7628));
					_v4 = 0;
					_v4 =  *(_t35 + 0x59c);
					_t18 = WaitForMultipleObjects(2,  &_v8, 0,  *(_t35 + 0x53c) * 0x3e8);
					if( *((char*)(_t35 + 0x75e8)) == 0 && _t18 == 0x102) {
						_t18 = WaitForMultipleObjects(2,  &_v8, 0, 0x4e20);
					}
					if(_t18 != 1) {
						_t28 =  *(_t35 + 0x762c);
						if(_t28 == 0) {
							if(_t18 != 0) {
								 *(_t35 + 0xc0) = 0xc352;
								return 0;
							} else {
								if(GetLastError() == 0x3e5) {
									SetLastError(0);
								}
								return 1;
							}
						} else {
							 *(_t35 + 0xc0) = _t28;
							return 0;
						}
					} else {
						 *(_t35 + 0xc0) = 0xc351;
						return 0;
					}
				} else {
					 *(_t35 + 0xc0) = _t15;
					return 0;
				}
			}

0x6e3dd3cb
0x6e3dd3cd
0x6e3dd3d4
0x6e3dd404
0x6e3dd40f
0x6e3dd419
0x6e3dd41d
0x6e3dd426
0x6e3dd43d
0x6e3dd43d
0x6e3dd443
0x6e3dd457
0x6e3dd45f
0x6e3dd471
0x6e3dd48f
0x6e3dd4a0
0x6e3dd473
0x6e3dd47a
0x6e3dd47e
0x6e3dd47e
0x6e3dd48e
0x6e3dd48e
0x6e3dd461
0x6e3dd461
0x6e3dd46e
0x6e3dd46e
0x6e3dd445
0x6e3dd445
0x6e3dd456
0x6e3dd456
0x6e3dd3d6
0x6e3dd3d6
0x6e3dd3e3
0x6e3dd3e3

APIs

GetLastError.KERNEL32(?,00000049,?), ref: 6E3DD3CD
WaitForMultipleObjects.KERNEL32(00000002), ref: 6E3DD41D
WaitForMultipleObjects.KERNEL32(00000002,00000000,00000000,00004E20), ref: 6E3DD43D

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: MultipleObjectsWait$ErrorLast
String ID:
API String ID: 361603261-0
Opcode ID: 33613b45438a6d08c8ff3b066f4daf7f9ff5cd0b34f5e5870c07433ee761c502
Instruction ID: c4ba10ee75aabf9169ceed4c2d6d9ffd70b532f3ff2adc148b8e4fc5a16f1f68
Opcode Fuzzy Hash: 33613b45438a6d08c8ff3b066f4daf7f9ff5cd0b34f5e5870c07433ee761c502
Instruction Fuzzy Hash: E8219372514B004BE710DB74EC81BDA73E8FB44721F944A2EE559C6284D77AB14DCF62

Uniqueness

Uniqueness Score: -1.00%

Function 6E52A918 Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 6E52A92E
GetLastError.KERNEL32(?,?,?), ref: 6E52A938
__dosmaperr.LIBCMT ref: 6E52A93F
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 6E52A95D
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 6E52A983

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: FilePointer$ErrorLast__dosmaperr
String ID:
API String ID: 1114809156-0
Opcode ID: ac8205e547cafa0b76a8054d6f3e5335dc1704d23057a5b8c074be06bbff2b20
Instruction ID: ee7d07bb82a70d19bab7bcfddfb4189caac1601c0463edd58c2fec5a83a7bfc2
Opcode Fuzzy Hash: ac8205e547cafa0b76a8054d6f3e5335dc1704d23057a5b8c074be06bbff2b20
Instruction Fuzzy Hash: 7501797180021AFFDF029FA2CC089EE3FBDEB42724F018614B92896190CB318961CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E97AA Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E6E3E97AA(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x6e4034d0);
				E6E3E55C4(__ebx, __edi, __esi);
				_t31 = E6E3E8EEA(__ebx, __edx, __edi, _t35);
				_t15 =  *0x6e405af4; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E6E3E59C3(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x6e4059f8; // 0x4e91670
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x6e4055d0;
								if(__eflags != 0) {
									_push(_t33);
									E6E3E27B2(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x6e4059f8; // 0x4e91670
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x6e4059f8; // 0x4e91670
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E6E3E9845();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E6E3E74EA(_t29, _t31, 0x20);
				}
				return E6E3E5609(_t33);
			}

0x6e3e97aa
0x6e3e97aa
0x6e3e97aa
0x6e3e97aa
0x6e3e97ac
0x6e3e97b1
0x6e3e97bb
0x6e3e97bd
0x6e3e97c5
0x6e3e97e6
0x6e3e97ec
0x6e3e97f0
0x6e3e97f3
0x6e3e97f6
0x6e3e97fc
0x6e3e97fe
0x6e3e9800
0x6e3e9803
0x6e3e9809
0x6e3e980b
0x6e3e980d
0x6e3e9813
0x6e3e9815
0x6e3e9816
0x6e3e981b
0x6e3e9813
0x6e3e980b
0x6e3e981c
0x6e3e9821
0x6e3e9824
0x6e3e982a
0x6e3e982e
0x6e3e982e
0x6e3e9834
0x6e3e983b
0x6e3e97cd
0x6e3e97cd
0x6e3e97cd
0x6e3e97d2
0x6e3e97d6
0x6e3e97db
0x6e3e97e3

APIs

__getptd.LIBCMT ref: 6E3E97B6

Part of subcall function 6E3E8EEA: __getptd_noexit.LIBCMT ref: 6E3E8EED
Part of subcall function 6E3E8EEA: __amsg_exit.LIBCMT ref: 6E3E8EFA

__amsg_exit.LIBCMT ref: 6E3E97D6
__lock.LIBCMT ref: 6E3E97E6
InterlockedDecrement.KERNEL32(?), ref: 6E3E9803
InterlockedIncrement.KERNEL32(04E91670), ref: 6E3E982E

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 7af5d0e539d46c8faab07e41b5ce6dc47df2d1228a43c37fdd11e4c4027e07c8
Instruction ID: 81ae0824f5810d943b2024512cd46b9abda816ea27aed72bc42082efc53b2329
Opcode Fuzzy Hash: 7af5d0e539d46c8faab07e41b5ce6dc47df2d1228a43c37fdd11e4c4027e07c8
Instruction Fuzzy Hash: F501C031901A32EBCB60AFE59004B9E77B4AF01724F01446BE8206BE80C735A581CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E27B2 Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 41%

			E6E3E27B2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x6e403180);
				_t8 = E6E3E55C4(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E6E3E5609(_t8);
				}
				if( *0x6e408194 != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x6e4065a0, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E6E3E575A(_t31);
						 *_t10 = E6E3E5718(GetLastError());
					}
					goto L9;
				}
				E6E3E59C3(__ebx, 4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E6E3E59F6(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E6E3E5A26();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E6E3E2808();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}

0x6e3e27b2
0x6e3e27b4
0x6e3e27b9
0x6e3e27be
0x6e3e27c3
0x6e3e283a
0x6e3e283f
0x6e3e283f
0x6e3e27cc
0x6e3e2811
0x6e3e2812
0x6e3e281a
0x6e3e2820
0x6e3e2822
0x6e3e2824
0x6e3e2837
0x6e3e2839
0x00000000
0x6e3e2822
0x6e3e27d0
0x6e3e27d6
0x6e3e27db
0x6e3e27e1
0x6e3e27e6
0x6e3e27e8
0x6e3e27e9
0x6e3e27ea
0x6e3e27f0
0x6e3e27f1
0x6e3e27f8
0x6e3e2801
0x00000000
0x6e3e2803
0x6e3e2803
0x00000000
0x6e3e2803

APIs

__lock.LIBCMT ref: 6E3E27D0

Part of subcall function 6E3E59C3: __mtinitlocknum.LIBCMT ref: 6E3E59D9
Part of subcall function 6E3E59C3: __amsg_exit.LIBCMT ref: 6E3E59E5
Part of subcall function 6E3E59C3: EnterCriticalSection.KERNEL32(6E3E8E8D,6E3E8E8D,?,6E3E939D,00000004,6E4034B0,0000000C,6E3E9495,00000001,6E3E8E9C,00000000,00000000,00000000,?,6E3E8E9C,00000001), ref: 6E3E59ED

___sbh_find_block.LIBCMT ref: 6E3E27DB
___sbh_free_block.LIBCMT ref: 6E3E27EA
HeapFree.KERNEL32(00000000,00000001,6E403180,0000000C,6E3E59A4,00000000,6E403280,0000000C,6E3E59DE,00000001,6E3E8E8D,?,6E3E939D,00000004,6E4034B0,0000000C), ref: 6E3E281A
GetLastError.KERNEL32(?,6E3E939D,00000004,6E4034B0,0000000C,6E3E9495,00000001,6E3E8E9C,00000000,00000000,00000000,?,6E3E8E9C,00000001,00000214), ref: 6E3E282B

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: da4de3f12da23ff7540dd2a7849c4982beeae3b86f1912ae145358a6babffb32
Instruction ID: b9b32a2154327378e7ee11478df2ecbcbecb3169ea397b97983397a41c58086d
Opcode Fuzzy Hash: da4de3f12da23ff7540dd2a7849c4982beeae3b86f1912ae145358a6babffb32
Instruction Fuzzy Hash: 1A01A231815337FAEF205BF09A04B9E3B68AF02769F10442BE494AB9C4DB359540CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E5360F3 Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E53610B

Part of subcall function 6E52DFD6: HeapFree.KERNEL32(00000000,00000000,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?), ref: 6E52DFEC
Part of subcall function 6E52DFD6: GetLastError.KERNEL32(?,?,6E5363A6,?,00000000,?,00000000,?,6E53664A,?,00000007,?,?,6E535ABD,?,?), ref: 6E52DFFE

_free.LIBCMT ref: 6E53611D
_free.LIBCMT ref: 6E53612F
_free.LIBCMT ref: 6E536141
_free.LIBCMT ref: 6E536153

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 10a713cf220a50745b4c4abfb45fd75dad405c7e5850a9b6af6dda63ee88dde8
Instruction ID: b3abcdbe51e10c99f3c362964b5565b21134de7398c9f90ebce7d09861e391b0
Opcode Fuzzy Hash: 10a713cf220a50745b4c4abfb45fd75dad405c7e5850a9b6af6dda63ee88dde8
Instruction Fuzzy Hash: 6BF04F315247599FCA90CBD8E4D5C6677DDBE406187610C09E118D7A42DBB0FC808AA8

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E4D36 Relevance: 7.5, APIs: 5, Instructions: 24
threadCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E6E3E4D36(intOrPtr __edx, void* __edi, long _a4, char _a8, intOrPtr _a12, long _a16, DWORD* _a20) {
				struct _SECURITY_ATTRIBUTES* _v0;
				intOrPtr _v4;
				DWORD* _v12;
				void* _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __esi;
				void* _t30;
				void* _t36;
				DWORD* _t41;
				intOrPtr* _t43;
				void* _t45;
				void* _t51;
				long _t54;
				void* _t64;
				intOrPtr _t65;
				intOrPtr* _t67;
				void* _t68;
				intOrPtr _t71;
				void* _t74;

				_t64 = __edi;
				_t61 = __edx;
				_t74 = _v24;
				E6E3E775A(_v28);
				asm("int3");
				_t71 = _t74;
				_push(_t67);
				E6E3E8CFC();
				_t30 = E6E3E8CDC(E6E3E8CF6());
				if(_t30 != 0) {
					_t54 = _a4;
					 *((intOrPtr*)(_t30 + 0x54)) =  *((intOrPtr*)(_t54 + 0x54));
					 *((intOrPtr*)(_t30 + 0x58)) =  *((intOrPtr*)(_t54 + 0x58));
					_t61 =  *((intOrPtr*)(_t54 + 4));
					_push(_t54);
					 *((intOrPtr*)(_t30 + 4)) =  *((intOrPtr*)(_t54 + 4));
					E6E3E8F04(_t51, __edi, _t67, __eflags);
				} else {
					_t67 = _a4;
					if(E6E3E8D30(E6E3E8CF6(), _t67) == 0) {
						ExitThread(GetLastError());
					}
					 *_t67 = GetCurrentThreadId();
				}
				_t79 =  *0x6e3fc668;
				if( *0x6e3fc668 != 0) {
					_t45 = E6E3ED4B0(_t79, 0x6e3fc668);
					_pop(_t54);
					_t80 = _t45;
					if(_t45 != 0) {
						 *0x6e3fc668(); // executed
					}
				}
				E6E3E4D01(_t61, _t64, _t67, _t80); // executed
				asm("int3");
				_push(_t71);
				_push(_t54);
				_push(_t51);
				_push(_t64);
				_t65 = _v4;
				_v24 = 0;
				_t81 = _t65;
				if(_t65 != 0) {
					_push(_t67);
					E6E3E8CFC();
					_t68 = E6E3E947F(1, 0x214);
					__eflags = _t68;
					if(__eflags == 0) {
						L17:
						_push(_t68);
						E6E3E27B2(0, _t65, _t68, __eflags);
						__eflags = _v12;
						if(_v12 != 0) {
							E6E3E5780(_v12);
						}
						_t36 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E6E3E8EEA(0, _t61, _t65, __eflags) + 0x6c)));
						_push(_t68);
						E6E3E8D8A(0, _t65, _t68, __eflags);
						 *(_t68 + 4) =  *(_t68 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t68 + 0x58)) = _a12;
						_t41 = _a20;
						 *((intOrPtr*)(_t68 + 0x54)) = _t65;
						__eflags = _t41;
						if(_t41 == 0) {
							_t41 =  &_a8;
						}
						_t36 = CreateThread(_v0, _a4, E6E3E4D42, _t68, _a16, _t41); // executed
						__eflags = _t36;
						if(__eflags == 0) {
							_v12 = GetLastError();
							goto L17;
						}
					}
				} else {
					_t43 = E6E3E575A(_t81);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t43 = 0x16;
					E6E3E3DE7(_t61, _t65, _t67);
					_t36 = 0;
				}
				return _t36;
			}

0x6e3e4d36
0x6e3e4d36
0x6e3e4d36
0x6e3e4d3c
0x6e3e4d41
0x6e3e4d45
0x6e3e4d47
0x6e3e4d48
0x6e3e4d53
0x6e3e4d5a
0x6e3e4d86
0x6e3e4d8c
0x6e3e4d92
0x6e3e4d95
0x6e3e4d98
0x6e3e4d99
0x6e3e4d9c
0x6e3e4d5c
0x6e3e4d5c
0x6e3e4d6d
0x6e3e4d76
0x6e3e4d76
0x6e3e4d82
0x6e3e4d82
0x6e3e4da1
0x6e3e4da8
0x6e3e4daf
0x6e3e4db4
0x6e3e4db5
0x6e3e4db7
0x6e3e4db9
0x6e3e4db9
0x6e3e4db7
0x6e3e4dbf
0x6e3e4dc4
0x6e3e4dc7
0x6e3e4dca
0x6e3e4dcb
0x6e3e4dcc
0x6e3e4dcd
0x6e3e4dd2
0x6e3e4dd5
0x6e3e4dd7
0x6e3e4df5
0x6e3e4df6
0x6e3e4e07
0x6e3e4e0b
0x6e3e4e0d
0x6e3e4e59
0x6e3e4e59
0x6e3e4e5a
0x6e3e4e60
0x6e3e4e63
0x6e3e4e68
0x6e3e4e6d
0x6e3e4e6e
0x6e3e4e6e
0x6e3e4e0f
0x6e3e4e14
0x6e3e4e17
0x6e3e4e18
0x6e3e4e20
0x6e3e4e24
0x6e3e4e27
0x6e3e4e2c
0x6e3e4e2f
0x6e3e4e31
0x6e3e4e33
0x6e3e4e33
0x6e3e4e46
0x6e3e4e4c
0x6e3e4e4e
0x6e3e4e56
0x00000000
0x6e3e4e56
0x6e3e4e4e
0x6e3e4dd9
0x6e3e4dd9
0x6e3e4dde
0x6e3e4ddf
0x6e3e4de0
0x6e3e4de1
0x6e3e4de2
0x6e3e4de3
0x6e3e4de9
0x6e3e4df1
0x6e3e4df1
0x6e3e4e74

APIs

Part of subcall function 6E3E775A: _doexit.LIBCMT ref: 6E3E7766

___set_flsgetvalue.LIBCMT ref: 6E3E4D48

Part of subcall function 6E3E8CFC: TlsGetValue.KERNEL32(?,6E3E8E88), ref: 6E3E8D05
Part of subcall function 6E3E8CFC: __decode_pointer.LIBCMT ref: 6E3E8D17
Part of subcall function 6E3E8CFC: TlsSetValue.KERNEL32(00000000), ref: 6E3E8D26

___fls_getvalue@4.LIBCMT ref: 6E3E4D53

Part of subcall function 6E3E8CDC: TlsGetValue.KERNEL32(?,?,6E3E4D58,00000000), ref: 6E3E8CEA

___fls_setvalue@8.LIBCMT ref: 6E3E4D66

Part of subcall function 6E3E8D30: __decode_pointer.LIBCMT ref: 6E3E8D41

GetLastError.KERNEL32(00000000,?,00000000), ref: 6E3E4D6F
ExitThread.KERNEL32 ref: 6E3E4D76
GetCurrentThreadId.KERNEL32 ref: 6E3E4D7C
__freefls@4.LIBCMT ref: 6E3E4D9C
__IsNonwritableInCurrentImage.LIBCMT ref: 6E3E4DAF

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
String ID:
API String ID: 132634196-0
Opcode ID: 10bef0ade6015ba671924910ac72c7590d9e30cbe9137500a6e7136261f5c4ff
Instruction ID: 2481ca5b5b05e222cb0ef9854f7b0880c2a78a34355f05746b476e46a77f1841
Opcode Fuzzy Hash: 10bef0ade6015ba671924910ac72c7590d9e30cbe9137500a6e7136261f5c4ff
Instruction Fuzzy Hash: C6E08671C01639679F103BF19D09CDF7AAC5E0A388B180C12EE91B3C09EF35941187A5

Uniqueness

Uniqueness Score: -1.00%

Function 6E534708 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_strpbrk.LIBCMT ref: 6E534757
_free.LIBCMT ref: 6E534874

Part of subcall function 6E51A256: IsProcessorFeaturePresent.KERNEL32(00000017,6E51A228,00000000,0000006C,00000004,6E545AFC,?,0000006C,?,?,6E51A235,00000000,00000000,00000000,00000000,00000000), ref: 6E51A258
Part of subcall function 6E51A256: GetCurrentProcess.KERNEL32(C0000417,0000006C), ref: 6E51A27A
Part of subcall function 6E51A256: TerminateProcess.KERNEL32(00000000), ref: 6E51A281

Strings

*?, xrefs: 6E53474B
., xrefs: 6E534A2B

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
String ID: *?$.
API String ID: 2812119850-3972193922
Opcode ID: 69c3eb1e63d9cb20aef4aa2bc9908f3dfa2736cf24d2474a56bd04d55ea1833e
Instruction ID: f2bde0b8b3d6203250030c1d0e19cf6108bfe13de9d6acb08dba07963c72632c
Opcode Fuzzy Hash: 69c3eb1e63d9cb20aef4aa2bc9908f3dfa2736cf24d2474a56bd04d55ea1833e
Instruction Fuzzy Hash: 15517175E0412AAFDB15CFE8C880AEDFBF9EF89314F248569D554E7344E7329A028B50

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DE7E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 155
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E3DE7E0() {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t129;
				intOrPtr _t132;
				intOrPtr _t134;
				intOrPtr _t137;
				signed int** _t139;
				signed int** _t140;
				short* _t142;
				signed int _t154;
				long _t161;
				long _t162;
				void* _t163;
				long _t165;
				void* _t167;
				long _t168;
				long _t172;
				long _t174;
				long _t178;
				long _t179;
				void* _t183;
				int _t194;
				long _t195;
				long _t200;
				long _t205;
				short _t221;
				WCHAR* _t222;
				void** _t224;
				WCHAR* _t228;
				long _t249;
				void* _t250;
				void* _t251;
				long _t252;
				signed int _t265;
				signed int _t267;
				signed int _t269;
				signed int _t282;
				int _t283;
				WCHAR* _t285;
				char* _t288;
				void* _t289;
				WCHAR* _t290;
				void** _t292;
				signed int _t296;
				signed int _t301;
				void* _t304;
				void* _t306;
				signed int _t307;
				signed int _t309;
				void* _t310;

				_t307 = _t306 - 0xc;
				_t129 =  *0x6e405204; // 0x2276585c
				 *[fs:0x0] = _t307 + 0x20;
				_t132 =  *0x6e406514; // 0x6e3fc5e4
				_t2 = _t132 + 0xc; // 0x6e3e24bc
				 *(_t307 + 0x28) = 0;
				_t4 =  *((intOrPtr*)( *_t2))(_t129 ^ _t307, _t282, _t289, _t301, _t221,  *[fs:0x0], E6E3FA728, 0xffffffff) + 0x10; // 0x10
				_t290 = _t4;
				 *(_t307 + 0x14) = _t290;
				_t134 =  *0x6e406514; // 0x6e3fc5e4
				_t6 = _t134 + 0xc; // 0x6e3e24bc
				 *(_t307 + 0x28) = 1;
				 *(_t307 + 0x1c) =  *((intOrPtr*)( *_t6))() + 0x10;
				_t228 =  *(_t307 + 0x30);
				_t137 =  *((intOrPtr*)(_t228 - 0xc));
				_t265 = 0;
				 *(_t307 + 0x28) = 2;
				 *(_t307 + 0x18) = 0;
				if(_t137 <= 0) {
					L11:
					if( *((intOrPtr*)(_t307 + 0x34)) != 0) {
						CreateDirectoryW(_t228, 0);
						_t265 = _t307 + 0x30;
						_push(_t265);
						E6E3DDB40(_t307 + 0x20);
					}
					_t222 =  *(_t307 + 0x1c);
					_t283 = PathIsDirectoryW(_t222);
					_t139 = _t222 - 0x10;
					 *(_t307 + 0x28) = 1;
					asm("lock xadd [ecx], edx");
					_t267 = (_t265 | 0xffffffff) - 1;
					if(_t267 <= 0) {
						_t267 =  *( *_t139);
						 *((intOrPtr*)( *((intOrPtr*)(_t267 + 4))))(_t139);
					}
					_t42 = _t290 - 0x10; // 0x0
					_t140 = _t42;
					 *(_t307 + 0x28) = 0;
					asm("lock xadd [ecx], edx");
					_t269 = (_t267 | 0xffffffff) - 1;
					if(_t269 <= 0) {
						_t269 =  *( *_t140);
						 *((intOrPtr*)( *((intOrPtr*)(_t269 + 4))))(_t140);
					}
					_t142 =  &(( *(_t307 + 0x30))[0xfffffffffffffff8]);
					 *(_t307 + 0x28) = 0xffffffff;
					asm("lock xadd [ecx], edx");
					if((_t269 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *( *_t142) + 4))))(_t142);
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t307 + 0x20));
					return _t283;
				} else {
					while(_t265 >= 0 && _t265 <= _t137) {
						_t290[_t301] = _t221;
						if(_t282 < 0 || _t282 >  *((intOrPtr*)(_t290 - 8))) {
							break;
						} else {
							 *(_t290 - 0xc) = _t282;
							_t290[_t282] = 0;
							if(_t221 == 0x5c || _t221 == 0x2f) {
								CreateDirectoryW(_t290, 0);
								_t28 = _t307 + 0x14; // 0x2276585c
								E6E3DDB40(_t307 + 0x20);
								_t265 =  *(_t307 + 0x18);
							}
							_t228 =  *(_t307 + 0x30);
							_t137 =  *((intOrPtr*)(_t228 - 0xc));
							_t265 =  &(1[_t265]);
							 *(_t307 + 0x18) = _t265;
							if(_t265 < _t137) {
								continue;
							} else {
								goto L11;
							}
						}
						goto L62;
					}
					E6E3D30B0(_t221, _t282, _t290, _t301, 0x80070057);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0xffffffff);
					_push(E6E3FA758);
					_push( *[fs:0x0]);
					_t309 = _t307 - 0x3c;
					_push(_t221);
					_push(_t301);
					_push(_t290);
					_push(_t282);
					_t154 =  *0x6e405204; // 0x2276585c
					_push(_t154 ^ _t309);
					 *[fs:0x0] = _t309 + 0x50;
					_t285 = _t228;
					 *(_t309 + 0x14) = _t285;
					_t292 =  *(_t309 + 0x60);
					_t224 =  *(_t309 + 0x68);
					 *_t292 = 0;
					 *( *(_t309 + 0x64)) = 0;
					 *_t224 = 0;
					E6E3DDA20(_t309 + 0x2c);
					_t273 =  *(_t309 + 0x70);
					 *(_t309 + 0x68) = _t309;
					 *(_t309 + 0x64) = 0;
					E6E3D6400(_t301,  *(_t309 + 0x70));
					E6E3DDBC0(_t301, _t309 + 0x2c, _t309 + 0x2c);
					_t161 = 0;
					_t310 = _t309 + 8;
					__eflags = _t285[4];
					if(_t285[4] != 0) {
						L23:
						_t161 = 1;
					} else {
						__eflags =  *0x6e4064d4 - _t161; // 0x0
						if(__eflags != 0) {
							goto L23;
						}
					}
					_t162 = InternetOpenW(0, _t161, 0, 0, 0x10000000);
					 *_t292 = _t162;
					__eflags = _t162;
					if(_t162 != 0) {
						__imp__InternetSetStatusCallbackA(_t162, E6E3DD1E0);
						__eflags = _t162 - 0xffffffff;
						if(_t162 != 0xffffffff) {
							_t304 = InternetSetOptionW;
							_t165 = _t285[0x2a0] * 0x3e8;
							 *(_t310 + 0x68) = _t165;
							__eflags = _t165;
							if(_t165 != 0) {
								InternetSetOptionW( *_t292, 2, _t310 + 0x6c, 4);
								InternetSetOptionW( *_t292, 6, _t310 + 0x6c, 4);
								InternetSetOptionW( *_t292, 5, _t310 + 0x6c, 4);
							}
							_t273 =  *_t292;
							_t167 = InternetConnectA( *_t292,  *(_t310 + 0x34),  *(_t310 + 0x38), 0, 0, 3, 0, 0);
							 *( *(_t310 + 0x64)) = _t167;
							__eflags = _t167;
							if(_t167 != 0) {
								__eflags =  *(_t310 + 0x30);
								 *(_t310 + 0x60) = 0x8448c100;
								if( *(_t310 + 0x30) != 0) {
									 *(_t310 + 0x60) = 0x84c8f100;
								}
								__eflags = _t285[0x2a8];
								if(_t285[0x2a8] != 0) {
									L33:
									_t75 = _t310 + 0x60;
									 *_t75 =  *(_t310 + 0x60) | 0x00200000;
									__eflags =  *_t75;
								} else {
									__eflags = _t285[0x2aa] - 1;
									if(_t285[0x2aa] == 1) {
										goto L33;
									}
								}
								 *(_t310 + 0x28) = 1;
								_t168 = InternetSetOptionW(_t167, 0x4d, _t310 + 0x1c, 4);
								_t287 = GetLastError;
								__eflags = _t168;
								if(_t168 == 0) {
									_t200 = GetLastError();
									 *(_t310 + 0x78) = 0;
									InternetGetConnectedState(_t310 + 0x74, 0);
									_push( *(_t310 + 0x70));
									_push(_t200);
									_t300 =  *(_t310 + 0x1c);
									E6E3D7C70(_t224, GetLastError, _t304, 0x6e4064d8, "[%u] IGNORE_OFFLINE failed: %d, ConnectedState: 0x%x",  *(_t310 + 0x1c));
									_t310 = _t310 + 0x14;
									__eflags =  *(_t310 + 0x70) & 0x00000020;
									if(( *(_t310 + 0x70) & 0x00000020) != 0) {
										 *(_t310 + 0x28) = 0;
										 *(_t310 + 0x30) = 0;
										 *(_t310 + 0x2c) = 1;
										_t205 = InternetSetOptionW(0, 0x32, _t310 + 0x20, 8);
										__eflags = _t205;
										if(_t205 == 0) {
											_push(GetLastError());
											E6E3D7C70(_t224, GetLastError, _t304, 0x6e4064d8, "[%u] global connected state, error %d", _t300);
											_t310 = _t310 + 0x10;
										} else {
											E6E3D7C70(_t224, GetLastError, _t304, 0x6e4064d8, "[%u] global connected state.", _t300);
											_t310 = _t310 + 0xc;
										}
										SetLastError(0);
									}
								}
								_t273 =  *(_t310 + 0x70);
								 *((intOrPtr*)(_t310 + 0x44)) = "*/*";
								 *(_t310 + 0x48) = 0;
								_t172 = HttpOpenRequestA( *( *(_t310 + 0x70)),  *(_t310 + 0x74),  *(_t310 + 0x40), "HTTP/1.1", 0, _t310 + 0x2c,  *(_t310 + 0x60),  *(_t310 + 0x78));
								 *_t224 = _t172;
								__eflags = _t172;
								if(_t172 != 0) {
									SetLastError(0);
									__eflags =  *(_t310 + 0x30);
									if( *(_t310 + 0x30) != 0) {
										 *(_t310 + 0x74) = 0;
										 *(_t310 + 0x70) = 4;
										InternetQueryOptionW( *_t224, 0x1f, _t310 + 0x68, _t310 + 0x60);
										_t103 = _t310 + 0x64;
										 *_t103 =  *(_t310 + 0x64) | 0x00003180;
										__eflags =  *_t103;
										InternetSetOptionW( *_t224, 0x1f, _t310 + 0x68, 4);
									}
									_t273 =  *_t224;
									 *(_t310 + 0x74) = 0;
									 *(_t310 + 0x70) = 4;
									_t174 = InternetQueryOptionW( *_t224, 0x41, _t310 + 0x68, _t310 + 0x60);
									GetLastError();
									__eflags = _t174;
									if(_t174 != 0) {
										__eflags =  *(_t310 + 0x64);
										if( *(_t310 + 0x64) != 0) {
											 *(_t310 + 0x74) = 0;
											_t194 = InternetSetOptionW( *_t224, 0x41, _t310 + 0x68, 4);
											_t195 = GetLastError();
											_t273 =  *(_t310 + 0x14);
											_push(_t195);
											_push(_t194);
											E6E3D7C70(_t224, _t287, _t304, 0x6e4064d8, "[%u] found AutoDecoding enable. try to disable, success=%d, err=%d",  *(_t310 + 0x14));
											_t310 = _t310 + 0x14;
										}
									}
									SetLastError(0);
									_t288 =  *(_t310 + 0x74);
									_t296 = 0;
									_t178 = _t288[0x10] - _t288[0xc] >> 2;
									__eflags = _t178;
									if(_t178 > 0) {
										__eflags = 0 - _t178;
										do {
											if(__eflags >= 0) {
												E6E3E3E0D();
											}
											_t273 =  *_t224;
											HttpAddRequestHeadersA( *_t224,  *(_t288[0xc] + _t296 * 4),  *( *(_t288[0xc] + _t296 * 4) - 0xc), 0xa0000000);
											_t296 =  &(1[_t296]);
											__eflags = _t296 - _t288[0x10] - _t288[0xc] >> 2;
										} while (__eflags < 0);
										_t304 = InternetSetOptionW;
									}
									_t179 =  *0x6e4050d0; // 0x0
									_t249 =  *0x6e4050ec; // 0x0
									__eflags = _t179;
									if(_t179 != 0) {
										L54:
										_push(_t249);
										_push(_t179);
										E6E3D7C70(_t224, _t288, _t304, 0x6e4064d8, "[%u] [ProxyAuth] using saved info. user_len:%d, pwd_len:%d",  *(_t310 + 0x1c));
										_t179 =  *0x6e4050d0; // 0x0
										_t310 = _t310 + 0x14;
									} else {
										__eflags = _t249;
										if(_t249 != 0) {
											goto L54;
										}
									}
									_t250 =  *(_t310 + 0x14);
									__eflags =  *(_t250 + 8);
									if( *(_t250 + 8) == 0) {
										_t251 =  *0x6e4050c0; // 0x0
										__eflags =  *0x6e4050d4 - 8; // 0x7
										if(__eflags < 0) {
											_t251 = 0x6e4050c0;
										}
										InternetSetOptionW( *_t224, 0x2b, _t251, _t179);
										_t183 =  *0x6e4050dc; // 0x0
										__eflags =  *0x6e4050f0 - 8; // 0x7
										if(__eflags < 0) {
											_t183 = 0x6e4050dc;
										}
										_t252 =  *0x6e4050ec; // 0x0
										_t273 =  *_t224;
										InternetSetOptionW( *_t224, 0x2c, _t183, _t252); // executed
									}
								}
							}
						}
					}
					_t163 = E6E3DD920(_t310 + 0x2c, _t273);
					 *[fs:0x0] =  *((intOrPtr*)(_t310 + 0x50));
					return _t163;
				}
				L62:
			}

0x6e3de7ee
0x6e3de7f5
0x6e3de801
0x6e3de807
0x6e3de80c
0x6e3de814
0x6e3de81e
0x6e3de81e
0x6e3de821
0x6e3de825
0x6e3de82a
0x6e3de832
0x6e3de83c
0x6e3de840
0x6e3de844
0x6e3de847
0x6e3de849
0x6e3de84e
0x6e3de854
0x6e3de8f0
0x6e3de8f5
0x6e3de8fa
0x6e3de900
0x6e3de904
0x6e3de909
0x6e3de909
0x6e3de90e
0x6e3de919
0x6e3de91b
0x6e3de91e
0x6e3de929
0x6e3de92d
0x6e3de930
0x6e3de934
0x6e3de93a
0x6e3de93a
0x6e3de93c
0x6e3de93c
0x6e3de93f
0x6e3de94a
0x6e3de94e
0x6e3de951
0x6e3de955
0x6e3de95b
0x6e3de95b
0x6e3de961
0x6e3de964
0x6e3de972
0x6e3de979
0x6e3de983
0x6e3de983
0x6e3de98b
0x6e3de99a
0x6e3de85a
0x6e3de85a
0x6e3de897
0x6e3de89d
0x00000000
0x6e3de8ac
0x6e3de8ae
0x6e3de8b1
0x6e3de8b9
0x6e3de8c4
0x6e3de8ca
0x6e3de8d3
0x6e3de8d8
0x6e3de8d8
0x6e3de8dc
0x6e3de8e0
0x6e3de8e3
0x6e3de8e6
0x6e3de8ea
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3de8ea
0x00000000
0x6e3de89d
0x6e3de9a0
0x6e3de9a5
0x6e3de9a6
0x6e3de9a7
0x6e3de9a8
0x6e3de9a9
0x6e3de9aa
0x6e3de9ab
0x6e3de9ac
0x6e3de9ad
0x6e3de9ae
0x6e3de9af
0x6e3de9b0
0x6e3de9b2
0x6e3de9bd
0x6e3de9be
0x6e3de9c1
0x6e3de9c2
0x6e3de9c3
0x6e3de9c4
0x6e3de9c5
0x6e3de9cc
0x6e3de9d1
0x6e3de9d7
0x6e3de9d9
0x6e3de9dd
0x6e3de9e5
0x6e3de9e9
0x6e3de9ef
0x6e3de9f9
0x6e3de9ff
0x6e3dea04
0x6e3dea10
0x6e3dea15
0x6e3dea1d
0x6e3dea22
0x6e3dea27
0x6e3dea29
0x6e3dea2c
0x6e3dea2f
0x6e3dea39
0x6e3dea39
0x6e3dea31
0x6e3dea31
0x6e3dea37
0x00000000
0x00000000
0x6e3dea37
0x6e3dea4a
0x6e3dea50
0x6e3dea52
0x6e3dea54
0x6e3dea60
0x6e3dea66
0x6e3dea69
0x6e3dea75
0x6e3dea7b
0x6e3dea81
0x6e3dea85
0x6e3dea87
0x6e3dea95
0x6e3deaa3
0x6e3deab1
0x6e3deab1
0x6e3deabb
0x6e3deaca
0x6e3dead4
0x6e3dead6
0x6e3dead8
0x6e3deade
0x6e3deae3
0x6e3deaeb
0x6e3deaed
0x6e3deaed
0x6e3deaf5
0x6e3deafc
0x6e3deb07
0x6e3deb07
0x6e3deb07
0x6e3deb07
0x6e3deafe
0x6e3deafe
0x6e3deb05
0x00000000
0x00000000
0x6e3deb05
0x6e3deb19
0x6e3deb21
0x6e3deb23
0x6e3deb29
0x6e3deb2b
0x6e3deb31
0x6e3deb3c
0x6e3deb44
0x6e3deb4e
0x6e3deb4f
0x6e3deb50
0x6e3deb5f
0x6e3deb64
0x6e3deb67
0x6e3deb6c
0x6e3deb79
0x6e3deb7e
0x6e3deb82
0x6e3deb8a
0x6e3deb8c
0x6e3deb8e
0x6e3deba7
0x6e3debb3
0x6e3debb8
0x6e3deb90
0x6e3deb9b
0x6e3deba0
0x6e3deba0
0x6e3debbd
0x6e3debbd
0x6e3deb6c
0x6e3debda
0x6e3debea
0x6e3debf2
0x6e3debfa
0x6e3dec00
0x6e3dec02
0x6e3dec04
0x6e3dec0c
0x6e3dec12
0x6e3dec1d
0x6e3dec2e
0x6e3dec36
0x6e3dec3e
0x6e3dec42
0x6e3dec42
0x6e3dec42
0x6e3dec54
0x6e3dec54
0x6e3dec56
0x6e3dec65
0x6e3dec6d
0x6e3dec75
0x6e3dec79
0x6e3dec7b
0x6e3dec7d
0x6e3dec7f
0x6e3dec84
0x6e3dec92
0x6e3dec9a
0x6e3dec9e
0x6e3deca0
0x6e3deca4
0x6e3deca5
0x6e3decb1
0x6e3decb6
0x6e3decb6
0x6e3dec84
0x6e3decbb
0x6e3decc1
0x6e3deccb
0x6e3deccd
0x6e3decd0
0x6e3decd2
0x6e3decda
0x6e3decdc
0x6e3decdc
0x6e3decde
0x6e3decde
0x6e3dece6
0x6e3decf8
0x6e3ded00
0x6e3ded04
0x6e3ded04
0x6e3ded08
0x6e3ded08
0x6e3ded0e
0x6e3ded13
0x6e3ded19
0x6e3ded1b
0x6e3ded21
0x6e3ded21
0x6e3ded22
0x6e3ded32
0x6e3ded37
0x6e3ded3c
0x6e3ded1d
0x6e3ded1d
0x6e3ded1f
0x00000000
0x00000000
0x6e3ded1f
0x6e3ded3f
0x6e3ded43
0x6e3ded47
0x6e3ded49
0x6e3ded54
0x6e3ded5a
0x6e3ded5c
0x6e3ded5c
0x6e3ded68
0x6e3ded6a
0x6e3ded6f
0x6e3ded75
0x6e3ded77
0x6e3ded77
0x6e3ded7c
0x6e3ded82
0x6e3ded89
0x6e3ded89
0x6e3ded47
0x6e3dec04
0x6e3dead8
0x6e3dea69
0x6e3ded8f
0x6e3ded98
0x6e3deda7
0x6e3deda7
0x00000000

APIs

CreateDirectoryW.KERNEL32(00000010,00000000), ref: 6E3DE8C4

Part of subcall function 6E3D7400: _memcpy_s.LIBCMT ref: 6E3D7388

CreateDirectoryW.KERNEL32(?,00000000), ref: 6E3DE8FA
PathIsDirectoryW.SHLWAPI(?), ref: 6E3DE913

Strings

\Xv", xrefs: 6E3DE8CA, 6E3DE88F, 6E3DE8CE

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Directory$Create$Path_memcpy_s
String ID: \Xv"
API String ID: 3211544767-1849003930
Opcode ID: 714a16985f4ea481cbbce00dbab8bf168da424c5884f7c017cb5774f5dc608ad
Instruction ID: 53fd59088a83d736c2b992dafd9148d8d3000fbc90ca6d2a17ef09c45f7fb98b
Opcode Fuzzy Hash: 714a16985f4ea481cbbce00dbab8bf168da424c5884f7c017cb5774f5dc608ad
Instruction Fuzzy Hash: 085191716047428FD340CF69C884B5AFBE5FFC9324F148A6DE4958B2A4D735E509CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E4FC6D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(80000001,Software\Ludashi,close_checkprocess,?,?,?,E97A779A), ref: 6E4FC732

Part of subcall function 6E50CA10: EnterCriticalSection.KERNEL32(6E56845C,E97A779A,?,00000000,?), ref: 6E50CA51
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(00000010), ref: 6E50CAC7
Part of subcall function 6E50CA10: InitializeCriticalSection.KERNEL32(0000005C), ref: 6E50CAFD

Part of subcall function 6E50CA10: LeaveCriticalSection.KERNEL32(6E56845C), ref: 6E50CBDD

Strings

close_checkprocess, xrefs: 6E4FC71C
[test switch]IsCloseProcessCheck:, xrefs: 6E4FC82F
Software\Ludashi, xrefs: 6E4FC721

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$Initialize$EnterLeaveValue
String ID: Software\Ludashi$[test switch]IsCloseProcessCheck:$close_checkprocess
API String ID: 4178275030-4037224670
Opcode ID: 336185ad6bcf9a04c3601be5730a40d67c6717e21978160c55609f9c432ebbe4
Instruction ID: 1b42d74a4050b5eceb5679371330ef2e972696ee3007ebed0ef524f8cc3fd4b3
Opcode Fuzzy Hash: 336185ad6bcf9a04c3601be5730a40d67c6717e21978160c55609f9c432ebbe4
Instruction Fuzzy Hash: 53518D74E01649DFCB10CFA8C884B9EBBF4AF45724F24425AE526AB3D0DB349A05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E5028E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,00000104), ref: 6E502947
PathRemoveFileSpecW.SHLWAPI(00000000), ref: 6E502954
PathAppendW.SHLWAPI(00000000,mininews.exe), ref: 6E502966

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

Part of subcall function 6E4ED8F0: FindResourceExW.KERNEL32(00000000,00000006,000000AD,00000000,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A), ref: 6E4ED946
Part of subcall function 6E4ED8F0: FindResourceW.KERNEL32(00000000,?,00000006,000000FF), ref: 6E4ED984

Strings

mininews.exe, xrefs: 6E50295A

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: FileFindPathResource$AppendHeapModuleNameProcessRemoveSpec
String ID: mininews.exe
API String ID: 1068931541-3106586954
Opcode ID: a1dc4d32af096fb2691db2accc1963eb82871cbe6ca36a20a6b6a44d6cafcf7f
Instruction ID: f0f96716d4fa95b3a8393c10f505d6e61ee68b457e10e12433f24376b0d3b397
Opcode Fuzzy Hash: a1dc4d32af096fb2691db2accc1963eb82871cbe6ca36a20a6b6a44d6cafcf7f
Instruction Fuzzy Hash: D4319E7194421CDFDF54DFA8C858BEEB7F8EB04708F004A99E90997690DB716A85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D9270 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E6E3D9270(void* __ecx, void* __edx, intOrPtr _a4, char* _a8, intOrPtr _a12) {
				intOrPtr _v4;
				char _v12;
				intOrPtr _v24;
				char _v68;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t20;
				char* _t23;
				void* _t24;
				void* _t25;
				intOrPtr _t32;
				intOrPtr _t34;
				void* _t44;
				intOrPtr _t48;
				intOrPtr _t51;
				void* _t52;
				void* _t54;
				void* _t56;
				signed int _t57;

				_t44 = __edx;
				_push(0xffffffff);
				_push(E6E3F9FE8);
				_push( *[fs:0x0]);
				_t57 = _t56 - 0x3c;
				_t20 =  *0x6e405204; // 0x2276585c
				_push(_t20 ^ _t57);
				 *[fs:0x0] =  &_v12;
				_t54 = __ecx;
				_t23 = _a8;
				_t34 = 0;
				if( *((intOrPtr*)(_t23 + 0x28)) == 0 || _a12 == 0) {
					L11:
					_push(0xffffffff);
					_push(_t34);
					_t24 = _t23 + 4;
					__eflags = _t24;
					_push(_t24);
					_t25 = E6E3D8A20(_a4);
					goto L12;
				} else {
					_t48 =  *((intOrPtr*)(_t23 + 0x18));
					_t51 = 0x6e3fb8ec;
					if(_t48 != 0) {
						if( *((intOrPtr*)(_t23 + 0x1c)) < 0x10) {
							_t51 = _t23 + 8;
						} else {
							_t51 =  *((intOrPtr*)(_t23 + 8));
						}
					}
					_t9 =  &_v72; // 0x2276585c
					E6E3D8070(_t9);
					_push(_t48);
					_push(_t51);
					_v4 = _t34;
					_t52 = E6E3D80C0(_t34,  &_v72, _t44, _t48, _t54);
					_t63 = _t52 - _t34;
					if(_t52 != _t34) {
						_push(_t52);
						_t32 = E6E3E4817(_t34, _t44, _t48, _t52, _t63);
						_t57 = _t57 + 4;
						_t34 = _t32;
					}
					_t12 =  &_v68; // 0x2276585c
					_push( *_t12);
					_push(_t34);
					_push(_t48);
					E6E3D7C70(_t34, _t48, _t54, 0x6e4064d8, "[%u] gzip compress %d -> %d bytes, error_code=%d\r\n", _t54);
					_t57 = _t57 + 0x18;
					_t64 = _t52;
					if(_t52 == 0) {
						_a8 = "gzip compress error";
						_t23 = E6E3E3041( &_a8, 0x6e4024f4);
						goto L11;
					} else {
						E6E3D8C60(_a8, _t52, _t34);
						_push(_t52);
						E6E3E27B2(_t34, _t48, _t52, _t64);
						_t25 = E6E3F4690( &_v72);
						_t57 = _t57 + 8;
						L12:
						 *[fs:0x0] = _v24;
						return _t25;
					}
				}
			}

0x6e3d9270
0x6e3d9270
0x6e3d9272
0x6e3d927d
0x6e3d927e
0x6e3d9285
0x6e3d928c
0x6e3d9291
0x6e3d9297
0x6e3d9299
0x6e3d929d
0x6e3d92a2
0x6e3d934a
0x6e3d934e
0x6e3d9350
0x6e3d9351
0x6e3d9351
0x6e3d9354
0x6e3d9355
0x00000000
0x6e3d92b2
0x6e3d92b2
0x6e3d92b5
0x6e3d92bc
0x6e3d92c2
0x6e3d92c9
0x6e3d92c4
0x6e3d92c4
0x6e3d92c4
0x6e3d92c2
0x6e3d92cc
0x6e3d92d0
0x6e3d92d5
0x6e3d92d6
0x6e3d92db
0x6e3d92e4
0x6e3d92e6
0x6e3d92e8
0x6e3d92ea
0x6e3d92eb
0x6e3d92f0
0x6e3d92f3
0x6e3d92f3
0x6e3d92f5
0x6e3d92f9
0x6e3d92fa
0x6e3d92fb
0x6e3d9307
0x6e3d930c
0x6e3d930f
0x6e3d9311
0x6e3d933d
0x6e3d9345
0x00000000
0x6e3d9313
0x6e3d9319
0x6e3d931e
0x6e3d931f
0x6e3d9329
0x6e3d932e
0x6e3d935a
0x6e3d935e
0x6e3d936d
0x6e3d936d
0x6e3d9311

APIs

__msize.LIBCMT ref: 6E3D92EB
__CxxThrowException@8.LIBCMT ref: 6E3D9345

Strings

\Xv", xrefs: 6E3D92CC, 6E3D92F5, 6E3D92F9
[%u] gzip compress %d -> %d bytes, error_code=%d, xrefs: 6E3D92FD

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Exception@8Throw__msize
String ID: [%u] gzip compress %d -> %d bytes, error_code=%d$\Xv"
API String ID: 2468073516-821754467
Opcode ID: 162c05b42d318297300c08e6734f01a34f110ac3c804645b844cdd04cdd121d9
Instruction ID: a33931c1d36858fb8acfb27ea15efa0c1e9a14596701929202e34b15be122afa
Opcode Fuzzy Hash: 162c05b42d318297300c08e6734f01a34f110ac3c804645b844cdd04cdd121d9
Instruction Fuzzy Hash: 98219EB3408355EFC700DFE5DC90E9BB3ACEB85324F01092DF99157291D776A809C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E50CC30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6E50CC7C
GetCurrentProcessId.KERNEL32(00000000), ref: 6E50CC83
wsprintfW.USER32 ref: 6E50CCCA

Strings

%04d-%02d-%02d %02d:%02d:%02d.%03d [%5d][%5d] , xrefs: 6E50CCC4

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Current$ProcessThreadwsprintf
String ID: %04d-%02d-%02d %02d:%02d:%02d.%03d [%5d][%5d]
API String ID: 2521638806-3710197640
Opcode ID: ab66c0bc4212279481502532db126e12e5dade866dabcd3ae5d327f959d232d8
Instruction ID: f4e40e8333ba47159d63b23c2738c46fd209a7b3fb5238866707267ba41e6fb2
Opcode Fuzzy Hash: ab66c0bc4212279481502532db126e12e5dade866dabcd3ae5d327f959d232d8
Instruction Fuzzy Hash: BF217171900219DBDF21DFA4CC45FEEB7BCAB08304F0445DAE60AA3140EB759E958F64

Uniqueness

Uniqueness Score: -1.00%

Function 6E3EF974 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3EF974() {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t10;
				void* _t12;
				intOrPtr _t15;
				intOrPtr* _t16;
				signed int _t19;
				signed int _t20;
				intOrPtr _t26;
				intOrPtr _t27;

				_t5 =  *0x6e408040;
				_t26 = 0x14;
				if(_t5 != 0) {
					if(_t5 < _t26) {
						_t5 = _t26;
						goto L4;
					}
				} else {
					_t5 = 0x200;
					L4:
					 *0x6e408040 = _t5;
				}
				_t6 = E6E3E947F(_t5, 4);
				 *0x6e407028 = _t6;
				if(_t6 != 0) {
					L8:
					_t19 = 0;
					_t15 = 0x6e405c70;
					while(1) {
						 *((intOrPtr*)(_t19 + _t6)) = _t15;
						_t15 = _t15 + 0x20;
						_t19 = _t19 + 4;
						if(_t15 >= 0x6e405ef0) {
							break;
						}
						_t6 =  *0x6e407028;
					}
					_t27 = 0xfffffffe;
					_t20 = 0;
					_t16 = 0x6e405c80;
					do {
						_t10 =  *((intOrPtr*)(((_t20 & 0x0000001f) << 6) +  *((intOrPtr*)(0x6e408060 + (_t20 >> 5) * 4))));
						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
							 *_t16 = _t27;
						}
						_t16 = _t16 + 0x20;
						_t20 = _t20 + 1;
					} while (_t16 < 0x6e405ce0);
					return 0;
				} else {
					 *0x6e408040 = _t26;
					_t6 = E6E3E947F(_t26, 4);
					 *0x6e407028 = _t6;
					if(_t6 != 0) {
						goto L8;
					} else {
						_t12 = 0x1a;
						return _t12;
					}
				}
			}

0x6e3ef974
0x6e3ef97c
0x6e3ef97f
0x6e3ef98a
0x6e3ef98c
0x00000000
0x6e3ef98c
0x6e3ef981
0x6e3ef981
0x6e3ef98e
0x6e3ef98e
0x6e3ef98e
0x6e3ef996
0x6e3ef99d
0x6e3ef9a4
0x6e3ef9c4
0x6e3ef9c4
0x6e3ef9c6
0x6e3ef9d2
0x6e3ef9d2
0x6e3ef9d5
0x6e3ef9d8
0x6e3ef9e1
0x00000000
0x00000000
0x6e3ef9cd
0x6e3ef9cd
0x6e3ef9e5
0x6e3ef9e6
0x6e3ef9e8
0x6e3ef9ee
0x6e3efa02
0x6e3efa08
0x6e3efa12
0x6e3efa12
0x6e3efa14
0x6e3efa17
0x6e3efa18
0x6e3efa24
0x6e3ef9a6
0x6e3ef9a9
0x6e3ef9af
0x6e3ef9b6
0x6e3ef9bd
0x00000000
0x6e3ef9bf
0x6e3ef9c1
0x6e3ef9c3
0x6e3ef9c3
0x6e3ef9bd

APIs

__calloc_crt.LIBCMT ref: 6E3EF996
__calloc_crt.LIBCMT ref: 6E3EF9AF

Strings

\@n, xrefs: 6E3EFA18
@p@n, xrefs: 6E3EF9C6

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __calloc_crt
String ID: @p@n$\@n
API String ID: 3494438863-3469735361
Opcode ID: d15e0aeaa65acde05898e1611d0dd0b13e3f32d2f4f056ab5dddacba86410f4b
Instruction ID: 84eb0e95f6e1b4d995f9553fc7829ffb34e90abc5dec25a7c23a9ab97af676a0
Opcode Fuzzy Hash: d15e0aeaa65acde05898e1611d0dd0b13e3f32d2f4f056ab5dddacba86410f4b
Instruction Fuzzy Hash: 49113A72318A216BE754AFBDBD50B942396A74B338735423BF585EF6C0E7B4C8818641

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E46A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E4E46CD
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E4E4730

Part of subcall function 6E50684B: _Yarn.LIBCPMT ref: 6E50686A
Part of subcall function 6E50684B: _Yarn.LIBCPMT ref: 6E50688E

__CxxThrowException@8.LIBVCRUNTIME ref: 6E4E4769

Strings

bad locale name, xrefs: 6E4E4753

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw
String ID: bad locale name
API String ID: 3628047217-1405518554
Opcode ID: 09a32ba915ab3bf20cd181ec31148a59b5b1389a5f9231e5cb2ea24b3d05e827
Instruction ID: c1d621df82dd854f503d65b770fc59901d21832ccc3ceb39717e96105877d073
Opcode Fuzzy Hash: 09a32ba915ab3bf20cd181ec31148a59b5b1389a5f9231e5cb2ea24b3d05e827
Instruction Fuzzy Hash: 24219270805B84DED721CFA8C504B8BBFF8EF15314F108A9ED45597B81D7B9A608CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E536715 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E536744

Strings

p8Un, xrefs: 6E536728

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free
String ID: p8Un
API String ID: 269201875-231026406
Opcode ID: faf07c65f008f542bac892b8e644ad684faad0b9226336678da90797ad513d52
Instruction ID: 1af5ae74f9e887d671962da9566b317683f57c897ee0de1e33836c3deffdfd76
Opcode Fuzzy Hash: faf07c65f008f542bac892b8e644ad684faad0b9226336678da90797ad513d52
Instruction Fuzzy Hash: 73F0F93256C7216EE20496F1A805BCB77DDAF82378F30081EE20956180FBE11C0146E9

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DD000 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 6E3DD00E
__wcsicoll.LIBCMT ref: 6E3DD02D

Strings

gzip, xrefs: 6E3DD017
1.2.1, xrefs: 6E3DD037

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __wcsicoll_memset
String ID: 1.2.1$gzip
API String ID: 3893915231-2519208098
Opcode ID: 261ec28a760e0f9d57cc6607de8ff49bb367820db5f6f22b9ce8c744dddc574c
Instruction ID: b0902d56040ab6e9f008d607298a843e7023d88ed8af89a165714eaddea58cb4
Opcode Fuzzy Hash: 261ec28a760e0f9d57cc6607de8ff49bb367820db5f6f22b9ce8c744dddc574c
Instruction Fuzzy Hash: 9BF0A4B2A00311AFD3205FDA9C84967F7ECEF64764B508C3EF2C9D6200E37098028B90

Uniqueness

Uniqueness Score: -1.00%

Function 6E3EE1F8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E6E3EE1F8() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x6e3fce60;
					_v28 =  *0x6e3fce58;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x6e3ee1fd
0x6e3ee205
0x6e3ee21c
0x6e3ee1c8
0x6e3ee1d1
0x6e3ee1dd
0x6e3ee1e0
0x6e3ee1e3
0x6e3ee1e5
0x6e3ee1e8
0x6e3ee1ed
0x6e3ee1f7
0x6e3ee1ef
0x6e3ee1f3
0x6e3ee1f3
0x6e3ee207
0x6e3ee20d
0x6e3ee215
0x00000000
0x6e3ee217
0x6e3ee217
0x6e3ee21b
0x6e3ee21b
0x6e3ee215

APIs

GetModuleHandleA.KERNEL32(KERNEL32,6E3E4974), ref: 6E3EE1FD
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 6E3EE20D

Strings

IsProcessorFeaturePresent, xrefs: 6E3EE207
KERNEL32, xrefs: 6E3EE1F8

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: a0383c99ddce0cc7dd6be2ee90c199ad41f6808859086467e0bc48fd5ce77359
Instruction ID: 151fd7f5f2ad85ea32aa315319710f585600f810413eb06deb7c61cec373c51a
Opcode Fuzzy Hash: a0383c99ddce0cc7dd6be2ee90c199ad41f6808859086467e0bc48fd5ce77359
Instruction Fuzzy Hash: FDF03031A50A2AD2DF002BE6A91D26F7F7DBFD1742F920490D192B4189DF318075D296

Uniqueness

Uniqueness Score: -1.00%

Function 6E526A9E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,?,6E526B6E,00000000), ref: 6E526AB4
FreeLibrary.KERNEL32(00000000,00000000,?,6E526B6E,00000000), ref: 6E526AC3
_free.LIBCMT ref: 6E526ACA

Strings

nkRn, xrefs: 6E526AA4, 6E526AC9

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CloseFreeHandleLibrary_free
String ID: nkRn
API String ID: 621396759-2629306468
Opcode ID: fad2a4bb3d9dc0bf0309ed8927f2e44fcfba7e29186745c54a8806f3276907f1
Instruction ID: 167556422c653848badc7d10c0f322b025789c40e5183d54530993ae431d7294
Opcode Fuzzy Hash: fad2a4bb3d9dc0bf0309ed8927f2e44fcfba7e29186745c54a8806f3276907f1
Instruction Fuzzy Hash: CAE08632005B15EFC7215E81E404BA77BD9FF51325F15C439E52A125A0CBB5A891DB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D3370 Relevance: 6.3, APIs: 5, Instructions: 77
stringCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E6E3D3370(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t12;
				void* _t20;
				int _t24;
				void* _t29;
				int _t31;
				char* _t34;

				_t20 = __edx;
				_t34 = _a4;
				_t17 = __ecx;
				if(_t34 != 0) {
					_t24 = lstrlenA(_t34) + 1;
					E6E3D3270(_t17, _t20, _t24, _t34, _t17, _t24,  &(_t17[1]), 0x80);
					_t19 = _a8;
					_t12 = MultiByteToWideChar(_a8, 0, _t34, _t24,  *_t17, _t24);
					asm("sbb esi, esi");
					_t29 =  ~_t12 + 1;
					if(_t29 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t31 = MultiByteToWideChar(_a8, 0, _t34, _t24, 0, 0);
							E6E3D3270(_t17, _a8, _t24, _t34, _t17, _t31,  &(_t17[1]), 0x80);
							_t19 = _a8;
							_t12 = MultiByteToWideChar(_a8, 0, _t34, _t24,  *_t17, _t31);
							asm("sbb esi, esi");
							_t29 =  ~_t12 + 1;
						}
						if(_t29 != 0) {
							_t12 = L6E3D30D0(_t17, _t19, _t24, _t29);
						}
					}
					return _t12;
				} else {
					 *__ecx = _t34;
					return __eax;
				}
			}

0x6e3d3370
0x6e3d3372
0x6e3d3376
0x6e3d337a
0x6e3d3397
0x6e3d339a
0x6e3d33a1
0x6e3d33af
0x6e3d33b9
0x6e3d33bb
0x6e3d33be
0x6e3d33c0
0x6e3d33c9
0x6e3d33de
0x6e3d33eb
0x6e3d33f2
0x6e3d3400
0x6e3d340a
0x6e3d340c
0x6e3d340c
0x6e3d340f
0x6e3d3411
0x6e3d3411
0x6e3d340f
0x6e3d341a
0x6e3d337c
0x6e3d337c
0x6e3d3380
0x6e3d3380

APIs

lstrlenA.KERNEL32(?,?,?,77143130,?,6E3D7D82,\Xv",00000003,6E3FB8C4,00000000,?), ref: 6E3D3386
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001,?,?,2276585C,?), ref: 6E3D33AF
GetLastError.KERNEL32(?,?,2276585C,?), ref: 6E3D33C0
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000,?,?,2276585C,?), ref: 6E3D33D8
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000,?,?,?,?,?,?,2276585C,?), ref: 6E3D3400

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: 2956b12e6f27f690eb5faed0f80e706b7943b94805193b737920549120e451c3
Instruction ID: b0cc16c38a2e6a7bff370eaf47ed337b814f6a731b38790c3fc720d0d254824a
Opcode Fuzzy Hash: 2956b12e6f27f690eb5faed0f80e706b7943b94805193b737920549120e451c3
Instruction Fuzzy Hash: 1C11B276600214BBD7309651DC88F377B6CEF86BA5F104554FD969A285CA26AC0CC6B4

Uniqueness

Uniqueness Score: -1.00%

Function 6E52E3EA Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6E52E475
__alldvrm.LIBCMT ref: 6E52E676
__alldvrm.LIBCMT ref: 6E52E698

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: f033c30289c091aac3af9ee64290f7472340659fcc28e10edc36f4c36155a3c0
Instruction ID: 302f035085ff28199d725f1be338f507da44da35155fc4f6197c0b5b2c154a93
Opcode Fuzzy Hash: f033c30289c091aac3af9ee64290f7472340659fcc28e10edc36f4c36155a3c0
Instruction Fuzzy Hash: 23A16372A143869FE713CFB8C890BAEBBE4EF52310F1445B9E5859B2C1DB389941CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E500A90 Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 6E505AE3: EnterCriticalSection.KERNEL32(6E568168,?,00000004,?,6E4ED921,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage), ref: 6E505AEE
Part of subcall function 6E505AE3: LeaveCriticalSection.KERNEL32(6E568168,?,6E4ED921,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A,000000A4), ref: 6E505B1A

FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,77143C50,?,?,6E4FF50B,-00000010), ref: 6E500ACE
FindResourceW.KERNEL32(00000000,?,00000006,?,77143C50,?,?,6E4FF50B,-00000010), ref: 6E500B17
WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,?,?,77143C50,?,?,6E4FF50B), ref: 6E500B4C
WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6E500B87

Part of subcall function 6E4E6440: __CxxThrowException@8.LIBVCRUNTIME ref: 6E4E6457

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ByteCharCriticalFindMultiResourceSectionWide$EnterException@8LeaveThrow
String ID:
API String ID: 1459132382-0
Opcode ID: 1e476a8711d943c26096d099b70aaf76d40e5d10be4642bebc609730cdecf6d0
Instruction ID: 82ebce7896be9ba95bbd397f44d8266a6d90c2c740b7b68bcc82ab411dc9adb1
Opcode Fuzzy Hash: 1e476a8711d943c26096d099b70aaf76d40e5d10be4642bebc609730cdecf6d0
Instruction Fuzzy Hash: 3431C371A41920AFE7119EA4CC95FBAB7EC9B41715F00456AFE05DB280EB71AC1187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3F09BD Relevance: 6.1, APIs: 4, Instructions: 103
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E3F09BD(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E6E3E36EA( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E6E3EA8C6( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E6E3E575A(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

0x6e3f09c7
0x6e3f09ce
0x6e3f09e5
0x00000000
0x6e3f09d5
0x6e3f09d7
0x6e3f09f1
0x6e3f09f6
0x6e3f09f9
0x6e3f09fc
0x6e3f0a25
0x6e3f0a2c
0x6e3f0a2e
0x6e3f0aaf
0x6e3f0aca
0x6e3f0acc
0x6e3f0a0c
0x6e3f0a0c
0x6e3f0a0f
0x6e3f0a11
0x6e3f0a14
0x6e3f0a14
0x6e3f0a14
0x6e3f0a14
0x00000000
0x6e3f0a1a
0x6e3f0a8e
0x6e3f0a8e
0x6e3f0a93
0x6e3f0a99
0x6e3f0a9c
0x6e3f0a9e
0x6e3f0aa1
0x6e3f0aa1
0x6e3f0aa1
0x6e3f0aa1
0x00000000
0x6e3f0aa5
0x6e3f0a30
0x6e3f0a33
0x6e3f0a39
0x6e3f0a3c
0x6e3f0a63
0x6e3f0a66
0x6e3f0a6c
0x00000000
0x00000000
0x6e3f0a6e
0x6e3f0a71
0x00000000
0x00000000
0x6e3f0a73
0x6e3f0a73
0x6e3f0a79
0x6e3f0a7c
0x6e3f09ea
0x6e3f09ea
0x6e3f0a85
0x00000000
0x6e3f0a85
0x6e3f0a3e
0x6e3f0a41
0x00000000
0x00000000
0x6e3f0a45
0x6e3f0a56
0x6e3f0a5c
0x6e3f0a5e
0x6e3f0a61
0x00000000
0x00000000
0x00000000
0x6e3f0a61
0x6e3f09fe
0x6e3f0a01
0x6e3f0a03
0x6e3f0a09
0x6e3f0a09
0x00000000
0x6e3f09d9
0x6e3f09d9
0x6e3f09de
0x6e3f09e2
0x6e3f09e2
0x00000000
0x6e3f09de
0x6e3f09d7

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6E3F09F1
__isleadbyte_l.LIBCMT ref: 6E3F0A25
MultiByteToWideChar.KERNEL32(00000080,00000009,6E3E40B5,?,00000000,00000000,?,?,?,?,6E3E40B5,00000000,?), ref: 6E3F0A56
MultiByteToWideChar.KERNEL32(00000080,00000009,6E3E40B5,00000001,00000000,00000000,?,?,?,?,6E3E40B5,00000000,?), ref: 6E3F0AC4

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: b7155d6f101a55303b30a6420af40cc72ab4f8cfbf4d228279b5012b9fe37d4a
Instruction ID: 83a75dbb83e2178619e5873937161a171b4920f0081d1c9976bf01b060171ef1
Opcode Fuzzy Hash: b7155d6f101a55303b30a6420af40cc72ab4f8cfbf4d228279b5012b9fe37d4a
Instruction Fuzzy Hash: 54319131914256EFEF10CFA8C891EAE7BB5EF01311B1585A9E4A59B1E0F332D942CF61

Uniqueness

Uniqueness Score: -1.00%

Function 6E52C027 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 080aa0ef926da31fe485e0ee3379467b915e59b608c218fbc78d1ba74aaf54e2
Instruction ID: 699269e3e2b4aa23eff2f5db9263ed8914a146a1eaccefed82050dcc2cebe9fa
Opcode Fuzzy Hash: 080aa0ef926da31fe485e0ee3379467b915e59b608c218fbc78d1ba74aaf54e2
Instruction Fuzzy Hash: A9018FB2649616BEFA5159F96CC0F6B239CEF827BCB210735B6255D2C2DF60CC104568

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DF530 Relevance: 6.1, APIs: 4, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E3DF530() {
				char _v4;
				char _v12;
				intOrPtr* _v16;
				void* __ecx;
				signed int _t27;
				intOrPtr* _t40;
				intOrPtr* _t49;
				signed int _t54;

				_push(0xffffffff);
				_push(E6E3FA811);
				_push( *[fs:0x0]);
				_push(_t40);
				_t27 =  *0x6e405204; // 0x2276585c
				_push(_t27 ^ _t54);
				 *[fs:0x0] =  &_v12;
				_t49 = _t40;
				_v16 = _t49;
				_t3 = _t49 + 0x24; // 0x6c
				InitializeCriticalSection(_t3);
				 *_t49 = 0;
				 *((intOrPtr*)(_t49 + 8)) = 0;
				 *((intOrPtr*)(_t49 + 0xc)) = 0;
				 *((intOrPtr*)(_t49 + 4)) = 0;
				 *((intOrPtr*)(_t49 + 0x18)) = 0;
				 *((intOrPtr*)(_t49 + 0x1c)) = 0;
				 *((intOrPtr*)(_t49 + 0x10)) = 0;
				 *((intOrPtr*)(_t49 + 0x20)) = GetTickCount();
				_t11 = _t49 + 0x64; // 0xac
				_v4 = 0;
				InitializeCriticalSection(_t11);
				 *((intOrPtr*)(_t49 + 0x40)) = 0;
				 *((intOrPtr*)(_t49 + 0x48)) = 0;
				 *((intOrPtr*)(_t49 + 0x4c)) = 0;
				 *((intOrPtr*)(_t49 + 0x44)) = 0;
				 *((intOrPtr*)(_t49 + 0x58)) = 0;
				 *((intOrPtr*)(_t49 + 0x5c)) = 0;
				 *((intOrPtr*)(_t49 + 0x50)) = 0;
				 *((intOrPtr*)(_t49 + 0x60)) = GetTickCount();
				_t21 = _t49 + 0x80; // 0xc8
				_v4 = 1;
				E6E3D4BD0(_t21);
				_t23 = _t49 + 0x20b0; // 0x20f8
				_v4 = 2;
				E6E3D4BD0(_t23);
				 *[fs:0x0] = _v12;
				return _t49;
			}

0x6e3df530
0x6e3df532
0x6e3df53d
0x6e3df53e
0x6e3df543
0x6e3df54a
0x6e3df54f
0x6e3df555
0x6e3df557
0x6e3df561
0x6e3df565
0x6e3df56f
0x6e3df571
0x6e3df574
0x6e3df577
0x6e3df57a
0x6e3df57d
0x6e3df580
0x6e3df585
0x6e3df588
0x6e3df58c
0x6e3df590
0x6e3df592
0x6e3df595
0x6e3df598
0x6e3df59b
0x6e3df59e
0x6e3df5a1
0x6e3df5a4
0x6e3df5a9
0x6e3df5ac
0x6e3df5b2
0x6e3df5b7
0x6e3df5bc
0x6e3df5c2
0x6e3df5c7
0x6e3df5d2
0x6e3df5e1

APIs

InitializeCriticalSection.KERNEL32(0000006C,2276585C,00000000,00000000,?,?,00000048,00000000,6E3FA811,000000FF,6E3E0310), ref: 6E3DF565
GetTickCount.KERNEL32 ref: 6E3DF583
InitializeCriticalSection.KERNEL32(000000AC,?,?,00000048,00000000,6E3FA811,000000FF,6E3E0310), ref: 6E3DF590
GetTickCount.KERNEL32 ref: 6E3DF5A7

Part of subcall function 6E3D4BD0: InitializeCriticalSection.KERNEL32(000020DC,00000048,6E3DF5BC,?,?,00000048,00000000,6E3FA811,000000FF,6E3E0310), ref: 6E3D4BDA

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalInitializeSection$CountTick
String ID:
API String ID: 4078479706-0
Opcode ID: fddc80ffceac298fe2b2f891a22cf4a750c5b48a61027ae0b81479ae5b82e575
Instruction ID: 350dc426721bfff2ce3e4e5f05c92c8671527263816144dd68e7ee64cc3fccf2
Opcode Fuzzy Hash: fddc80ffceac298fe2b2f891a22cf4a750c5b48a61027ae0b81479ae5b82e575
Instruction Fuzzy Hash: 6E21B4B1804B548FC321CF2AD840A57FBE8FFA9614F004A5FD1DA83A21D7B5A509CB55

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DB710 Relevance: 6.1, APIs: 4, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E3DB710(void* __ebx, void* __edx, void* __ebp) {
				char _v4;
				char _v12;
				intOrPtr* _v16;
				void* __edi;
				void* __esi;
				signed int _t19;
				void* _t22;
				void* _t23;
				struct _CRITICAL_SECTION* _t27;
				void* _t32;
				intOrPtr* _t33;
				void* _t39;
				void* _t41;
				intOrPtr* _t45;
				void* _t48;
				signed int _t49;

				_t48 = __ebp;
				_t39 = __edx;
				_t32 = __ebx;
				_push(0xffffffff);
				_push(E6E3FA462);
				_push( *[fs:0x0]);
				_push(_t33);
				_t19 =  *0x6e405204; // 0x2276585c
				_push(_t19 ^ _t49);
				 *[fs:0x0] =  &_v12;
				_t45 = _t33;
				_v16 = _t45;
				 *_t45 = 0x6e3fbcac;
				_t22 =  *(_t45 + 0x59c);
				_t41 = CloseHandle;
				_v4 = 3;
				if(_t22 != 0) {
					CloseHandle(_t22);
				}
				_t23 =  *(_t45 + 0x598);
				if(_t23 != 0) {
					CloseHandle(_t23);
				}
				_t53 =  *((intOrPtr*)(_t45 + 0x5bc)) - 0x10;
				if( *((intOrPtr*)(_t45 + 0x5bc)) >= 0x10) {
					E6E3E2756(_t32, _t41, _t45, _t53,  *((intOrPtr*)(_t45 + 0x5a8)));
					_t49 = _t49 + 4;
				}
				 *((intOrPtr*)(_t45 + 0x5bc)) = 0xf;
				 *((intOrPtr*)(_t45 + 0x5b8)) = 0;
				 *((char*)(_t45 + 0x5a8)) = 0;
				E6E3DABE0(_t39);
				_v4 = 2;
				E6E3DA4C0(_t48);
				_v4 = 1;
				E6E3DA780(_t48);
				_t27 = _t45 + 0x74;
				DeleteCriticalSection(_t27);
				DeleteCriticalSection(_t45 + 0x34);
				 *[fs:0x0] = _v12;
				return _t27;
			}

0x6e3db710
0x6e3db710
0x6e3db710
0x6e3db710
0x6e3db712
0x6e3db71d
0x6e3db71e
0x6e3db721
0x6e3db728
0x6e3db72d
0x6e3db733
0x6e3db735
0x6e3db739
0x6e3db73f
0x6e3db745
0x6e3db74b
0x6e3db755
0x6e3db758
0x6e3db758
0x6e3db75a
0x6e3db762
0x6e3db765
0x6e3db765
0x6e3db767
0x6e3db76e
0x6e3db777
0x6e3db77c
0x6e3db77c
0x6e3db77f
0x6e3db789
0x6e3db799
0x6e3db7a0
0x6e3db7ab
0x6e3db7b0
0x6e3db7bb
0x6e3db7c0
0x6e3db7cb
0x6e3db7cf
0x6e3db7d5
0x6e3db7db
0x6e3db7e8

APIs

CloseHandle.KERNEL32(?,2276585C,?,?,?,00000000,6E3FA462,000000FF,6E3DFC79), ref: 6E3DB758
CloseHandle.KERNEL32(00000000,2276585C,?,?,?,00000000,6E3FA462,000000FF,6E3DFC79), ref: 6E3DB765
DeleteCriticalSection.KERNEL32(?,2276585C,?,?,?,00000000,6E3FA462,000000FF,6E3DFC79), ref: 6E3DB7CF
DeleteCriticalSection.KERNEL32(?), ref: 6E3DB7D5

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CloseCriticalDeleteHandleSection
String ID:
API String ID: 1370521891-0
Opcode ID: 12617195af952c88261aa6bea287980dd128f0cfd63d830d60324b0e2bf4d0fc
Instruction ID: 360c40a0b94a56acd84b3f91daf4b6b0f6f1ef8319a229e6f741d439b7ec670d
Opcode Fuzzy Hash: 12617195af952c88261aa6bea287980dd128f0cfd63d830d60324b0e2bf4d0fc
Instruction Fuzzy Hash: E7216AB2508B41DBD720DF64CD44B97BBECAF55314F10081DE4AA87381DB35A008CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E518E37 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 6E518E51

Part of subcall function 6E518D9E: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 6E518DCD
Part of subcall function 6E518D9E: ___AdjustPointer.LIBCMT ref: 6E518DE8

_UnwindNestedFrames.LIBCMT ref: 6E518E66
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 6E518E77
CallCatchBlock.LIBVCRUNTIME ref: 6E518E9F

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 4b48c05fa13aa3778f8a10b61deae1e88182b12b12e3bdd8342ff4835f35a8b6
Instruction ID: 106342833dcbf10a429fd5abe4badcc3cdb959b5e0f68e80df38f7e6aa3d9425
Opcode Fuzzy Hash: 4b48c05fa13aa3778f8a10b61deae1e88182b12b12e3bdd8342ff4835f35a8b6
Instruction Fuzzy Hash: 0A012972108209BBEF125ED5CC40EEB7BAEFF89758F044504FE1866120C332E861DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E512DB0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E5689B8,00000000,?,6E512C85,?,00001000,?,00000000,00001000,00000000,?), ref: 6E512DB9
LeaveCriticalSection.KERNEL32(6E5689B8,00000000,?,GenuineIntel:0f8bfbff,?,6E512C85,?,00001000,?,00000000,00001000,00000000,?), ref: 6E512DE2
LeaveCriticalSection.KERNEL32(6E5689B8,00001000,00000000,?), ref: 6E512E3B

Strings

GenuineIntel:0f8bfbff, xrefs: 6E512DBF, 6E512DC8, 6E512E03

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID: GenuineIntel:0f8bfbff
API String ID: 2978645861-3106914364
Opcode ID: 75b6d19f77f6bebcf66ce5aa19465c74ddbd5e6b27fd599a1119aa79ec8094e4
Instruction ID: 71f53574d07a45da911d761589a835dfac888ae955d84d4046823dfa82caf5f9
Opcode Fuzzy Hash: 75b6d19f77f6bebcf66ce5aa19465c74ddbd5e6b27fd599a1119aa79ec8094e4
Instruction Fuzzy Hash: 0801F57650C501ABFB010EE9EC44BE57FE8AB8B294F044225FC155B251CB319846D792

Uniqueness

Uniqueness Score: -1.00%

Function 6E53078D Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6E530734,?,00000000,00000000,00000000,?,6E530A12,00000006,FlsSetValue), ref: 6E5307BF
GetLastError.KERNEL32(?,6E530734,?,00000000,00000000,00000000,?,6E530A12,00000006,FlsSetValue,6E554210,FlsSetValue,00000000,00000364,?,6E52CCC3), ref: 6E5307CB
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6E530734,?,00000000,00000000,00000000,?,6E530A12,00000006,FlsSetValue,6E554210,FlsSetValue,00000000), ref: 6E5307D9

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 977b42eaa2c7391473953e5f6d3fe9ea264674dd8aa450bfeb0635f3471966dd
Instruction ID: 7109d64583068639456edbd1ffb254a115c1b8efb0555ef6ce7a3e955be18d69
Opcode Fuzzy Hash: 977b42eaa2c7391473953e5f6d3fe9ea264674dd8aa450bfeb0635f3471966dd
Instruction Fuzzy Hash: 3901F7326A6732EBCB118EAD9C44A5B7BD8AF067A07320631F905D7140FB60D802CAF0

Uniqueness

Uniqueness Score: -1.00%

Function 6E3EE0C3 Relevance: 6.0, APIs: 4, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E3EE0C3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E6E3ED9B4(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E6E3EDAA4(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E6E3EDFC9(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E6E3EDF0E(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x6e3ee0c8
0x6e3ee0ce
0x6e3ee141
0x00000000
0x6e3ee0d5
0x6e3ee0d5
0x6e3ee0d8
0x6e3ee0f3
0x6e3ee0f6
0x6e3ee116
0x6e3ee128
0x6e3ee0f8
0x6e3ee0f8
0x6e3ee0fb
0x00000000
0x6e3ee0fd
0x6e3ee10f
0x6e3ee10f
0x6e3ee0fb
0x6e3ee146
0x6e3ee14a
0x6e3ee0da
0x6e3ee0f2
0x6e3ee0f2
0x6e3ee0d8

APIs

__cftof_l.LIBCMT ref: 6E3EE0E9

Part of subcall function 6E3EDF0E: __fltout2.LIBCMT ref: 6E3EDF3A

__cftog_l.LIBCMT ref: 6E3EE10F
__cftoe_l.LIBCMT ref: 6E3EE141

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 4910224bbbfbd712700e2c658d33647803f8f3b8dbc4f982acb528d65c46af95
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: 93119D3240029EBFCF124EC5DC118EE3F36BF49298F458416FA2858520C737C5B2AB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D7E90 Relevance: 6.0, APIs: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3D7E90(void* __ecx, void* __edx) {
				void* _t9;
				struct _CRITICAL_SECTION* _t11;
				void* _t14;
				void* _t16;

				_t14 = __edx;
				_t16 = __ecx;
				_t11 = __ecx + 0x24;
				EnterCriticalSection(_t11);
				_t15 = GetTickCount() -  *((intOrPtr*)(_t16 + 0x20));
				if(GetTickCount() -  *((intOrPtr*)(_t16 + 0x20)) < 0x3e8) {
					_t15 = 0x3e8;
				}
				_t9 = E6E3E4380(E6E3E4430( *((intOrPtr*)(_t16 + 0x18)),  *((intOrPtr*)(_t16 + 0x1c)), 0x3e8, 0), _t14, _t15, 0);
				LeaveCriticalSection(_t11);
				return _t9;
			}

0x6e3d7e90
0x6e3d7e92
0x6e3d7e95
0x6e3d7e99
0x6e3d7ea8
0x6e3d7eb0
0x6e3d7eb2
0x6e3d7eb2
0x6e3d7ed0
0x6e3d7ed8
0x6e3d7ee3

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,6E3D8363,?,?,15555555), ref: 6E3D7E99
GetTickCount.KERNEL32 ref: 6E3D7E9F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E3D7ED0
LeaveCriticalSection.KERNEL32(?,00000000,?,?,00000000,?,?,000003E8,00000000,?,?,6E3D8363,?,?,15555555), ref: 6E3D7ED8

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$CountEnterLeaveTickUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 3524143045-0
Opcode ID: 2ebf8465bb963d3d681a3c194f7cfe778ff51162c09f5af5c3066c7a30418593
Instruction ID: 81829b4eaae827b0e7db9a1b038ea5c297b7f38c61fde7b152d7156231b3ff5d
Opcode Fuzzy Hash: 2ebf8465bb963d3d681a3c194f7cfe778ff51162c09f5af5c3066c7a30418593
Instruction Fuzzy Hash: 08F082B2A007106BD23057A8DC88F5AB2ACAB89711F100A1AF546D7584DA70FC05C660

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E9F16 Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E6E3E9F16(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x6e403510);
				E6E3E55C4(__ebx, __edi, __esi);
				_t28 = E6E3E8EEA(__ebx, __edx, __edi, _t30);
				_t13 =  *0x6e405af4; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E6E3E59C3(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x6e405bd8; // 0x6e405b00
					 *((intOrPtr*)(_t29 - 0x1c)) = E6E3E9ED8(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E6E3E9F80();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E6E3E8EEA(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E6E3E74EA(_t25, _t26, 0x20);
				}
				return E6E3E5609(_t28);
			}

0x6e3e9f16
0x6e3e9f16
0x6e3e9f16
0x6e3e9f16
0x6e3e9f16
0x6e3e9f18
0x6e3e9f1d
0x6e3e9f27
0x6e3e9f29
0x6e3e9f31
0x6e3e9f55
0x6e3e9f57
0x6e3e9f5d
0x6e3e9f61
0x6e3e9f64
0x6e3e9f6f
0x6e3e9f72
0x6e3e9f79
0x6e3e9f33
0x6e3e9f33
0x6e3e9f37
0x00000000
0x6e3e9f39
0x6e3e9f3e
0x6e3e9f3e
0x6e3e9f37
0x6e3e9f43
0x6e3e9f47
0x6e3e9f4c
0x6e3e9f54

APIs

__getptd.LIBCMT ref: 6E3E9F22

Part of subcall function 6E3E8EEA: __getptd_noexit.LIBCMT ref: 6E3E8EED
Part of subcall function 6E3E8EEA: __amsg_exit.LIBCMT ref: 6E3E8EFA

__getptd.LIBCMT ref: 6E3E9F39
__amsg_exit.LIBCMT ref: 6E3E9F47
__lock.LIBCMT ref: 6E3E9F57

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: 1675314d7257820d084ec2b171bf45a6ef47956e69e3e6a8295942f2b30c9ff2
Instruction ID: 47c268444169b9d6ba8ed34d002b782c4d7d4c6e53f46142d475ddba91d747e8
Opcode Fuzzy Hash: 1675314d7257820d084ec2b171bf45a6ef47956e69e3e6a8295942f2b30c9ff2
Instruction Fuzzy Hash: B1F09032940720DBDB64EFF48410BCD73A8AF8072AF00499BD0946BAC0DB349902CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DD380 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3DD380(void* __eflags, intOrPtr _a4, char _a8, intOrPtr _a12) {
				void* __ebx;
				long _t4;
				void* _t9;
				void* _t10;
				long _t14;

				_t4 = GetLastError();
				_t1 =  &_a8; // 0x2276585c
				_t14 = _t4;
				_t10 = E6E3DD280(_t9, _a4, _a4,  *_t1, _a12);
				if(GetLastError() != _t14) {
					SetLastError(_t14);
				}
				return _t10;
			}

0x6e3dd389
0x6e3dd38b
0x6e3dd393
0x6e3dd3a4
0x6e3dd3aa
0x6e3dd3ad
0x6e3dd3ad
0x6e3dd3b8

APIs

GetLastError.KERNEL32(?,?,00000049,6E3DD5AD,00000049,00000000,00000040,?,?,6E3DEF73,?,00001FFF,?), ref: 6E3DD389
GetLastError.KERNEL32(?,?), ref: 6E3DD3A6
SetLastError.KERNEL32(00000000,?,?), ref: 6E3DD3AD

Strings

\Xv", xrefs: 6E3DD38B, 6E3DD39A

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ErrorLast
String ID: \Xv"
API String ID: 1452528299-1849003930
Opcode ID: 5d292aa7165ae9e1533d11223142d1cd3992f902fb592befec2a7e812b1b2666
Instruction ID: aaa08c85856efbf2bdfa95559df3acfd997c9970112813f0e263703bf0a25156
Opcode Fuzzy Hash: 5d292aa7165ae9e1533d11223142d1cd3992f902fb592befec2a7e812b1b2666
Instruction Fuzzy Hash: 25E08CB62012115BC600EA68EC84CAFB3ECEEC9664B110929F444C3200D764DC098EB1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D4310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299
networkCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E3D4310(void* __ebp, void* __eflags, int* _a4, long _a16, intOrPtr* _a28, char _a32, char _a36, char _a40, char _a272, void* _a284, intOrPtr _a288, char _a296, short _a300, intOrPtr _a308, short _a316, char _a320, intOrPtr _a324, intOrPtr _a328, intOrPtr _a332, void _a340, char _a341, char _a4384, char _a4396, signed int _a4408, intOrPtr _a4412, int _a4420, short _a4424, signed int _a4436, char _a4440, void* _a4456, int* _a4460) {
				intOrPtr _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char* _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				short _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t99;
				signed int _t101;
				int _t106;
				int* _t107;
				int* _t112;
				void* _t118;
				void* _t120;
				void* _t122;
				void* _t123;
				void* _t131;
				void* _t134;
				void* _t140;
				intOrPtr* _t146;
				intOrPtr _t150;
				intOrPtr* _t153;
				intOrPtr _t157;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t190;
				intOrPtr _t195;
				int* _t203;
				intOrPtr _t204;
				intOrPtr _t208;
				int* _t213;
				signed int _t214;
				signed int _t215;

				_push(0xffffffff);
				_push(E6E3F9B7E);
				_push( *[fs:0x0]);
				E6E3E3480(0x1164);
				_t99 =  *0x6e405204; // 0x2276585c
				_a4436 = _t99 ^ _t214;
				_push(__ebp);
				_t101 =  *0x6e405204; // 0x2276585c
				_push(_t101 ^ _t214);
				 *[fs:0x0] =  &_a4440;
				_t206 = _a4456;
				_t203 = _a4460;
				_a16 = 0x1000;
				_a340 = 0;
				E6E3E2850(_t203,  &_a341, 0, 0xfff);
				_t215 = _t214 + 0xc;
				_t197 =  &_a340;
				_t106 = InternetQueryOptionW(_a4456, 0x26,  &_a340,  &_a16);
				 *_t203 = _t106;
				if(_t106 == 0) {
					L13:
					_push(0xffffffff);
					_t107 =  &(_t203[0x11]);
					_push(0);
					_t198 = 0;
					_push(_t107);
					_a4 = _t107;
					_a320 = 7;
					_a316 = 0;
					_a300 = 0;
					E6E3D2590( &_a296);
					_a4420 = 2;
					if(E6E3D3110(L"http=", 0, 5) != 0xffffffff) {
						_t140 = E6E3D36C0( &_v40, _t109 + 5, 0xffffffff);
						_push(0xffffffff);
						_push(0);
						_push(_t140);
						_a4408 = 3;
						E6E3D2590( &_a272);
						_a4396 = 2;
						_t227 = _v40 - 8;
						if(_v40 >= 8) {
							E6E3E2756(8, _t203, _t206, _t227, _v48);
							_t215 = _t215 + 4;
						}
					}
					if(E6E3D3110(";", 0, 1) != 0xffffffff) {
						_t198 =  &_v40;
						_t134 = E6E3D36C0( &_v40, 0, _t110);
						_push(0xffffffff);
						_push(0);
						_push(_t134);
						_a4408 = 4;
						E6E3D2590( &_a272);
						_a4396 = 2;
						_t229 = _v40 - 8;
						if(_v40 >= 8) {
							E6E3E2756(8, _t203, _t206, _t229, _v48);
							_t215 = _t215 + 4;
						}
					}
					if(E6E3D3110(" ", 0, 1) != 0xffffffff) {
						_t131 = E6E3D36C0( &_v40, 0, _t111);
						_push(0xffffffff);
						_push(0);
						_push(_t131);
						_a4408 = 5;
						E6E3D2590( &_a272);
						_a4396 = 2;
						_t231 = _v40 - 8;
						if(_v40 >= 8) {
							_t198 = _v48;
							E6E3E2756(8, _t203, _t206, _t231, _v48);
							_t215 = _t215 + 4;
						}
					}
					_t112 = E6E3D3110(":", 0, 1);
					_t207 = _t112;
					if(_t112 != 0xffffffff) {
						_t118 = E6E3D36C0( &_v40, 0, _t207);
						_push(0xffffffff);
						_push(0);
						_t213 =  &(_t203[0x18]);
						_push(_t118);
						_a4408 = 6;
						E6E3D2590(_t213);
						_a4396 = 2;
						_t233 = _v40 - 8;
						if(_v40 >= 8) {
							E6E3E2756(8, _t203, _t207, _t233, _v48);
							_t215 = _t215 + 4;
						}
						_t120 = E6E3D36C0( &_v52,  &(_t207[0]), 0xffffffff);
						_push(0xffffffff);
						_push(0);
						_t207 =  &(_t203[0x1f]);
						_push(_t120);
						_a4396 = 7;
						E6E3D2590(_t207);
						_a4384 = 2;
						_t234 = _v52 - 8;
						if(_v52 >= 8) {
							E6E3E2756(8, _t203, _t207, _t234, _v60);
							_t215 = _t215 + 4;
						}
						_push(":");
						_push(_t213);
						_t122 = E6E3D3700(8, _t213,  &_v28);
						_push(_t207);
						_push(_t122);
						_t198 =  &_v64;
						_a4396 = 8;
						_t123 = E6E3D37D0(8, _t213, _t234,  &_v64);
						_t215 = _t215 + 0x18;
						_push(0xffffffff);
						_push(0);
						_push(_t123);
						_a4396 = 9;
						E6E3D2590(_v32);
						_t235 = _v52 - 8;
						if(_v52 >= 8) {
							E6E3E2756(8, _t203, _t207, _t235, _v72);
							_t215 = _t215 + 4;
						}
						_v52 = 7;
						_v56 = 0;
						_v72 = 0;
						_t236 = _v16 - 8;
						if(_v16 >= 8) {
							_t198 = _v36;
							E6E3E2756(8, _t203, _t207, _t236, _v36);
							_t215 = _t215 + 4;
						}
					}
					_t237 = _a308 - 8;
					if(_a308 >= 8) {
						E6E3E2756(8, _t203, _t207, _t237, _a288);
						_t215 = _t215 + 4;
					}
					 *[fs:0x0] = _a4412;
					_pop(_t204);
					_pop(_t208);
					_pop(_t161);
					return E6E3E2840(1, _t161, _a4408 ^ _t215, _t198, _t204, _t208);
				} else {
					_t162 = _a328;
					if(_a324 == 3) {
						_t203[9] = 2;
					}
					_t143 = _a332;
					if(_a332 == 0) {
						L8:
						if(_t162 == 0) {
							goto L13;
						}
						_a36 =  &_a40;
						E6E3D3370( &_a40,  &_a36, _t197, _t162, 3);
						_t200 = _a28;
						_t146 = _a28;
						_a4424 = 1;
						_t206 = _t146 + 2;
						do {
							_t190 =  *_t146;
							_t146 = _t146 + 2;
						} while (_t190 != 0);
						E6E3D2690( &(_t203[0x11]), 0, _t200, _t146 - _t206 >> 1);
						_t150 = _a28;
						_a4424 = 0xffffffff;
						_t225 = _t150 -  &_a32;
						if(_t150 !=  &_a32) {
							_push(_t150);
							E6E3E27B2(_t162, _t203, _t206, _t225);
							_t215 = _t215 + 4;
						}
						goto L13;
					} else {
						_a36 =  &_a40;
						E6E3D3370(_t143,  &_a36, _t197, _t143, 3);
						_t201 = _a28;
						_t153 = _a28;
						_a4424 = 0;
						_t206 = _t153 + 2;
						do {
							_t195 =  *_t153;
							_t153 = _t153 + 2;
						} while (_t195 != 0);
						E6E3D2690( &(_t203[0xa]), 0, _t201, _t153 - _t206 >> 1);
						_t157 = _a28;
						_t197 =  &_a32;
						_a4424 = 0xffffffff;
						_t222 = _t157 -  &_a32;
						if(_t157 !=  &_a32) {
							_push(_t157);
							E6E3E27B2(_t162, _t203, _t206, _t222);
							_t215 = _t215 + 4;
						}
						goto L8;
					}
				}
			}

0x6e3d4310
0x6e3d4312
0x6e3d431d
0x6e3d4323
0x6e3d4328
0x6e3d432f
0x6e3d4337
0x6e3d433a
0x6e3d4341
0x6e3d4349
0x6e3d434f
0x6e3d4356
0x6e3d436d
0x6e3d4375
0x6e3d437d
0x6e3d4382
0x6e3d438a
0x6e3d4395
0x6e3d439b
0x6e3d439f
0x6e3d448e
0x6e3d448e
0x6e3d4490
0x6e3d4493
0x6e3d4494
0x6e3d4496
0x6e3d449e
0x6e3d44a2
0x6e3d44ad
0x6e3d44b4
0x6e3d44bc
0x6e3d44d0
0x6e3d44e8
0x6e3d44fc
0x6e3d4501
0x6e3d4503
0x6e3d4504
0x6e3d450c
0x6e3d4514
0x6e3d4519
0x6e3d4521
0x6e3d4525
0x6e3d452c
0x6e3d4531
0x6e3d4531
0x6e3d4525
0x6e3d454b
0x6e3d454f
0x6e3d455b
0x6e3d4560
0x6e3d4562
0x6e3d4563
0x6e3d456b
0x6e3d4573
0x6e3d4578
0x6e3d4580
0x6e3d4584
0x6e3d458b
0x6e3d4590
0x6e3d4590
0x6e3d4584
0x6e3d45aa
0x6e3d45ba
0x6e3d45bf
0x6e3d45c1
0x6e3d45c2
0x6e3d45ca
0x6e3d45d2
0x6e3d45d7
0x6e3d45df
0x6e3d45e3
0x6e3d45e5
0x6e3d45ea
0x6e3d45ef
0x6e3d45ef
0x6e3d45e3
0x6e3d4601
0x6e3d4606
0x6e3d460b
0x6e3d461f
0x6e3d4624
0x6e3d4626
0x6e3d4628
0x6e3d462b
0x6e3d462e
0x6e3d4636
0x6e3d463b
0x6e3d4643
0x6e3d4647
0x6e3d464e
0x6e3d4653
0x6e3d4653
0x6e3d4666
0x6e3d466b
0x6e3d466d
0x6e3d466f
0x6e3d4672
0x6e3d4675
0x6e3d467d
0x6e3d4682
0x6e3d468a
0x6e3d468e
0x6e3d4695
0x6e3d469a
0x6e3d469a
0x6e3d469d
0x6e3d46a6
0x6e3d46a8
0x6e3d46ad
0x6e3d46ae
0x6e3d46af
0x6e3d46b4
0x6e3d46bb
0x6e3d46c0
0x6e3d46c7
0x6e3d46c9
0x6e3d46cb
0x6e3d46cc
0x6e3d46d4
0x6e3d46d9
0x6e3d46dd
0x6e3d46e4
0x6e3d46e9
0x6e3d46e9
0x6e3d46ee
0x6e3d46f6
0x6e3d46fe
0x6e3d4703
0x6e3d4707
0x6e3d4709
0x6e3d470e
0x6e3d4713
0x6e3d4713
0x6e3d4707
0x6e3d4716
0x6e3d471d
0x6e3d4727
0x6e3d472c
0x6e3d472c
0x6e3d473b
0x6e3d4743
0x6e3d4744
0x6e3d4746
0x6e3d475b
0x6e3d43a5
0x6e3d43ad
0x6e3d43b4
0x6e3d43b6
0x6e3d43b6
0x6e3d43bd
0x6e3d43c6
0x6e3d4429
0x6e3d442b
0x00000000
0x00000000
0x6e3d4438
0x6e3d443c
0x6e3d4441
0x6e3d4445
0x6e3d4447
0x6e3d4452
0x6e3d4455
0x6e3d4455
0x6e3d4458
0x6e3d445b
0x6e3d4469
0x6e3d446e
0x6e3d4476
0x6e3d4481
0x6e3d4483
0x6e3d4485
0x6e3d4486
0x6e3d448b
0x6e3d448b
0x00000000
0x6e3d43c8
0x6e3d43ce
0x6e3d43d7
0x6e3d43dc
0x6e3d43e0
0x6e3d43e2
0x6e3d43e9
0x6e3d43f0
0x6e3d43f0
0x6e3d43f3
0x6e3d43f6
0x6e3d4404
0x6e3d4409
0x6e3d440d
0x6e3d4411
0x6e3d441c
0x6e3d441e
0x6e3d4420
0x6e3d4421
0x6e3d4426
0x6e3d4426
0x00000000
0x6e3d441e
0x6e3d43c6

APIs

_memset.LIBCMT ref: 6E3D437D
InternetQueryOptionW.WININET(?,00000026,?,?), ref: 6E3D4395

Strings

http=, xrefs: 6E3D44C4

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: InternetOptionQuery_memset
String ID: http=
API String ID: 2350689127-2945583409
Opcode ID: 8e0d279f4f6d5a70917dfd873f702178c5451ad8e8046013184fed8e65c5abf2
Instruction ID: a7f06054c26ab1478910f3f487577304946a7dfc6d1461f3ae6f7f78db98acbc
Opcode Fuzzy Hash: 8e0d279f4f6d5a70917dfd873f702178c5451ad8e8046013184fed8e65c5abf2
Instruction Fuzzy Hash: 0CB163B2508341ABD724DBA4CC54BDBB7E8AF95314F004E1DF1A997290EB71A50DCB93

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E0D90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6E3E0D90(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t106;
				intOrPtr* _t109;
				intOrPtr* _t111;
				intOrPtr* _t112;
				intOrPtr _t115;
				intOrPtr* _t116;
				intOrPtr* _t119;
				intOrPtr _t127;
				intOrPtr _t129;
				intOrPtr* _t131;
				void* _t135;
				intOrPtr* _t136;
				intOrPtr* _t140;
				intOrPtr _t141;
				intOrPtr* _t144;
				intOrPtr _t147;
				intOrPtr* _t148;
				char* _t150;
				intOrPtr _t155;
				intOrPtr _t159;
				intOrPtr _t160;
				void* _t170;
				intOrPtr* _t172;
				intOrPtr _t181;
				intOrPtr* _t184;
				intOrPtr* _t187;
				intOrPtr* _t191;
				void* _t193;
				signed int _t194;
				void* _t195;

				_t170 = __edx;
				_push(0xffffffff);
				_push(E6E3FA9C8);
				_push( *[fs:0x0]);
				_t194 = _t193 - 0x48;
				_push(_t135);
				_t106 =  *0x6e405204; // 0x2276585c
				_push(_t106 ^ _t194);
				 *[fs:0x0] = _t194 + 0x5c;
				_t191 = __ecx;
				_t109 =  *((intOrPtr*)(_t194 + 0x74));
				if( *((char*)(_t109 + 0x11)) != 0) {
					 *((intOrPtr*)(_t194 + 0x38)) = 0xf;
					 *((intOrPtr*)(_t194 + 0x34)) = 0;
					 *((char*)(_t194 + 0x24)) = 0;
					E6E3D59F0(_t135, _t194 + 0x20, "invalid map/set<T> iterator", 0x1b);
					 *((intOrPtr*)(_t194 + 0x68)) = 0;
					E6E3D5E40(0, _t194 + 0x18);
					 *((intOrPtr*)(_t194 + 0x3c)) = 0x6e3fc2d8;
					_t109 = E6E3E3041(_t194 + 0x38, 0x6e402e94);
				}
				_t136 = _t109;
				 *((intOrPtr*)(_t194 + 0x14)) = _t136;
				E6E3E0460(_t194 + 0x70, _t170);
				_t144 =  *_t136;
				if( *((char*)(_t144 + 0x11)) == 0) {
					__eflags =  *((char*)( *((intOrPtr*)(_t136 + 8)) + 0x11));
					if(__eflags == 0) {
						_t111 =  *((intOrPtr*)(_t194 + 0x74));
						_t184 =  *((intOrPtr*)(_t111 + 8));
						_t172 = _t111 + 8;
						__eflags = _t111 - _t136;
						if(__eflags != 0) {
							 *((intOrPtr*)(_t144 + 4)) = _t111;
							 *_t111 =  *_t136;
							__eflags = _t111 -  *((intOrPtr*)(_t136 + 8));
							if(_t111 !=  *((intOrPtr*)(_t136 + 8))) {
								__eflags =  *((char*)(_t184 + 0x11));
								_t187 =  *((intOrPtr*)(_t111 + 4));
								if( *((char*)(_t184 + 0x11)) == 0) {
									 *((intOrPtr*)(_t184 + 4)) = _t187;
								}
								 *_t187 = _t184;
								 *_t172 =  *((intOrPtr*)(_t136 + 8));
								 *((intOrPtr*)( *((intOrPtr*)(_t136 + 8)) + 4)) = _t111;
							} else {
								_t187 = _t111;
							}
							_t147 =  *((intOrPtr*)(_t191 + 0x18));
							__eflags =  *((intOrPtr*)(_t147 + 4)) - _t136;
							if( *((intOrPtr*)(_t147 + 4)) != _t136) {
								_t148 =  *((intOrPtr*)(_t136 + 4));
								__eflags =  *_t148 - _t136;
								if( *_t148 != _t136) {
									 *((intOrPtr*)(_t148 + 8)) = _t111;
								} else {
									 *_t148 = _t111;
								}
							} else {
								 *((intOrPtr*)(_t147 + 4)) = _t111;
							}
							 *((intOrPtr*)(_t111 + 4)) =  *((intOrPtr*)(_t136 + 4));
							_t150 = _t136 + 0x10;
							_t112 = _t111 + 0x10;
							__eflags = _t112 - _t150;
							if(__eflags != 0) {
								 *_t112 =  *_t150;
								 *_t150 =  *_t112;
							}
							goto L35;
						}
					} else {
						_t184 = _t144;
					}
					goto L7;
				} else {
					_t184 =  *((intOrPtr*)(_t136 + 8));
					L7:
					_t187 =  *((intOrPtr*)(_t136 + 4));
					if( *((char*)(_t184 + 0x11)) == 0) {
						 *((intOrPtr*)(_t184 + 4)) = _t187;
					}
					_t127 =  *((intOrPtr*)(_t191 + 0x18));
					if( *((intOrPtr*)(_t127 + 4)) != _t136) {
						__eflags =  *_t187 - _t136;
						if(__eflags != 0) {
							 *((intOrPtr*)(_t187 + 8)) = _t184;
						} else {
							 *_t187 = _t184;
						}
					} else {
						 *((intOrPtr*)(_t127 + 4)) = _t184;
					}
					_t140 =  *((intOrPtr*)(_t191 + 0x18));
					_t30 = _t194 + 0x14; // 0x2276585c
					if( *_t140 ==  *_t30) {
						if( *((char*)(_t184 + 0x11)) == 0) {
							_t131 = E6E3E0440(_t184);
							_t194 = _t194 + 4;
						} else {
							_t131 = _t187;
						}
						 *_t140 = _t131;
					}
					_t141 =  *((intOrPtr*)(_t191 + 0x18));
					_t33 = _t194 + 0x14; // 0x2276585c
					if( *((intOrPtr*)(_t141 + 8)) ==  *_t33) {
						if( *((char*)(_t184 + 0x11)) == 0) {
							_t129 = E6E3E0420(_t184);
							_t194 = _t194 + 4;
							 *((intOrPtr*)(_t141 + 8)) = _t129;
						} else {
							 *((intOrPtr*)(_t141 + 8)) = _t187;
						}
					}
					L35:
					_t54 = _t194 + 0x14; // 0x2276585c
					if( *((intOrPtr*)( *_t54 + 0x10)) != 1) {
						L60:
						_t98 = _t194 + 0x14; // 0x2276585c
						E6E3E2756(1, _t184, _t187, _t214,  *_t98);
						_t115 =  *((intOrPtr*)(_t191 + 0x1c));
						_t195 = _t194 + 4;
						if(_t115 > 0) {
							 *((intOrPtr*)(_t191 + 0x1c)) = _t115 - 1;
						}
						_t116 =  *((intOrPtr*)(_t195 + 0x6c));
						 *_t116 =  *_t191;
						 *((intOrPtr*)(_t116 + 4)) =  *((intOrPtr*)(_t195 + 0x74));
						 *[fs:0x0] =  *((intOrPtr*)(_t195 + 0x5c));
						return _t116;
					}
					if(_t184 ==  *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x18)) + 4))) {
						L59:
						 *((char*)(_t184 + 0x10)) = 1;
						goto L60;
					}
					while( *((intOrPtr*)(_t184 + 0x10)) == 1) {
						_t119 =  *_t187;
						if(_t184 != _t119) {
							__eflags =  *((char*)(_t119 + 0x10));
							if( *((char*)(_t119 + 0x10)) == 0) {
								 *((char*)(_t119 + 0x10)) = 1;
								 *((char*)(_t187 + 0x10)) = 0;
								E6E3E0530(_t191, _t187);
								_t119 =  *_t187;
							}
							__eflags =  *((char*)(_t119 + 0x11));
							if( *((char*)(_t119 + 0x11)) != 0) {
								L54:
								_t184 = _t187;
								_t187 =  *((intOrPtr*)(_t187 + 4));
								__eflags = _t184 -  *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x18)) + 4));
								if(__eflags != 0) {
									continue;
								}
								goto L59;
							} else {
								_t159 =  *((intOrPtr*)(_t119 + 8));
								__eflags =  *((intOrPtr*)(_t159 + 0x10)) - 1;
								if( *((intOrPtr*)(_t159 + 0x10)) != 1) {
									L56:
									_t160 =  *_t119;
									__eflags =  *((intOrPtr*)(_t160 + 0x10)) - 1;
									if( *((intOrPtr*)(_t160 + 0x10)) == 1) {
										 *((char*)( *((intOrPtr*)(_t119 + 8)) + 0x10)) = 1;
										 *((char*)(_t119 + 0x10)) = 0;
										E6E3DF6F0(_t191, _t119);
										_t119 =  *_t187;
									}
									 *((char*)(_t119 + 0x10)) =  *((intOrPtr*)(_t187 + 0x10));
									 *((char*)(_t187 + 0x10)) = 1;
									 *((char*)( *_t119 + 0x10)) = 1;
									E6E3E0530(_t191, _t187);
									goto L59;
								}
								_t181 =  *_t119;
								__eflags =  *((intOrPtr*)(_t181 + 0x10)) - 1;
								if( *((intOrPtr*)(_t181 + 0x10)) != 1) {
									goto L56;
								}
								L53:
								 *((char*)(_t119 + 0x10)) = 0;
								goto L54;
							}
						}
						_t119 =  *((intOrPtr*)(_t187 + 8));
						if( *((char*)(_t119 + 0x10)) == 0) {
							 *((char*)(_t119 + 0x10)) = 1;
							 *((char*)(_t187 + 0x10)) = 0;
							E6E3DF6F0(_t191, _t187);
							_t119 =  *((intOrPtr*)(_t187 + 8));
						}
						if( *((char*)(_t119 + 0x11)) != 0) {
							goto L54;
						} else {
							if( *((intOrPtr*)( *_t119 + 0x10)) != 1 ||  *((intOrPtr*)( *((intOrPtr*)(_t119 + 8)) + 0x10)) != 1) {
								_t155 =  *((intOrPtr*)(_t119 + 8));
								_t214 =  *((intOrPtr*)(_t155 + 0x10)) - 1;
								if( *((intOrPtr*)(_t155 + 0x10)) == 1) {
									 *((char*)( *_t119 + 0x10)) = 1;
									 *((char*)(_t119 + 0x10)) = 0;
									E6E3E0530(_t191, _t119);
									_t119 =  *((intOrPtr*)(_t187 + 8));
								}
								 *((char*)(_t119 + 0x10)) =  *((intOrPtr*)(_t187 + 0x10));
								 *((char*)(_t187 + 0x10)) = 1;
								 *((char*)( *((intOrPtr*)(_t119 + 8)) + 0x10)) = 1;
								E6E3DF6F0(_t191, _t187);
								goto L59;
							} else {
								goto L53;
							}
						}
					}
					goto L59;
				}
			}

0x6e3e0d90
0x6e3e0d90
0x6e3e0d92
0x6e3e0d9d
0x6e3e0d9e
0x6e3e0da1
0x6e3e0da5
0x6e3e0dac
0x6e3e0db1
0x6e3e0db7
0x6e3e0db9
0x6e3e0dc1
0x6e3e0dd0
0x6e3e0dd8
0x6e3e0ddc
0x6e3e0de1
0x6e3e0def
0x6e3e0df3
0x6e3e0e02
0x6e3e0e0a
0x6e3e0e0a
0x6e3e0e0f
0x6e3e0e15
0x6e3e0e19
0x6e3e0e1e
0x6e3e0e24
0x6e3e0e2e
0x6e3e0e32
0x6e3e0e38
0x6e3e0e3c
0x6e3e0e3f
0x6e3e0e42
0x6e3e0e44
0x6e3e0eb1
0x6e3e0eb6
0x6e3e0eb8
0x6e3e0ebb
0x6e3e0ec1
0x6e3e0ec5
0x6e3e0ec8
0x6e3e0eca
0x6e3e0eca
0x6e3e0ecd
0x6e3e0ed2
0x6e3e0ed7
0x6e3e0ebd
0x6e3e0ebd
0x6e3e0ebd
0x6e3e0eda
0x6e3e0edd
0x6e3e0ee0
0x6e3e0ee7
0x6e3e0eea
0x6e3e0eec
0x6e3e0ef2
0x6e3e0eee
0x6e3e0eee
0x6e3e0eee
0x6e3e0ee2
0x6e3e0ee2
0x6e3e0ee2
0x6e3e0ef8
0x6e3e0efb
0x6e3e0efe
0x6e3e0f01
0x6e3e0f03
0x6e3e0f09
0x6e3e0f0b
0x6e3e0f0b
0x00000000
0x6e3e0f03
0x6e3e0e34
0x6e3e0e34
0x6e3e0e34
0x00000000
0x6e3e0e26
0x6e3e0e26
0x6e3e0e46
0x6e3e0e4a
0x6e3e0e4d
0x6e3e0e4f
0x6e3e0e4f
0x6e3e0e52
0x6e3e0e58
0x6e3e0e5f
0x6e3e0e61
0x6e3e0e67
0x6e3e0e63
0x6e3e0e63
0x6e3e0e63
0x6e3e0e5a
0x6e3e0e5a
0x6e3e0e5a
0x6e3e0e6a
0x6e3e0e6f
0x6e3e0e73
0x6e3e0e79
0x6e3e0e80
0x6e3e0e85
0x6e3e0e7b
0x6e3e0e7b
0x6e3e0e7b
0x6e3e0e88
0x6e3e0e88
0x6e3e0e8a
0x6e3e0e8d
0x6e3e0e94
0x6e3e0e9a
0x6e3e0ea4
0x6e3e0ea9
0x6e3e0eac
0x6e3e0e9c
0x6e3e0e9e
0x6e3e0e9e
0x6e3e0e9a
0x6e3e0f0d
0x6e3e0f0d
0x6e3e0f16
0x6e3e101b
0x6e3e101b
0x6e3e1020
0x6e3e1025
0x6e3e1028
0x6e3e102d
0x6e3e1030
0x6e3e1030
0x6e3e1033
0x6e3e103e
0x6e3e1040
0x6e3e1047
0x6e3e1056
0x6e3e1056
0x6e3e0f22
0x6e3e1018
0x6e3e1018
0x00000000
0x6e3e1018
0x6e3e0f30
0x6e3e0f39
0x6e3e0f3d
0x6e3e0fa4
0x6e3e0fa8
0x6e3e0faa
0x6e3e0fb0
0x6e3e0fb4
0x6e3e0fb9
0x6e3e0fb9
0x6e3e0fbb
0x6e3e0fbf
0x6e3e0fd4
0x6e3e0fd7
0x6e3e0fd9
0x6e3e0fdc
0x6e3e0fdf
0x00000000
0x00000000
0x00000000
0x6e3e0fc1
0x6e3e0fc1
0x6e3e0fc4
0x6e3e0fc7
0x6e3e0fe7
0x6e3e0fe7
0x6e3e0fe9
0x6e3e0fec
0x6e3e0ff1
0x6e3e0ff7
0x6e3e0ffb
0x6e3e1000
0x6e3e1000
0x6e3e1005
0x6e3e1008
0x6e3e1010
0x6e3e1013
0x00000000
0x6e3e1013
0x6e3e0fc9
0x6e3e0fcb
0x6e3e0fce
0x00000000
0x00000000
0x6e3e0fd0
0x6e3e0fd0
0x00000000
0x6e3e0fd0
0x6e3e0fbf
0x6e3e0f3f
0x6e3e0f46
0x6e3e0f48
0x6e3e0f4e
0x6e3e0f52
0x6e3e0f57
0x6e3e0f57
0x6e3e0f5e
0x00000000
0x6e3e0f60
0x6e3e0f65
0x6e3e0f6f
0x6e3e0f72
0x6e3e0f75
0x6e3e0f79
0x6e3e0f7f
0x6e3e0f83
0x6e3e0f88
0x6e3e0f88
0x6e3e0f8e
0x6e3e0f91
0x6e3e0f9a
0x6e3e0f9d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3e0f65
0x6e3e0f5e
0x00000000
0x6e3e0f30

APIs

__CxxThrowException@8.LIBCMT ref: 6E3E0E0A

Part of subcall function 6E3E3041: RaiseException.KERNEL32(?,?,6E3D75C2,6E401DA8,?,?,?,6E3D30C7,6E3D75C2,6E401DA8,6E3D75C2,80070057), ref: 6E3E3083

Strings

\Xv", xrefs: 6E3E0F0D, 6E3E101B, 6E3E0E6F, 6E3E0E8D, 6E3E101F
invalid map/set<T> iterator, xrefs: 6E3E0DC7

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ExceptionException@8RaiseThrow
String ID: \Xv"$invalid map/set<T> iterator
API String ID: 3976011213-1185406384
Opcode ID: e358cb91e1edc2dfa471add985c3cc9baacc1e15188cce9500fa225a8910c6d7
Instruction ID: cc45f4e7b13144cb09100b18f4adf75d1d11ede3d842fa4a3f1be5fbbde70263
Opcode Fuzzy Hash: e358cb91e1edc2dfa471add985c3cc9baacc1e15188cce9500fa225a8910c6d7
Instruction Fuzzy Hash: 56A1AE70548791DFC705CFA8C090A46BBE5BF86304F1849AEE4954BB52EB71E889CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E528C0D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E528C9D

Strings

pow, xrefs: 6E528C75, 6E528C92

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: dfd98be4fe0014a8db86a8f5e5ec3b29986839ab5dfae7ccc6c8c3edc3220d0a
Instruction ID: 539caa26933e46b7a39d1578118f5f175de2425005715434ef5aa6e83dd1e12b
Opcode Fuzzy Hash: dfd98be4fe0014a8db86a8f5e5ec3b29986839ab5dfae7ccc6c8c3edc3220d0a
Instruction Fuzzy Hash: BF51CD65919A029ECB42A7D4C9113BA3BE4DB41701F308C79E1A1572ECFF3088969BC7

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E09E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 173
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E6E3E09E0(intOrPtr* __ecx) {
				void* __ebx;
				signed int _t82;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				intOrPtr* _t91;
				intOrPtr _t94;
				intOrPtr* _t100;
				void* _t106;
				intOrPtr* _t113;
				intOrPtr* _t115;
				intOrPtr* _t130;
				intOrPtr _t131;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr* _t137;
				intOrPtr _t140;
				intOrPtr* _t145;
				intOrPtr* _t148;
				intOrPtr _t149;
				intOrPtr _t153;
				void* _t155;
				signed int _t156;

				_t109 = __ecx;
				_push(0xffffffff);
				_push(E6E3FA998);
				_push( *[fs:0x0]);
				_t156 = _t155 - 0x44;
				_push(_t106);
				_t82 =  *0x6e405204; // 0x2276585c
				_push(_t82 ^ _t156);
				 *[fs:0x0] = _t156 + 0x58;
				_t145 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x1c)) >= 0x3ffffffe) {
					 *((intOrPtr*)(_t156 + 0x34)) = 0xf;
					 *((intOrPtr*)(_t156 + 0x30)) = 0;
					 *((char*)(_t156 + 0x20)) = 0;
					E6E3D59F0(_t106, _t156 + 0x1c, "map/set<T> too long", 0x13);
					_t7 = _t156 + 0x14; // 0x2276585c
					 *((intOrPtr*)(_t156 + 0x64)) = 0;
					E6E3D5E40(0, _t7);
					_t109 = _t156 + 0x34;
					 *((intOrPtr*)(_t156 + 0x38)) = 0x6e3fb8bc;
					E6E3E3041(_t156 + 0x34, 0x6e402178);
				}
				_t148 =  *((intOrPtr*)(_t156 + 0x70));
				_t153 = E6E3E05A0(_t109, 0,  *((intOrPtr*)(_t145 + 0x18)), _t148,  *((intOrPtr*)(_t145 + 0x18)),  *((intOrPtr*)(_t156 + 0x74)), 0);
				_t87 =  *((intOrPtr*)(_t145 + 0x18));
				 *((intOrPtr*)(_t145 + 0x1c)) =  *((intOrPtr*)(_t145 + 0x1c)) + 1;
				if(_t148 != _t87) {
					__eflags =  *((char*)(_t156 + 0x6c));
					if( *((char*)(_t156 + 0x6c)) == 0) {
						 *((intOrPtr*)(_t148 + 8)) = _t153;
						_t88 =  *((intOrPtr*)(_t145 + 0x18));
						__eflags = _t148 -  *((intOrPtr*)(_t88 + 8));
						if(_t148 ==  *((intOrPtr*)(_t88 + 8))) {
							 *((intOrPtr*)(_t88 + 8)) = _t153;
						}
					} else {
						 *_t148 = _t153;
						_t100 =  *((intOrPtr*)(_t145 + 0x18));
						__eflags = _t148 -  *_t100;
						if(_t148 ==  *_t100) {
							 *_t100 = _t153;
						}
					}
				} else {
					 *((intOrPtr*)(_t87 + 4)) = _t153;
					 *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x18)))) = _t153;
					 *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x18)) + 8)) = _t153;
				}
				_t30 = _t153 + 4; // 0x4
				_t89 = _t30;
				_t149 = _t153;
				if( *((char*)( *((intOrPtr*)(_t153 + 4)) + 0x10)) != 0) {
					L30:
					 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x18)) + 4)) + 0x10)) = 1;
					_t91 =  *((intOrPtr*)(_t156 + 0x68));
					 *((intOrPtr*)(_t91 + 4)) = _t153;
					 *_t91 =  *_t145;
					 *[fs:0x0] =  *((intOrPtr*)(_t156 + 0x58));
					return _t91;
				}
				do {
					_t113 =  *_t89;
					_t130 =  *((intOrPtr*)(_t113 + 4));
					if(_t113 !=  *_t130) {
						_t131 =  *_t130;
						__eflags =  *((char*)(_t131 + 0x10));
						if( *((char*)(_t131 + 0x10)) != 0) {
							__eflags = _t149 -  *_t113;
							if(_t149 ==  *_t113) {
								_t149 = _t113;
								E6E3E0530(_t145, _t149);
							}
							 *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x10)) = 1;
							 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)) + 0x10)) = 0;
							_t94 =  *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4));
							_t115 =  *((intOrPtr*)(_t94 + 8));
							 *((intOrPtr*)(_t94 + 8)) =  *_t115;
							_t134 =  *_t115;
							__eflags =  *((char*)(_t134 + 0x11));
							if( *((char*)(_t134 + 0x11)) == 0) {
								 *((intOrPtr*)(_t134 + 4)) = _t94;
							}
							 *((intOrPtr*)(_t115 + 4)) =  *((intOrPtr*)(_t94 + 4));
							_t136 =  *((intOrPtr*)(_t145 + 0x18));
							__eflags = _t94 -  *((intOrPtr*)(_t136 + 4));
							if(_t94 !=  *((intOrPtr*)(_t136 + 4))) {
								_t137 =  *((intOrPtr*)(_t94 + 4));
								__eflags = _t94 -  *_t137;
								if(_t94 !=  *_t137) {
									 *((intOrPtr*)(_t137 + 8)) = _t115;
								} else {
									 *_t137 = _t115;
								}
							} else {
								 *((intOrPtr*)(_t136 + 4)) = _t115;
							}
							 *_t115 = _t94;
							 *((intOrPtr*)(_t94 + 4)) = _t115;
						} else {
							 *((char*)(_t113 + 0x10)) = 1;
							 *((char*)(_t131 + 0x10)) = 1;
							 *((char*)( *((intOrPtr*)( *_t89 + 4)) + 0x10)) = 0;
							_t149 =  *((intOrPtr*)( *_t89 + 4));
						}
					} else {
						_t140 =  *((intOrPtr*)(_t130 + 8));
						if( *((char*)(_t140 + 0x10)) != 0) {
							__eflags = _t149 -  *((intOrPtr*)(_t113 + 8));
							if(_t149 ==  *((intOrPtr*)(_t113 + 8))) {
								_t149 = _t113;
								E6E3DF6F0(_t145, _t149);
							}
							 *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x10)) = 1;
							 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)) + 0x10)) = 0;
							E6E3E0530(_t145,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)));
						} else {
							 *((char*)(_t113 + 0x10)) = 1;
							 *((char*)(_t140 + 0x10)) = 1;
							 *((char*)( *((intOrPtr*)( *_t89 + 4)) + 0x10)) = 0;
							_t149 =  *((intOrPtr*)( *_t89 + 4));
						}
					}
					_t74 = _t149 + 4; // 0x4
					_t89 = _t74;
				} while ( *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x10)) == 0);
				goto L30;
			}

0x6e3e09e0
0x6e3e09e0
0x6e3e09e2
0x6e3e09ed
0x6e3e09ee
0x6e3e09f1
0x6e3e09f5
0x6e3e09fc
0x6e3e0a01
0x6e3e0a07
0x6e3e0a10
0x6e3e0a1f
0x6e3e0a27
0x6e3e0a2b
0x6e3e0a30
0x6e3e0a35
0x6e3e0a3e
0x6e3e0a42
0x6e3e0a4c
0x6e3e0a51
0x6e3e0a59
0x6e3e0a59
0x6e3e0a65
0x6e3e0a74
0x6e3e0a76
0x6e3e0a7e
0x6e3e0a83
0x6e3e0a95
0x6e3e0a9a
0x6e3e0aa9
0x6e3e0aac
0x6e3e0aaf
0x6e3e0ab2
0x6e3e0ab4
0x6e3e0ab4
0x6e3e0a9c
0x6e3e0a9c
0x6e3e0a9e
0x6e3e0aa1
0x6e3e0aa3
0x6e3e0aa5
0x6e3e0aa5
0x6e3e0aa3
0x6e3e0a85
0x6e3e0a85
0x6e3e0a8b
0x6e3e0a90
0x6e3e0a90
0x6e3e0abe
0x6e3e0abe
0x6e3e0ac1
0x6e3e0ac3
0x6e3e0bb5
0x6e3e0bbb
0x6e3e0bbe
0x6e3e0bc4
0x6e3e0bc7
0x6e3e0bcd
0x6e3e0bdc
0x6e3e0bdc
0x6e3e0ad0
0x6e3e0ad0
0x6e3e0ad2
0x6e3e0ad7
0x6e3e0b2a
0x6e3e0b2c
0x6e3e0b30
0x6e3e0b48
0x6e3e0b4a
0x6e3e0b4c
0x6e3e0b51
0x6e3e0b51
0x6e3e0b59
0x6e3e0b62
0x6e3e0b69
0x6e3e0b6c
0x6e3e0b71
0x6e3e0b74
0x6e3e0b76
0x6e3e0b7a
0x6e3e0b7c
0x6e3e0b7c
0x6e3e0b82
0x6e3e0b85
0x6e3e0b88
0x6e3e0b8b
0x6e3e0b92
0x6e3e0b95
0x6e3e0b97
0x6e3e0b9d
0x6e3e0b99
0x6e3e0b99
0x6e3e0b99
0x6e3e0b8d
0x6e3e0b8d
0x6e3e0b8d
0x6e3e0ba0
0x6e3e0ba2
0x6e3e0b32
0x6e3e0b32
0x6e3e0b35
0x6e3e0b3d
0x6e3e0b43
0x6e3e0b43
0x6e3e0ad9
0x6e3e0ad9
0x6e3e0ae0
0x6e3e0afb
0x6e3e0afe
0x6e3e0b00
0x6e3e0b05
0x6e3e0b05
0x6e3e0b0d
0x6e3e0b16
0x6e3e0b23
0x6e3e0ae2
0x6e3e0ae2
0x6e3e0ae5
0x6e3e0aed
0x6e3e0af3
0x6e3e0af3
0x6e3e0ae0
0x6e3e0bac
0x6e3e0bac
0x6e3e0bac
0x00000000

APIs

__CxxThrowException@8.LIBCMT ref: 6E3E0A59

Part of subcall function 6E3E3041: RaiseException.KERNEL32(?,?,6E3D75C2,6E401DA8,?,?,?,6E3D30C7,6E3D75C2,6E401DA8,6E3D75C2,80070057), ref: 6E3E3083

Strings

map/set<T> too long, xrefs: 6E3E0A16
\Xv", xrefs: 6E3E0A35, 6E3E0A39

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ExceptionException@8RaiseThrow
String ID: \Xv"$map/set<T> too long
API String ID: 3976011213-1830833334
Opcode ID: d4e597a9972f59312afa76b339f87a477f5e5fbf3756a6d7d6733e0ef0ea4106
Instruction ID: cb116a6f0ba062172dcdd026a0c15e577358d2604eabb9d6968205e0be6cca52
Opcode Fuzzy Hash: d4e597a9972f59312afa76b339f87a477f5e5fbf3756a6d7d6733e0ef0ea4106
Instruction Fuzzy Hash: 43714170608352DFC304CF58C090A56FBB5BB89314F558A8EE4995BB92DB71E882CFD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DBDA0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 155
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E3DBDA0(void* __ecx, intOrPtr _a4) {
				char _v0;
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t43;
				intOrPtr* _t50;
				intOrPtr _t55;
				char _t56;
				intOrPtr _t59;
				signed int _t64;
				char _t66;
				intOrPtr* _t74;
				intOrPtr _t76;
				signed int _t96;
				void* _t102;
				intOrPtr* _t103;
				void* _t104;
				void* _t106;
				void* _t108;
				intOrPtr _t110;
				signed int _t111;

				_push(0xffffffff);
				_push(E6E3FAB28);
				_push( *[fs:0x0]);
				_push(_t108);
				_t43 =  *0x6e405204; // 0x2276585c
				_push(_t43 ^ _t111);
				 *[fs:0x0] =  &_v12;
				_t106 = __ecx;
				_t74 = __ecx + 0x94;
				_t50 = (0x2aaaaaab * ( *((intOrPtr*)(__ecx + 0xa4)) -  *((intOrPtr*)(__ecx + 0xa0))) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(__ecx + 0xa4)) -  *((intOrPtr*)(__ecx + 0xa0))) >> 0x20 >> 1);
				if(_t50 == 0) {
					L31:
					 *[fs:0x0] = _v12;
					return _t50;
				}
				if( *((intOrPtr*)(__ecx + 0xac)) == 0) {
					if(_a4 >=  *((intOrPtr*)(__ecx + 0xb0)) + 1) {
						_t102 = __ecx + 0x45c0;
						E6E3DBCA0(__ecx, _t102);
						E6E3E4BA0(_t102,  *((intOrPtr*)(E6E3D8510(_t74, 0) + 8)), 0x7ff);
						_push(_t102);
						_t50 = E6E3D7C70(_t74, _t102, _t108, 0x6e4064d8, "[%u] UseRetryUrl %s", _t106);
						_t111 = _t111 + 0x1c;
						 *((intOrPtr*)(_t106 + 0xac)) = 1;
					}
				} else {
					_t103 =  *((intOrPtr*)(_t74 + 0xc));
					if(_t103 >  *((intOrPtr*)(_t74 + 0x10))) {
						E6E3E3E0D();
					}
					_t110 =  *_t74;
					while(1) {
						_t55 =  *((intOrPtr*)(_t74 + 0x10));
						_a4 = _t55;
						if( *((intOrPtr*)(_t74 + 0xc)) > _t55) {
							E6E3E3E0D();
						}
						_t50 =  *_t74;
						if(_t110 == 0 || _t110 != _t50) {
							_t50 = E6E3E3E0D();
						}
						if(_t103 == _a4) {
							goto L31;
						}
						if(_t110 != 0) {
							_t56 = _v0;
						} else {
							E6E3E3E0D();
							_t56 = 0;
						}
						if(_t103 >=  *((intOrPtr*)(_t56 + 0x10))) {
							E6E3E3E0D();
						}
						_t57 = _t106 + 0x45c0;
						if((0 | _t106 + 0x000045c0 != 0x00000000) == 0) {
							E6E3D30B0(_t74, _t103, _t106, _t110, 0x80004005);
							goto L25;
						} else {
							_t64 = E6E3E4B82( *((intOrPtr*)(_t103 + 8)), _t57);
							_t111 = _t111 + 8;
							if((_t64 & 0xffffff00 | _t64 == 0x00000000) != 0) {
								L25:
								_t59 =  *((intOrPtr*)(_t103 + 4));
								if(_t59 <  *((intOrPtr*)(_t106 + 0xb0))) {
									_t50 = _t59 + 1;
									 *((intOrPtr*)(_t103 + 4)) = _t50;
								} else {
									_t96 =  &_v0;
									 *((intOrPtr*)(_t103 + 4)) = 0;
									E6E3D8BC0(_t96,  *_t103);
									_t76 = _v8;
									_t104 = _t106 + 0x45c0;
									_v16 = 0;
									E6E3E4BA0(_t104, _t76, 0x7ff);
									_push(_t104);
									E6E3D7C70(_t76, _t104, _t110, 0x6e4064d8, "[%u] UseRetryUrl %s", _t106);
									_t50 = _t76 - 0x10;
									_t111 = _t111 + 0x1c;
									_v16 = 0xffffffff;
									asm("lock xadd [ecx], edx");
									if((_t96 | 0xffffffff) - 1 <= 0) {
										_t50 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t50)) + 4))))(_t50);
									}
								}
								goto L31;
							}
							if(_t110 != 0) {
								_t66 = _v0;
							} else {
								E6E3E3E0D();
								_t66 = 0;
							}
							if(_t103 >=  *((intOrPtr*)(_t66 + 0x10))) {
								E6E3E3E0D();
							}
							_t103 = _t103 + 0xc;
							continue;
						}
					}
				}
			}

0x6e3dbda0
0x6e3dbda2
0x6e3dbdad
0x6e3dbdaf
0x6e3dbdb2
0x6e3dbdb9
0x6e3dbdbe
0x6e3dbdc4
0x6e3dbdd2
0x6e3dbde6
0x6e3dbde8
0x6e3dbf77
0x6e3dbf7b
0x6e3dbf8a
0x6e3dbf8a
0x6e3dbdf5
0x6e3dbf2e
0x6e3dbf30
0x6e3dbf39
0x6e3dbf54
0x6e3dbf59
0x6e3dbf65
0x6e3dbf6a
0x6e3dbf6d
0x6e3dbf6d
0x6e3dbdfb
0x6e3dbdfb
0x6e3dbe01
0x6e3dbe03
0x6e3dbe03
0x6e3dbe08
0x6e3dbe10
0x6e3dbe10
0x6e3dbe13
0x6e3dbe1a
0x6e3dbe1c
0x6e3dbe1c
0x6e3dbe21
0x6e3dbe25
0x6e3dbe2b
0x6e3dbe2b
0x6e3dbe34
0x00000000
0x00000000
0x6e3dbe3c
0x6e3dbe90
0x6e3dbe3e
0x6e3dbe3e
0x6e3dbe43
0x6e3dbe43
0x6e3dbe48
0x6e3dbe4a
0x6e3dbe4a
0x6e3dbe51
0x6e3dbe5e
0x6e3dbe9f
0x00000000
0x6e3dbe60
0x6e3dbe65
0x6e3dbe6a
0x6e3dbe74
0x6e3dbea4
0x6e3dbea4
0x6e3dbead
0x6e3dbf1d
0x6e3dbf1e
0x6e3dbeaf
0x6e3dbeb2
0x6e3dbeb9
0x6e3dbec0
0x6e3dbec5
0x6e3dbece
0x6e3dbed6
0x6e3dbede
0x6e3dbee3
0x6e3dbeef
0x6e3dbef4
0x6e3dbef7
0x6e3dbefa
0x6e3dbf08
0x6e3dbf0f
0x6e3dbf19
0x6e3dbf19
0x6e3dbf0f
0x00000000
0x6e3dbead
0x6e3dbe78
0x6e3dbe95
0x6e3dbe7a
0x6e3dbe7a
0x6e3dbe7f
0x6e3dbe7f
0x6e3dbe84
0x6e3dbe86
0x6e3dbe86
0x6e3dbe8b
0x00000000
0x6e3dbe8b
0x6e3dbe5e
0x6e3dbe10

APIs

_strncpy.LIBCMT ref: 6E3DBEDE
_strncpy.LIBCMT ref: 6E3DBF54

Strings

[%u] UseRetryUrl %s, xrefs: 6E3DBEE5, 6E3DBF5B

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: _strncpy
String ID: [%u] UseRetryUrl %s
API String ID: 2961919466-3228011140
Opcode ID: 08b94acd81df94f2ab8a019e32056303f394466dbb0bff3d642d3f76d4c6577d
Instruction ID: 3173b7391ba705e7919aed89eee4eb1ec81b35196a471ca0f54c2744fae4acf3
Opcode Fuzzy Hash: 08b94acd81df94f2ab8a019e32056303f394466dbb0bff3d642d3f76d4c6577d
Instruction Fuzzy Hash: A251BEB22006019FD344DFA9D880B9BB7EDEFC5314F04496DE5A58F284DB31A809CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E502720 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360wpapp.exe,Path,00000001,?,?), ref: 6E5027AD

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

Part of subcall function 6E4ED8F0: FindResourceExW.KERNEL32(00000000,00000006,000000AD,00000000,00000000,?,00000004,000000AC,00000004,?,6E4ECB41,?,?,6E50116C,minipage,E97A779A), ref: 6E4ED946
Part of subcall function 6E4ED8F0: FindResourceW.KERNEL32(00000000,?,00000006,000000FF), ref: 6E4ED984

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360wpapp.exe, xrefs: 6E5027A3
Path, xrefs: 6E50279E

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: FindResource$HeapProcessValue
String ID: Path$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360wpapp.exe
API String ID: 2870785007-3402814642
Opcode ID: 1d20a835d083c611902daf8c1dad5a50f083ddee872115a5ba90811d9562d4b4
Instruction ID: ed457db839d2122620f2e512be131cb8329111175aa93543b7d4ad46cd627aa7
Opcode Fuzzy Hash: 1d20a835d083c611902daf8c1dad5a50f083ddee872115a5ba90811d9562d4b4
Instruction Fuzzy Hash: 7341D178940219ABDB54DFE4C859FEE77F8EF04708F00059DEA0AAB681EB305A458B91

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E6AD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6E4E6850: EnterCriticalSection.KERNEL32(6E565004,E97A779A,?,00000000,6E53CB5F,000000FF,?,6E50549D,00000000), ref: 6E4E6881
Part of subcall function 6E4E6850: LeaveCriticalSection.KERNEL32(6E565004,?,00000000,6E53CB5F,000000FF,?,6E50549D,00000000), ref: 6E4E68CA

SHGetValueW.SHLWAPI(80000001,00000010,showtime,00000001,?,00000104,?,E97A779A), ref: 6E4E6B81

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

HeapSize.KERNEL32(00000002,00000000,?,?,80004005,?,E97A779A), ref: 6E4E6C4B

Part of subcall function 6E4E91E0: FindResourceExW.KERNEL32(00000000,00000006,[jNn,00000000,00000000,?,?,?,6E4E6A5B,?), ref: 6E4E921E
Part of subcall function 6E4E91E0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,6E4E6A5B,?), ref: 6E4E9267

Strings

showtime, xrefs: 6E4E6B76

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalFindHeapResourceSection$EnterLeaveProcessSizeValue
String ID: showtime
API String ID: 3713552685-52727185
Opcode ID: b0ff179e2617734faa5b38149acde356ac82d560e1d94792d56fee2539b640a2
Instruction ID: 7a94d30a93a842a149f9780523929f8275694f7a118690ec663acb8b917946cc
Opcode Fuzzy Hash: b0ff179e2617734faa5b38149acde356ac82d560e1d94792d56fee2539b640a2
Instruction Fuzzy Hash: 2941DF71900218AFDB10DFA8CC48FDABBBCEF04314F104ADAEA15D7691DB749A40CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D7AD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113
timeCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E6E3D7AD0(void* __ebx, void* __edi, void* __ebp, void** _a4, intOrPtr _a8, char _a12) {
				intOrPtr _v4;
				char _v12;
				char _v20;
				struct _SYSTEMTIME _v160;
				intOrPtr _v164;
				char _v168;
				void* _v172;
				char _v176;
				char _v180;
				void* __esi;
				signed int _t42;
				intOrPtr _t46;
				intOrPtr _t55;
				void* _t68;
				void* _t94;
				void** _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				signed int _t102;

				_t100 = __ebp;
				_t94 = __edi;
				_t68 = __ebx;
				_push(0xffffffff);
				_push(E6E3F9EE6);
				_push( *[fs:0x0]);
				_t102 = _t101 - 0x9c;
				_t42 =  *0x6e405204; // 0x2276585c
				_push(_t42 ^ _t102);
				 *[fs:0x0] =  &_v12;
				if(_a8 != 0) {
					_t96 = _a4;
					__eflags =  *((intOrPtr*)(_t96 + 8));
					if( *((intOrPtr*)(_t96 + 8)) == 0) {
						goto L1;
					} else {
						__eflags =  *_t96;
						if( *_t96 == 0) {
							goto L1;
						} else {
							_t46 =  *0x6e406514; // 0x6e3fc5e4
							_t6 = _t46 + 0xc; // 0x6e3e24bc
							_t90 =  *_t6;
							_v168 =  *((intOrPtr*)( *_t6))() + 0x10;
							__eflags =  *((intOrPtr*)(_t96 + 4));
							_v4 = 0;
							if( *((intOrPtr*)(_t96 + 4)) != 0) {
								GetLocalTime( &_v160);
								_push(_v160.wMilliseconds & 0x0000ffff);
								_push(_v160.wSecond & 0x0000ffff);
								_push(_v160.wMinute & 0x0000ffff);
								_push(_v160.wHour & 0x0000ffff);
								_push(_v160.wDay & 0x0000ffff);
								_push(_v160.wMonth & 0x0000ffff);
								_t90 =  &_v168;
								E6E3D7960( &_v168, L"[%04d-%02d-%02d %02d:%02d:%02d.%03d] ", _v160.wYear & 0x0000ffff);
								_t102 = _t102 + 0x24;
							}
							_push( &_a12);
							_push(_a8);
							E6E3D7750( &_v168);
							E6E3D79E0(_t94, L"\r\n");
							__eflags =  *((intOrPtr*)(_t96 + 0xc));
							if( *((intOrPtr*)(_t96 + 0xc)) == 0) {
								_t27 =  &_v176; // 0x2276585c
								_v160.wHour =  &(_v160.wSecond);
								E6E3D7280( &(_v160.wSecond),  &(_v160.wHour), _t90,  *_t27, 3);
								_t91 = _v160.wYear;
								_v20 = 1;
								E6E3D6400(_t100, _v160.wYear);
								_t55 = _v164;
								__eflags = _t55 -  &_v160;
								if(__eflags != 0) {
									_push(_t55);
									E6E3E27B2(_t68, _t94, _t96, __eflags);
									_t102 = _t102 + 4;
								}
								_t98 = E6E3D70B0(_t96, _v172,  *((intOrPtr*)(_v172 - 0xc)));
								E6E3D4ED0( &_v180, _t91);
							} else {
								_t24 =  &_v176; // 0x2276585c
								_t91 =  *((intOrPtr*)( *_t24 - 0xc)) +  *((intOrPtr*)( *_t24 - 0xc));
								_t98 = E6E3D70B0(_t96,  *_t24,  *((intOrPtr*)( *_t24 - 0xc)) +  *((intOrPtr*)( *_t24 - 0xc)));
							}
							_t39 =  &_v176; // 0x2276585c
							E6E3D4ED0(_t39, _t91);
							 *[fs:0x0] = _v20;
							return _t98;
						}
					}
				} else {
					L1:
					 *[fs:0x0] = _v12;
					return 0;
				}
			}

0x6e3d7ad0
0x6e3d7ad0
0x6e3d7ad0
0x6e3d7ad0
0x6e3d7ad2
0x6e3d7add
0x6e3d7ade
0x6e3d7ae5
0x6e3d7aec
0x6e3d7af4
0x6e3d7b02
0x6e3d7b1d
0x6e3d7b24
0x6e3d7b28
0x00000000
0x6e3d7b2a
0x6e3d7b2a
0x6e3d7b2d
0x00000000
0x6e3d7b2f
0x6e3d7b2f
0x6e3d7b34
0x6e3d7b34
0x6e3d7b41
0x6e3d7b45
0x6e3d7b49
0x6e3d7b54
0x6e3d7b5b
0x6e3d7b70
0x6e3d7b76
0x6e3d7b7c
0x6e3d7b82
0x6e3d7b88
0x6e3d7b89
0x6e3d7b8b
0x6e3d7b95
0x6e3d7b9a
0x6e3d7b9a
0x6e3d7bab
0x6e3d7bac
0x6e3d7bb1
0x6e3d7bbf
0x6e3d7bc4
0x6e3d7bc8
0x6e3d7be1
0x6e3d7bf0
0x6e3d7bf4
0x6e3d7bf9
0x6e3d7c02
0x6e3d7c0a
0x6e3d7c0f
0x6e3d7c17
0x6e3d7c19
0x6e3d7c1b
0x6e3d7c1c
0x6e3d7c21
0x6e3d7c21
0x6e3d7c38
0x6e3d7c3a
0x6e3d7bca
0x6e3d7bca
0x6e3d7bd1
0x6e3d7bdd
0x6e3d7bdd
0x6e3d7c3f
0x6e3d7c43
0x6e3d7c51
0x6e3d7c60
0x6e3d7c60
0x6e3d7b2d
0x6e3d7b04
0x6e3d7b04
0x6e3d7b0d
0x6e3d7b1c
0x6e3d7b1c

APIs

GetLocalTime.KERNEL32(?), ref: 6E3D7B5B

Strings

[%04d-%02d-%02d %02d:%02d:%02d.%03d] , xrefs: 6E3D7B8F
\Xv", xrefs: 6E3D7BE1, 6E3D7C3F, 6E3D7BCA, 6E3D7BD5, 6E3D7BEB

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: LocalTime
String ID: [%04d-%02d-%02d %02d:%02d:%02d.%03d] $\Xv"
API String ID: 481472006-2337058267
Opcode ID: b5fb9173ffee9139fbdcb96f3544f00e43db023d433c9b173ed39c1c738ad480
Instruction ID: ca09ca710d2ba7355c6b9de352cb7e7bb6e4038e1e54c932e90760f27528769a
Opcode Fuzzy Hash: b5fb9173ffee9139fbdcb96f3544f00e43db023d433c9b173ed39c1c738ad480
Instruction Fuzzy Hash: 99411C765183419FD724DF94C890BABB3E9EF88718F008D1DF4DA87290E7399548CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D7C70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112
timeCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E6E3D7C70(void* __ebx, void* __edi, void* __ebp, void** _a4, intOrPtr _a8, char _a12) {
				intOrPtr _v4;
				char _v12;
				char _v20;
				struct _SYSTEMTIME _v288;
				intOrPtr _v292;
				char _v296;
				void* _v300;
				char _v304;
				char _v308;
				void* __esi;
				signed int _t40;
				intOrPtr _t44;
				void* _t50;
				intOrPtr _t56;
				void* _t65;
				void* _t91;
				void** _t93;
				void* _t95;
				void* _t98;
				signed int _t99;

				_t91 = __edi;
				_t65 = __ebx;
				_push(0xffffffff);
				_push(E6E3F9F26);
				_push( *[fs:0x0]);
				_t99 = _t98 - 0x11c;
				_t40 =  *0x6e405204; // 0x2276585c
				_push(_t40 ^ _t99);
				 *[fs:0x0] =  &_v12;
				if(_a8 != 0) {
					_t93 = _a4;
					__eflags =  *((intOrPtr*)(_t93 + 8));
					if( *((intOrPtr*)(_t93 + 8)) == 0) {
						goto L1;
					} else {
						__eflags =  *_t93;
						if( *_t93 == 0) {
							goto L1;
						} else {
							_t44 =  *0x6e406514; // 0x6e3fc5e4
							_t6 = _t44 + 0xc; // 0x6e3e24bc
							_t87 =  *_t6;
							_v296 =  *((intOrPtr*)( *_t6))() + 0x10;
							__eflags =  *((intOrPtr*)(_t93 + 4));
							_v4 = 0;
							if( *((intOrPtr*)(_t93 + 4)) != 0) {
								GetLocalTime( &_v288);
								_push(_v288.wMilliseconds & 0x0000ffff);
								_push(_v288.wSecond & 0x0000ffff);
								_push(_v288.wMinute & 0x0000ffff);
								_push(_v288.wHour & 0x0000ffff);
								_push(_v288.wDay & 0x0000ffff);
								_push(_v288.wMonth & 0x0000ffff);
								_t87 =  &_v296;
								E6E3D7980( &_v296, "[%04d-%02d-%02d %02d:%02d:%02d.%03d] ", _v288.wYear & 0x0000ffff);
								_t99 = _t99 + 0x24;
							}
							_push( &_a12);
							_push(_a8);
							E6E3D76D0( &_v296);
							E6E3D79A0(_t91, 0x6e3fb8c4);
							__eflags =  *((intOrPtr*)(_t93 + 0xc));
							_t24 =  &_v308; // 0x2276585c
							_t50 =  *_t24;
							if( *((intOrPtr*)(_t93 + 0xc)) == 0) {
								_t95 = E6E3D70B0(_t93, _t50,  *((intOrPtr*)(_t50 - 0xc)));
							} else {
								_v288.wHour =  &(_v288.wSecond);
								E6E3D3370(_t50,  &(_v288.wHour),  &(_v288.wSecond), _t50, 3);
								_v20 = 1;
								E6E3D7A20(_v288.wYear);
								_t56 = _v292;
								_t87 =  &_v288;
								__eflags = _t56 -  &_v288;
								if(__eflags != 0) {
									_push(_t56);
									E6E3E27B2(_t65, _t91, _t93, __eflags);
									_t99 = _t99 + 4;
								}
								_t95 = E6E3D70B0(_t93, _v300,  *((intOrPtr*)(_v300 - 0xc)) +  *((intOrPtr*)(_v300 - 0xc)));
								E6E3D4ED0( &_v308, _t87);
							}
							_t37 =  &_v304; // 0x2276585c
							E6E3D4ED0(_t37, _t87);
							 *[fs:0x0] = _v20;
							return _t95;
						}
					}
				} else {
					L1:
					 *[fs:0x0] = _v12;
					return 0;
				}
			}

0x6e3d7c70
0x6e3d7c70
0x6e3d7c70
0x6e3d7c72
0x6e3d7c7d
0x6e3d7c7e
0x6e3d7c85
0x6e3d7c8c
0x6e3d7c94
0x6e3d7ca2
0x6e3d7cbd
0x6e3d7cc4
0x6e3d7cc8
0x00000000
0x6e3d7cca
0x6e3d7cca
0x6e3d7ccd
0x00000000
0x6e3d7ccf
0x6e3d7ccf
0x6e3d7cd4
0x6e3d7cd4
0x6e3d7ce1
0x6e3d7ce5
0x6e3d7ce9
0x6e3d7cf4
0x6e3d7cfb
0x6e3d7d10
0x6e3d7d16
0x6e3d7d1c
0x6e3d7d22
0x6e3d7d28
0x6e3d7d29
0x6e3d7d2b
0x6e3d7d35
0x6e3d7d3a
0x6e3d7d3a
0x6e3d7d4b
0x6e3d7d4c
0x6e3d7d51
0x6e3d7d5f
0x6e3d7d64
0x6e3d7d68
0x6e3d7d68
0x6e3d7d6c
0x6e3d7dd8
0x6e3d7d6e
0x6e3d7d79
0x6e3d7d7d
0x6e3d7d8b
0x6e3d7d93
0x6e3d7d98
0x6e3d7d9c
0x6e3d7da0
0x6e3d7da2
0x6e3d7da4
0x6e3d7da5
0x6e3d7daa
0x6e3d7daa
0x6e3d7dc3
0x6e3d7dc5
0x6e3d7dc5
0x6e3d7dda
0x6e3d7dde
0x6e3d7dec
0x6e3d7dfb
0x6e3d7dfb
0x6e3d7ccd
0x6e3d7ca4
0x6e3d7ca4
0x6e3d7cad
0x6e3d7cbc
0x6e3d7cbc

APIs

GetLocalTime.KERNEL32(?), ref: 6E3D7CFB

Strings

\Xv", xrefs: 6E3D7D68, 6E3D7DDA, 6E3D7D74, 6E3D7DD0
[%04d-%02d-%02d %02d:%02d:%02d.%03d] , xrefs: 6E3D7D2F

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: LocalTime
String ID: [%04d-%02d-%02d %02d:%02d:%02d.%03d] $\Xv"
API String ID: 481472006-2337058267
Opcode ID: f0399c55d106ec9d33db9adefe08eaef0c7bf38a152d809737bfc58a6a135868
Instruction ID: 1ca76b5dd54cb82ea7cfe383e7a9855371a47c461850092ec51c5a721c04661d
Opcode Fuzzy Hash: f0399c55d106ec9d33db9adefe08eaef0c7bf38a152d809737bfc58a6a135868
Instruction Fuzzy Hash: 59412DB21083519FD714DB54C894BABB3E9EB88718F008D1DF49687280E739A948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E534F77 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 6E52CBF1: GetLastError.KERNEL32(?,000000FF,6E51A631,000000FF,00000007,?,6E51AD1B,000000FF,00000007,000000FF,?), ref: 6E52CBF5
Part of subcall function 6E52CBF1: _free.LIBCMT ref: 6E52CC28
Part of subcall function 6E52CBF1: SetLastError.KERNEL32(00000000,00000007,000000FF,?), ref: 6E52CC69
Part of subcall function 6E52CBF1: _abort.LIBCMT ref: 6E52CC6F

Part of subcall function 6E535096: _abort.LIBCMT ref: 6E5350C8
Part of subcall function 6E535096: _free.LIBCMT ref: 6E5350FC

Part of subcall function 6E534D0B: GetOEMCP.KERNEL32(00000000,?,?,6E534F94,?), ref: 6E534D36

_free.LIBCMT ref: 6E534FEF
_free.LIBCMT ref: 6E535025

Strings

PkVn, xrefs: 6E535019

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: _free$ErrorLast_abort
String ID: PkVn
API String ID: 2991157371-3894428402
Opcode ID: afa22a35f77dbb71ba9846435e6dde64995e13a3e11754978084cb1e80ff5414
Instruction ID: eedaac2336fc4714692734a67dcf69acdca8ef554b19f01f37bd02d654be8132
Opcode Fuzzy Hash: afa22a35f77dbb71ba9846435e6dde64995e13a3e11754978084cb1e80ff5414
Instruction Fuzzy Hash: 0B31A135908218AFDB10DBE9D440BAD77F8EF81329F354499E5049B2A0FB739D42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E536D86 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E536FE1,?,00000050,?,?,?,?,?), ref: 6E536E61

Strings

ACP, xrefs: 6E536DA4
OCP, xrefs: 6E536DDA

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: 6aad336032090164593bb80054de3688267dc202405c0ca29ca338756eb57c0f
Instruction ID: 2083b50462a7d09629f8b3211716f028128acbf85957b50b54da4a3d4534b204
Opcode Fuzzy Hash: 6aad336032090164593bb80054de3688267dc202405c0ca29ca338756eb57c0f
Instruction Fuzzy Hash: 6F2108A2A34321AAE750CEE9C9007A773EADF40B25F72882EE904D7244F7B1D904D390

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D7890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E6E3D7890(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, short _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _t23;
				short _t25;
				intOrPtr _t37;
				intOrPtr* _t42;
				intOrPtr _t45;
				short _t54;
				void* _t56;
				signed int _t57;
				signed int _t62;
				intOrPtr _t63;
				signed int _t66;
				void* _t68;

				_t56 = __edi;
				_push(__ebx);
				_push(__ebp);
				_t42 = __ecx;
				_t23 =  *__ecx;
				_t45 = _a4;
				_t66 =  *(_t23 - 0xc);
				_push(__esi);
				_t24 = _a8;
				_t62 = _t45 - _t23 >> 1;
				if(_a8 < 0) {
					_t24 = E6E3D30B0(__ecx, __edi, _t62, _t66, 0x80070057);
				}
				if(_t45 != 0) {
					_t25 = E6E3E4196(_t45, _t24);
					_t68 = _t68 + 8;
					_a8 = _t25;
					_t54 = _t25;
				} else {
					_t54 = 0;
					_a8 = 0;
				}
				if(0x7fffffff - _t54 < _t66) {
					E6E3D30B0(_t42, _t56, _t62, _t66, 0x80070057);
				}
				_push(_t56);
				_t57 = _t54 + _t66;
				if((0x00000001 -  *((intOrPtr*)( *_t42 - 0x10 + 0xc)) |  *((intOrPtr*)( *_t42 - 0x10 + 8)) - _t57) < 0) {
					_push(_t57);
					E6E3D7400(_t42);
					_t54 = _a4;
				}
				_t49 =  *_t42;
				_t63 =  *_t42 + _t62 * 2;
				if(_t62 > _t66) {
					_t63 = _a4;
				}
				E6E3E2DC5(_t42, _t49 + _t66 * 2, _t49 + _t66 * 2, _t54 + _t54, _t63, _t54 + _t54);
				if(_t57 < 0) {
					L14:
					E6E3D30B0(_t42, _t57, _t63, _t66, 0x80070057);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push( &_v8);
					_push(_v12);
					return E6E3D7650(_v16);
				} else {
					_t37 =  *_t42;
					if(_t57 >  *((intOrPtr*)(_t37 - 8))) {
						goto L14;
					} else {
						 *(_t37 - 0xc) = _t57;
						 *((short*)( *_t42 + _t57 * 2)) = 0;
						return 0;
					}
				}
			}

0x6e3d7890
0x6e3d7890
0x6e3d7891
0x6e3d7892
0x6e3d7894
0x6e3d7896
0x6e3d789a
0x6e3d789d
0x6e3d78a2
0x6e3d78a6
0x6e3d78aa
0x6e3d78b1
0x6e3d78b1
0x6e3d78b8
0x6e3d78c4
0x6e3d78c9
0x6e3d78cc
0x6e3d78d0
0x6e3d78ba
0x6e3d78ba
0x6e3d78bc
0x6e3d78bc
0x6e3d78db
0x6e3d78e2
0x6e3d78e2
0x6e3d78f7
0x6e3d78f8
0x6e3d78ff
0x6e3d7901
0x6e3d7904
0x6e3d7909
0x6e3d7909
0x6e3d790d
0x6e3d7911
0x6e3d7914
0x6e3d7916
0x6e3d7916
0x6e3d7924
0x6e3d792e
0x6e3d7949
0x6e3d794e
0x6e3d7953
0x6e3d7954
0x6e3d7955
0x6e3d7956
0x6e3d7957
0x6e3d7958
0x6e3d7959
0x6e3d795a
0x6e3d795b
0x6e3d795c
0x6e3d795d
0x6e3d795e
0x6e3d795f
0x6e3d7968
0x6e3d7969
0x6e3d7973
0x6e3d7930
0x6e3d7930
0x6e3d7935
0x00000000
0x6e3d7937
0x6e3d7937
0x6e3d793e
0x6e3d7946
0x6e3d7946
0x6e3d7935

APIs

_wcsnlen.LIBCMT ref: 6E3D78C4
_memcpy_s.LIBCMT ref: 6E3D7924

Part of subcall function 6E3D30B0: __CxxThrowException@8.LIBCMT ref: 6E3D30C2
Part of subcall function 6E3D30B0: GetLastError.KERNEL32(6E3D75C2,6E401DA8,6E3D75C2,80070057), ref: 6E3D30D0

Strings

\Xv", xrefs: 6E3D789D

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ErrorException@8LastThrow_memcpy_s_wcsnlen
String ID: \Xv"
API String ID: 798228951-1849003930
Opcode ID: c5628557f9d1ae9a769d841715d5e1d1e6596281166857b3a42f2cb900b31dc5
Instruction ID: a4f9dc8a0a7941d0b8177af5f9b147954b844ab74c46d7882b2b4af0cee3c4ef
Opcode Fuzzy Hash: c5628557f9d1ae9a769d841715d5e1d1e6596281166857b3a42f2cb900b31dc5
Instruction Fuzzy Hash: 4721A7736101158FC704CFADD884D5AB3E9EF85314B008A6DE985EB295EB31EC19C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E6990 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(80000002,SOFTWARE\LdsLite,InstallDate,00000001,?,00000104), ref: 6E4E6A1D

Part of subcall function 6E4E6760: GetProcessHeap.KERNEL32(E97A779A,?,6E53CB2C,000000FF,?,6E4F7925,E97A779A,0000006C,0000009C), ref: 6E4E679A

Part of subcall function 6E4E91E0: FindResourceExW.KERNEL32(00000000,00000006,[jNn,00000000,00000000,?,?,?,6E4E6A5B,?), ref: 6E4E921E
Part of subcall function 6E4E91E0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,6E4E6A5B,?), ref: 6E4E9267

Strings

InstallDate, xrefs: 6E4E6A0E
SOFTWARE\LdsLite, xrefs: 6E4E6A13

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: FindResource$HeapProcessValue
String ID: InstallDate$SOFTWARE\LdsLite
API String ID: 2870785007-2510805541
Opcode ID: 8e010385e13a892f3b872fd3751f42bada1fb165445aaf65b563f956304fde46
Instruction ID: a72bc4a75749acf12ba27d11459732dde0528a9bbfe490be053ec98213cd098f
Opcode Fuzzy Hash: 8e010385e13a892f3b872fd3751f42bada1fb165445aaf65b563f956304fde46
Instruction Fuzzy Hash: 3531B17094011DEFDB14DFA4C848FEAB7B8EB04708F0045EEE509AB681DB759A45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D4DB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E3D4DB0(void* __eflags) {
				unsigned int _t11;
				void* _t18;
				struct HINSTANCE__* _t19;
				void* _t20;
				void* _t21;

				_t18 = 0;
				_t19 = E6E3E26B4(0x6e406530, 0);
				_t1 = _t18 + 1; // 0x1
				_t20 = _t1;
				if(_t19 == 0) {
					L6:
					return 0;
				} else {
					_t11 =  *(_t21 + 0x14);
					while(_t18 == 0) {
						if(FindResourceExW(_t19, 6, (_t11 >> 0x00000004) + 0x00000001 & 0x0000ffff,  *(_t21 + 0x18)) == 0) {
							L5:
							_t19 = E6E3E26B4(0x6e406530, _t20);
							_t20 = _t20 + 1;
							if(_t19 != 0) {
								continue;
							} else {
								goto L6;
							}
						} else {
							_t18 = E6E3D4D40(_t19, _t7, _t11);
							_t21 = _t21 + 0xc;
							if(_t18 != 0) {
								return _t19;
							} else {
								goto L5;
							}
						}
						goto L8;
					}
					goto L6;
				}
				L8:
			}

0x6e3d4db4
0x6e3d4dc1
0x6e3d4dc3
0x6e3d4dc3
0x6e3d4dc8
0x6e3d4e16
0x6e3d4e19
0x6e3d4dca
0x6e3d4dca
0x6e3d4dd0
0x6e3d4dee
0x6e3d4e01
0x6e3d4e0c
0x6e3d4e0e
0x6e3d4e11
0x00000000
0x00000000
0x00000000
0x00000000
0x6e3d4df0
0x6e3d4df8
0x6e3d4dfa
0x6e3d4dff
0x6e3d4e20
0x00000000
0x00000000
0x00000000
0x6e3d4dff
0x00000000
0x6e3d4dee
0x00000000
0x6e3d4dd0
0x00000000

APIs

Part of subcall function 6E3E26B4: EnterCriticalSection.KERNEL32(6E406544,00000000,?,?,6E3D4DC1,00000000,?,?,?,?,6E3D7A80,?,00000000), ref: 6E3E26C1
Part of subcall function 6E3E26B4: LeaveCriticalSection.KERNEL32(6E406544,?,?,6E3D4DC1,00000000,?,?,?,?,6E3D7A80,?,00000000), ref: 6E3E26DD

FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,6E3D7A80,?,00000000), ref: 6E3D4DE6

Part of subcall function 6E3D4D40: LoadResource.KERNEL32(?,?,00000000,?,6E3D4DF8,00000000,00000000,?,?,00000000,00000000,?,?,?,?,6E3D7A80), ref: 6E3D4D4C

Strings

0e@n, xrefs: 6E3D4DB7
0e@n, xrefs: 6E3D4E02

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CriticalResourceSection$EnterFindLeaveLoad
String ID: 0e@n$0e@n
API String ID: 1986744039-4139981316
Opcode ID: 2aff87e4930488c391b82f9043e7c73a10592175eccf3e8842b770e06e035b9d
Instruction ID: 1d18ba42be87e52bf7304eb9d997af0aa90a2c0da1e636739460fc9a9c08ee1d
Opcode Fuzzy Hash: 2aff87e4930488c391b82f9043e7c73a10592175eccf3e8842b770e06e035b9d
Instruction Fuzzy Hash: 42F028B37556322762215AE5BC40E7BE3ADCAC1AB5702013AF896CB748DF529C1A42F1

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D3270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E3D3270(void* __ebx, void* __edx, void* __edi, void* __ebp, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* __esi;
				intOrPtr _t6;
				intOrPtr _t11;
				void* _t13;
				intOrPtr _t14;
				intOrPtr* _t16;
				void* _t18;

				_t17 = __ebp;
				_t13 = __edi;
				_t10 = __ebx;
				_t1 =  &_a4; // 0x2276585c
				_t16 =  *_t1;
				if(_t16 == 0) {
					E6E3D30B0(__ebx, __edi, _t16, __ebp, 0x80070057);
				}
				_t11 = _a8;
				if(_t11 < 0) {
					E6E3D30B0(_t10, _t13, _t16, _t17, 0x80070057);
				}
				_push(_t13);
				_t14 = _a12;
				if(_t14 == 0) {
					E6E3D30B0(_t10, _t14, _t16, _t17, 0x80070057);
				}
				_t6 =  *_t16;
				if(_t6 == _t14) {
					L14:
					_t26 = _t11 - _a16;
					if(_t11 <= _a16) {
						goto L11;
					} else {
						_t6 = E6E3E34AB(_t11, _t26, _t11, 2);
						_t18 = _t18 + 8;
						goto L16;
					}
					L18:
				} else {
					if(_t11 <= _a16) {
						L10:
						_push(_t6);
						_t6 = E6E3E27B2(_t10, _t14, _t16, _t24);
						_t18 = _t18 + 4;
						L11:
						 *_t16 = _t14;
					} else {
						_t6 = E6E3E34EB(_t14, _t16, _t6, _t11, 2);
						_t18 = _t18 + 0xc;
						_t24 = _t6;
						if(_t6 != 0) {
							L16:
							 *_t16 = _t6;
						} else {
							_t6 = E6E3D30B0(_t10, _t14, _t16, _t17, 0x8007000e);
							goto L10;
						}
					}
				}
				if( *_t16 == 0) {
					_t6 = E6E3D30B0(_t10, _t14, _t16, _t17, 0x8007000e);
					goto L14;
				}
				return _t6;
				goto L18;
			}

0x6e3d3270
0x6e3d3270
0x6e3d3270
0x6e3d3271
0x6e3d3271
0x6e3d3277
0x6e3d327e
0x6e3d327e
0x6e3d3283
0x6e3d3289
0x6e3d3290
0x6e3d3290
0x6e3d3295
0x6e3d3296
0x6e3d329c
0x6e3d32a3
0x6e3d32a3
0x6e3d32a8
0x6e3d32ac
0x6e3d32e8
0x6e3d32e8
0x6e3d32ec
0x00000000
0x6e3d32ee
0x6e3d32f1
0x6e3d32f6
0x00000000
0x6e3d32f6
0x00000000
0x6e3d32ae
0x6e3d32b2
0x6e3d32ce
0x6e3d32ce
0x6e3d32cf
0x6e3d32d4
0x6e3d32d7
0x6e3d32d7
0x6e3d32b4
0x6e3d32b8
0x6e3d32bd
0x6e3d32c0
0x6e3d32c2
0x6e3d32f9
0x6e3d32f9
0x6e3d32c4
0x6e3d32c9
0x00000000
0x6e3d32c9
0x6e3d32c2
0x6e3d32b2
0x6e3d32dc
0x6e3d32e3
0x00000000
0x6e3d32e3
0x6e3d32ff
0x00000000

APIs

__recalloc.LIBCMT ref: 6E3D32B8
_calloc.LIBCMT ref: 6E3D32F1

Part of subcall function 6E3D30B0: __CxxThrowException@8.LIBCMT ref: 6E3D30C2
Part of subcall function 6E3D30B0: GetLastError.KERNEL32(6E3D75C2,6E401DA8,6E3D75C2,80070057), ref: 6E3D30D0

Strings

\Xv", xrefs: 6E3D3271

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ErrorException@8LastThrow__recalloc_calloc
String ID: \Xv"
API String ID: 779945959-1849003930
Opcode ID: 06b652c83eb77bc77e1b05e4accd479805d262b061d258f7e930226702f2463c
Instruction ID: 50655caf9fe2362cb1ff045df03c75ba1c70d4f1cb5411ef00f2438087e77232
Opcode Fuzzy Hash: 06b652c83eb77bc77e1b05e4accd479805d262b061d258f7e930226702f2463c
Instruction Fuzzy Hash: 4A01B173A14206EAC5119FE0EC0DF5A62A89F50328F208D1DE9C576200E736DC9C8BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D71F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E3D71F0(void* __ebx, void* __edx, void* __edi, void* __ebp, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* __esi;
				intOrPtr _t6;
				intOrPtr _t11;
				void* _t13;
				intOrPtr _t14;
				intOrPtr* _t16;
				void* _t18;

				_t17 = __ebp;
				_t13 = __edi;
				_t10 = __ebx;
				_t1 =  &_a4; // 0x2276585c
				_t16 =  *_t1;
				if(_t16 == 0) {
					E6E3D30B0(__ebx, __edi, _t16, __ebp, 0x80070057);
				}
				_t11 = _a8;
				if(_t11 < 0) {
					E6E3D30B0(_t10, _t13, _t16, _t17, 0x80070057);
				}
				_push(_t13);
				_t14 = _a12;
				if(_t14 == 0) {
					E6E3D30B0(_t10, _t14, _t16, _t17, 0x80070057);
				}
				_t6 =  *_t16;
				if(_t6 == _t14) {
					L14:
					_t26 = _t11 - _a16;
					if(_t11 <= _a16) {
						goto L11;
					} else {
						_t6 = E6E3E34AB(_t11, _t26, _t11, 1);
						_t18 = _t18 + 8;
						goto L16;
					}
					L18:
				} else {
					if(_t11 <= _a16) {
						L10:
						_push(_t6);
						_t6 = E6E3E27B2(_t10, _t14, _t16, _t24);
						_t18 = _t18 + 4;
						L11:
						 *_t16 = _t14;
					} else {
						_t6 = E6E3E34EB(_t14, _t16, _t6, _t11, 1);
						_t18 = _t18 + 0xc;
						_t24 = _t6;
						if(_t6 != 0) {
							L16:
							 *_t16 = _t6;
						} else {
							_t6 = E6E3D30B0(_t10, _t14, _t16, _t17, 0x8007000e);
							goto L10;
						}
					}
				}
				if( *_t16 == 0) {
					_t6 = E6E3D30B0(_t10, _t14, _t16, _t17, 0x8007000e);
					goto L14;
				}
				return _t6;
				goto L18;
			}

0x6e3d71f0
0x6e3d71f0
0x6e3d71f0
0x6e3d71f1
0x6e3d71f1
0x6e3d71f7
0x6e3d71fe
0x6e3d71fe
0x6e3d7203
0x6e3d7209
0x6e3d7210
0x6e3d7210
0x6e3d7215
0x6e3d7216
0x6e3d721c
0x6e3d7223
0x6e3d7223
0x6e3d7228
0x6e3d722c
0x6e3d7268
0x6e3d7268
0x6e3d726c
0x00000000
0x6e3d726e
0x6e3d7271
0x6e3d7276
0x00000000
0x6e3d7276
0x00000000
0x6e3d722e
0x6e3d7232
0x6e3d724e
0x6e3d724e
0x6e3d724f
0x6e3d7254
0x6e3d7257
0x6e3d7257
0x6e3d7234
0x6e3d7238
0x6e3d723d
0x6e3d7240
0x6e3d7242
0x6e3d7279
0x6e3d7279
0x6e3d7244
0x6e3d7249
0x00000000
0x6e3d7249
0x6e3d7242
0x6e3d7232
0x6e3d725c
0x6e3d7263
0x00000000
0x6e3d7263
0x6e3d727f
0x00000000

APIs

__recalloc.LIBCMT ref: 6E3D7238
_calloc.LIBCMT ref: 6E3D7271

Part of subcall function 6E3D30B0: __CxxThrowException@8.LIBCMT ref: 6E3D30C2
Part of subcall function 6E3D30B0: GetLastError.KERNEL32(6E3D75C2,6E401DA8,6E3D75C2,80070057), ref: 6E3D30D0

Strings

\Xv", xrefs: 6E3D71F1

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ErrorException@8LastThrow__recalloc_calloc
String ID: \Xv"
API String ID: 779945959-1849003930
Opcode ID: ea913cf0418d1f729798d9c0fb3c19c5b1d39a6ab3516747b22638826bc14101
Instruction ID: 5493ab76f9dc007705b4fe9883e501b0df728c7aae9dd753e4e645c6f0f1f64d
Opcode Fuzzy Hash: ea913cf0418d1f729798d9c0fb3c19c5b1d39a6ab3516747b22638826bc14101
Instruction Fuzzy Hash: 7601D473514246EAC9219FE0AC04F9A72AC9F90368F204D1DF9C576240E7B3D89CCBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6E3DD1E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E3DD1E0(void* __ebx, void* __edi, void* __ebp, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _t11;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t22;

				_t11 = _a8;
				if(_t11 == 0) {
					L12:
					return _t11;
				} else {
					_t19 = _a12;
					if(_t19 != 0x64) {
						if(_t19 != 0x46) {
							if(_t19 != 0xb) {
								if(_t19 == 0x6e) {
									_t20 = _a16;
									if(_t20 != 0) {
										_push(_t20);
										return E6E3D7C70(__ebx, __edi, __ebp, 0x6e4064d8, "[%u] HTTP Redirect %s", _t11);
									}
								}
								goto L12;
							} else {
								_t21 = _a16;
								if(_a16 == 0) {
									goto L12;
								} else {
									return E6E3E50D1(_a20, _t11 + 0x75e8, 0x3f, _t21, _a20);
								}
							}
						} else {
							return SetEvent( *(_t11 + 0x7630));
						}
					} else {
						_t22 = _a16;
						if(_t22 == 0) {
							goto L12;
						} else {
							 *((intOrPtr*)(_t11 + 0x762c)) =  *((intOrPtr*)(_t22 + 4));
							return SetEvent( *(_t11 + 0x7628));
						}
					}
				}
			}

0x6e3dd1e0
0x6e3dd1e6
0x6e3dd272
0x6e3dd272
0x6e3dd1ec
0x6e3dd1ec
0x6e3dd1f3
0x6e3dd219
0x6e3dd22e
0x6e3dd254
0x6e3dd256
0x6e3dd25c
0x6e3dd25e
0x00000000
0x6e3dd26f
0x6e3dd25c
0x00000000
0x6e3dd230
0x6e3dd230
0x6e3dd236
0x00000000
0x6e3dd238
0x6e3dd24e
0x6e3dd24e
0x6e3dd236
0x6e3dd21b
0x6e3dd228
0x6e3dd228
0x6e3dd1f5
0x6e3dd1f5
0x6e3dd1fb
0x00000000
0x6e3dd1fd
0x6e3dd207
0x6e3dd213
0x6e3dd213
0x6e3dd1fb
0x6e3dd1f3

APIs

SetEvent.KERNEL32(?), ref: 6E3DD20D
SetEvent.KERNEL32(?), ref: 6E3DD222

Strings

[%u] HTTP Redirect %s, xrefs: 6E3DD260

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: Event
String ID: [%u] HTTP Redirect %s
API String ID: 4201588131-837369804
Opcode ID: 379b8d98f5a1fdf5778b94de9ba9271ac03c15229c1a7bf3b6560b706c5d1c1e
Instruction ID: 55c5af153b2b05679e1fb915ab010c92b394c8e378d264bc19a2811c4b2ae0f5
Opcode Fuzzy Hash: 379b8d98f5a1fdf5778b94de9ba9271ac03c15229c1a7bf3b6560b706c5d1c1e
Instruction Fuzzy Hash: FA01B5B2A04602AFEA58CBD4C854E3B3374BF81310F51856DE4574B259D732E908CF21

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D60D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E6E3D60D0(void* __ebx, void* __eflags) {
				char _v12;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v76;
				char _v80;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr* _v100;
				intOrPtr _v112;
				signed int _t22;
				signed int _t30;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr _t46;
				intOrPtr* _t49;
				void* _t51;
				signed int _t52;
				void* _t54;

				_t54 = __eflags;
				_push(0xffffffff);
				_push(E6E3F9D38);
				_push( *[fs:0x0]);
				_t52 = _t51 - 0x44;
				_t22 =  *0x6e405204; // 0x2276585c
				_push(_t22 ^ _t52);
				 *[fs:0x0] =  &_v12;
				_v56 = 0xf;
				_v60 = 0;
				_v76 = 0;
				E6E3D59F0(__ebx,  &_v80, "vector<T> too long", 0x12);
				_t6 =  &_v88; // 0x2276585c
				_v12 = 0;
				E6E3D5E40(_t54, _t6);
				_t40 =  &_v64;
				_v64 = 0x6e3fb8bc;
				E6E3E3041(_t40, 0x6e402178);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(0xffffffff);
				_push(E6E3F9D68);
				_push( *[fs:0x0]);
				_push(_t40);
				_t30 =  *0x6e405204; // 0x2276585c
				_push(_t30 ^ _t52);
				 *[fs:0x0] =  &_v96;
				_t49 = _t40;
				_v100 = _t49;
				_t46 = _v80;
				E6E3E2F20(_t40, _t46);
				_t41 = _t49 + 0xc;
				 *_t49 = 0x6e3fb8b0;
				_t15 = _t46 + 0xc; // 0xc
				 *((intOrPtr*)(_t41 + 0x18)) = 0xf;
				 *((intOrPtr*)(_t41 + 0x14)) = 0;
				_v92 = 0;
				 *((char*)(_t41 + 4)) = 0;
				E6E3D5910(_t41, _t15, 0, 0xffffffff);
				 *[fs:0x0] = _v112;
				return _t49;
			}

0x6e3d60d0
0x6e3d60d0
0x6e3d60d2
0x6e3d60dd
0x6e3d60de
0x6e3d60e1
0x6e3d60e8
0x6e3d60ed
0x6e3d60fe
0x6e3d6106
0x6e3d610e
0x6e3d6113
0x6e3d6118
0x6e3d6121
0x6e3d6129
0x6e3d6133
0x6e3d6138
0x6e3d6140
0x6e3d6145
0x6e3d6146
0x6e3d6147
0x6e3d6148
0x6e3d6149
0x6e3d614a
0x6e3d614b
0x6e3d614c
0x6e3d614d
0x6e3d614e
0x6e3d614f
0x6e3d6150
0x6e3d6152
0x6e3d615d
0x6e3d615e
0x6e3d6161
0x6e3d6168
0x6e3d616d
0x6e3d6173
0x6e3d6175
0x6e3d6179
0x6e3d617e
0x6e3d6187
0x6e3d618a
0x6e3d6190
0x6e3d6194
0x6e3d619b
0x6e3d619f
0x6e3d61a3
0x6e3d61a6
0x6e3d61b1
0x6e3d61be

APIs

__CxxThrowException@8.LIBCMT ref: 6E3D6140

Part of subcall function 6E3E3041: RaiseException.KERNEL32(?,?,6E3D75C2,6E401DA8,?,?,?,6E3D30C7,6E3D75C2,6E401DA8,6E3D75C2,80070057), ref: 6E3E3083

Strings

\Xv", xrefs: 6E3D6118, 6E3D611C
vector<T> too long, xrefs: 6E3D60F5

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ExceptionException@8RaiseThrow
String ID: \Xv"$vector<T> too long
API String ID: 3976011213-3957682446
Opcode ID: e193479cb4c4eecde7107f2eebb8e8e0683b624de7ab9f2894200b937a977885
Instruction ID: b505f6ba0d58fb0c9509376bfe0929839ec45f9e93d1c4ff453eacd29d71cc2b
Opcode Fuzzy Hash: e193479cb4c4eecde7107f2eebb8e8e0683b624de7ab9f2894200b937a977885
Instruction Fuzzy Hash: DCF01DB1008380EBD305DFA4C544F9BB7E8EB88718F404F2DF1955A680D778D609CB56

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E83B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E6E3E83B3(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t17;
				intOrPtr* _t28;
				void* _t29;

				_t30 = __eflags;
				_t28 = __esi;
				_t27 = __edi;
				_t26 = __edx;
				_t19 = __ebx;
				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
				E6E3E33C1(__ebx, __edx, __edi, __esi, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
				 *((intOrPtr*)(E6E3E8EEA(__ebx, __edx, __edi, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
				_t17 = E6E3E8EEA(_t19, _t26, _t27, _t30);
				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
					_t17 =  *((intOrPtr*)(__esi + 0x14));
					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
								_t17 = E6E3E339A(_t37,  *((intOrPtr*)(_t28 + 0x18)));
								_t38 = _t17;
								if(_t17 != 0) {
									_push( *((intOrPtr*)(_t29 + 0x10)));
									_push(_t28);
									return E6E3E814B(_t38);
								}
							}
						}
					}
				}
				return _t17;
			}

0x6e3e83b3
0x6e3e83b3
0x6e3e83b3
0x6e3e83b3
0x6e3e83b3
0x6e3e83b6
0x6e3e83bc
0x6e3e83ca
0x6e3e83d0
0x6e3e83d8
0x6e3e83e4
0x6e3e83ec
0x6e3e83f4
0x6e3e8408
0x6e3e840a
0x6e3e840e
0x6e3e8413
0x6e3e8419
0x6e3e841b
0x6e3e841d
0x6e3e8420
0x00000000
0x6e3e8427
0x6e3e841b
0x6e3e840e
0x6e3e8408
0x6e3e83f4
0x6e3e8428

APIs

Part of subcall function 6E3E33C1: __getptd.LIBCMT ref: 6E3E33C7
Part of subcall function 6E3E33C1: __getptd.LIBCMT ref: 6E3E33D7

__getptd.LIBCMT ref: 6E3E83C2

Part of subcall function 6E3E8EEA: __getptd_noexit.LIBCMT ref: 6E3E8EED
Part of subcall function 6E3E8EEA: __amsg_exit.LIBCMT ref: 6E3E8EFA

__getptd.LIBCMT ref: 6E3E83D0

Strings

csm, xrefs: 6E3E83DE

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 9a679443bc5add787b5169de5fb328409bd7bde1a93c27c345bc7cd5bb54c2bb
Instruction ID: fe28a45510dd58381343b560a4e537e6ff694ee3dcadbcaacdd0f64997d03609
Opcode Fuzzy Hash: 9a679443bc5add787b5169de5fb328409bd7bde1a93c27c345bc7cd5bb54c2bb
Instruction Fuzzy Hash: 93016934C04326CACB648FE0D450A9DB7F9EF54315F68892FD081A6AA1CB328982CF21

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D8640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E3D8640(void* __ecx, void* __fp0) {
				void* __edi;
				long _t6;
				void* _t10;
				void* _t19;
				void* _t20;

				_t19 = __ecx;
				_t6 = GetTickCount();
				if(_t6 >  *((intOrPtr*)(_t19 + 0x90)) + 0x3e8) {
					 *((intOrPtr*)(_t19 + 0x90)) = GetTickCount();
					_t6 = E6E3D8280(_t19, __fp0);
					if( *(_t19 + 0x538) != 0) {
						E6E3D7C70(_t10, GetTickCount, _t20, 0x6e4064d8, "[%u] callback", _t19);
						_t6 =  *(_t19 + 0x538);
						if(_t6 != 0) {
							return  *((intOrPtr*)( *((intOrPtr*)( *_t6))))(_t6, _t19, _t19 + 0xb4);
						}
					}
				}
				return _t6;
			}

0x6e3d8648
0x6e3d864a
0x6e3d865a
0x6e3d8660
0x6e3d8666
0x6e3d8672
0x6e3d867f
0x6e3d8684
0x6e3d868f
0x00000000
0x6e3d869e
0x6e3d868f
0x6e3d8672
0x6e3d86a2

APIs

GetTickCount.KERNEL32 ref: 6E3D864A
GetTickCount.KERNEL32 ref: 6E3D865C

Part of subcall function 6E3D8280: GetTickCount.KERNEL32 ref: 6E3D8344

Strings

[%u] callback, xrefs: 6E3D8675

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: CountTick
String ID: [%u] callback
API String ID: 536389180-1007728669
Opcode ID: 67de13aa63e8c2ab6283b161e1990ae74f51c0e8fcb71ce6f818592b582284cf
Instruction ID: 106574c1a07529ce4d3de082dd480160d39ff07f273c6d8981177c9115dcb1d1
Opcode Fuzzy Hash: 67de13aa63e8c2ab6283b161e1990ae74f51c0e8fcb71ce6f818592b582284cf
Instruction Fuzzy Hash: 87F0E2716007019FCA649BB5EC50BE7B7ACAF81224F01092AE11AC7350CB30B848CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E4F83F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(80000001,Software\Ludashi,mini_hash_min,00000004,00000000,?), ref: 6E4F8426

Strings

mini_hash_min, xrefs: 6E4F8417
Software\Ludashi, xrefs: 6E4F841C

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Value
String ID: Software\Ludashi$mini_hash_min
API String ID: 3702945584-3584097027
Opcode ID: d86da41c62add7e35f4d87b00c0ceba7687c24bd82e8f4f5da990f6874a37169
Instruction ID: 316a03b28943e6295638ac2e8b4166883e98077b437a3adfb2c05b298dd05256
Opcode Fuzzy Hash: d86da41c62add7e35f4d87b00c0ceba7687c24bd82e8f4f5da990f6874a37169
Instruction Fuzzy Hash: B0E075F490420CFBEB10EE94D945BDEBBFCEB04314F1041A9AD05F3381E774AA589A95

Uniqueness

Uniqueness Score: -1.00%

Function 6E3D8220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6E3D8220(void* __ebx, void* __ecx, void* __ebp, intOrPtr _a4) {
				void* __edi;
				void* _t8;

				_t7 = _a4;
				_push(_a4);
				_t8 = __ecx;
				E6E3D7AD0(__ebx, _t7, __ebp, 0x6e4064d8, L"[%u] SetFilename %s", __ecx);
				_t9 = _t8 + 0x4dc0;
				E6E3E2850(_t7, _t8 + 0x4dc0, 0, 0x800);
				return E6E3E48BA(_t9, _t7, 0x3ff);
			}

0x6e3d8222
0x6e3d8226
0x6e3d8227
0x6e3d8234
0x6e3d823e
0x6e3d8247
0x6e3d825d

APIs

_memset.LIBCMT ref: 6E3D8247
_wcsncpy.LIBCMT ref: 6E3D8253

Strings

[%u] SetFilename %s, xrefs: 6E3D822A

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: _memset_wcsncpy
String ID: [%u] SetFilename %s
API String ID: 1825577869-2091204120
Opcode ID: 083f3a9fe4169645a368429218c962f2ad81316a768eb163a48542805b70adc8
Instruction ID: 908b06c352ecd487edfc7ee7d8fd1c915dc9d022e57634159de72ee3ab6c88d8
Opcode Fuzzy Hash: 083f3a9fe4169645a368429218c962f2ad81316a768eb163a48542805b70adc8
Instruction Fuzzy Hash: 66D05EB79811313AE12112D66C05FDB9A6CCFE6A24F05483BBA483AA805A902D4281FD

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E64C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(80000001,Software\Ludashi,close_sensitive,00000004,00000000,0000009C), ref: 6E4E64F6

Strings

close_sensitive, xrefs: 6E4E64E7
Software\Ludashi, xrefs: 6E4E64EC

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Value
String ID: Software\Ludashi$close_sensitive
API String ID: 3702945584-1866811741
Opcode ID: f6ab5d627433d1ebcd1a1dec8f2ce9be46bafbe8190e77692c554225ac2d2457
Instruction ID: faa16b3d6f8636e31cbc733edafa0267af0652419e238ae2b3e070c41aaa328f
Opcode Fuzzy Hash: f6ab5d627433d1ebcd1a1dec8f2ce9be46bafbe8190e77692c554225ac2d2457
Instruction Fuzzy Hash: E6E092B484020CFBDB11EEC0D944FDEBBBCEB04314F104296AD05B3341D7746B598A95

Uniqueness

Uniqueness Score: -1.00%

Function 6E4E65A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON

Download Yara Rule

APIs

SHGetValueW.SHLWAPI(80000001,Software\Ludashi,delaytime_unit,00000004,00000000,?), ref: 6E4E65D6

Strings

delaytime_unit, xrefs: 6E4E65C7
Software\Ludashi, xrefs: 6E4E65CC

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: Value
String ID: Software\Ludashi$delaytime_unit
API String ID: 3702945584-4046209200
Opcode ID: 7a62f14cb820d69573d21ff9a45eb4b02e05f832acbc4d06962f5dd0507e82cf
Instruction ID: 489b1e91e4143f131d65d7b16e98a705d820582664324c21cb32d94afb99a698
Opcode Fuzzy Hash: 7a62f14cb820d69573d21ff9a45eb4b02e05f832acbc4d06962f5dd0507e82cf
Instruction Fuzzy Hash: 15E092B484020CFBDB10DEC0D948FDEBBFCEB04314F104296AD04B2341D7746B598A95

Uniqueness

Uniqueness Score: -1.00%

Function 6E3E2360 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 86%

			E6E3E2360(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t15;
				intOrPtr* _t19;
				void* _t20;
				void* _t23;

				_push(0x44);
				E6E3E555B(E6E3FAB4B, __ebx, __edi, __esi);
				_t1 = _t23 - 0x28; // 0xd7
				E6E3D5FC0(_t1, "invalid string position");
				 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
				_t4 = _t23 - 0x28; // 0xd7
				_t5 = _t23 - 0x50; // 0xaf
				_t19 = _t5;
				E6E3DFA20(_t19, _t4);
				_t6 = _t23 - 0x50; // 0xaf
				_t15 = E6E3E3041(_t6, 0x6e402e94);
				asm("int3");
				 *_t19 = 0x6e3fc5d0;
				if( *((char*)(_t19 + 8)) != 0) {
					_t20 =  *(_t19 + 4);
					if(_t20 != 0) {
						return HeapDestroy(_t20);
					}
				}
				return _t15;
			}

0x6e3e2360
0x6e3e2367
0x6e3e2371
0x6e3e2374
0x6e3e2379
0x6e3e237d
0x6e3e2381
0x6e3e2381
0x6e3e2384
0x6e3e238e
0x6e3e2392
0x6e3e2397
0x6e3e239c
0x6e3e23a2
0x6e3e23a4
0x6e3e23a9
0x00000000
0x6e3e23ac
0x6e3e23a9
0x6e3e23b2

APIs

__EH_prolog3.LIBCMT ref: 6E3E2367
__CxxThrowException@8.LIBCMT ref: 6E3E2392

Part of subcall function 6E3E3041: RaiseException.KERNEL32(?,?,6E3D75C2,6E401DA8,?,?,?,6E3D30C7,6E3D75C2,6E401DA8,6E3D75C2,80070057), ref: 6E3E3083

Strings

invalid string position, xrefs: 6E3E236C

Memory Dump Source

Source File: 0000000E.00000002.2370545283.000000006E3D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 6E3D0000, based on PE: true

Associated: 0000000E.00000002.2370501847.000000006E3D0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371078507.000000006E3FB000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371296559.000000006E405000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 0000000E.00000002.2371402177.000000006E409000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e3d0000_MiniNews.jbxd

Similarity

API ID: ExceptionException@8H_prolog3RaiseThrow
String ID: invalid string position
API String ID: 1961742612-1799206989
Opcode ID: 25a2fc2a6723c4da43f58785247c475c8401a108b16999cb6c130acd05fcb553
Instruction ID: e228c161bf518085fbd07bdefe8f7199139eeb7caed4a1a24a256b8cce7e1c0a
Opcode Fuzzy Hash: 25a2fc2a6723c4da43f58785247c475c8401a108b16999cb6c130acd05fcb553
Instruction Fuzzy Hash: 8AD06772950128EACB04DBE0CC94FEDB77CAF18315F541C26E242AE594DB74AB4A8B64

Uniqueness

Uniqueness Score: -1.00%

Function 6E506193 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E50619F

Part of subcall function 6E5060DC: std::exception::exception.LIBCONCRT ref: 6E5060E9

__CxxThrowException@8.LIBVCRUNTIME ref: 6E5061AD

Part of subcall function 6E516592: RaiseException.KERNEL32(?,?,?,6E515584,?,?,?,?,?,?,?,?,6E515584,?,6E563204), ref: 6E5165F2

Strings

bad function call, xrefs: 6E5061B3

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
String ID: bad function call
API String ID: 1586462112-3612616537
Opcode ID: dfe0c25a6886ea9a8717944ede004b816b02d7471d0298c4d8ed208b5792b421
Instruction ID: db6e1329abdbafb521d821934d8ec3b753879d1e222bd686516132ad7b108c9b
Opcode Fuzzy Hash: dfe0c25a6886ea9a8717944ede004b816b02d7471d0298c4d8ed208b5792b421
Instruction Fuzzy Hash: 5FC0123CC1420CB7CB14F6E4C8149CD77FC5A44104FC08461A61097555E7B1AA18C681

Uniqueness

Uniqueness Score: -1.00%

Function 6E50C510 Relevance: 5.2, APIs: 4, Instructions: 172COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,E97A779A), ref: 6E50C554
LeaveCriticalSection.KERNEL32(?,E97A779A), ref: 6E50C621
CloseHandle.KERNEL32(?,E97A779A), ref: 6E50C65C
LeaveCriticalSection.KERNEL32(?,E97A779A), ref: 6E50C678

Part of subcall function 6E506156: __CxxThrowException@8.LIBVCRUNTIME ref: 6E50616D

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: CriticalSection$Leave$CloseEnterException@8HandleThrow
String ID:
API String ID: 554729580-0
Opcode ID: 6703fedf4b829dfd29e7d754d697f0d29e5e99323da6e169d4011b7fb20a742f
Instruction ID: f75d22bd7546784e8946c97c49b4c34d597e513b438ae5b38f4ad4f478d4e20c
Opcode Fuzzy Hash: 6703fedf4b829dfd29e7d754d697f0d29e5e99323da6e169d4011b7fb20a742f
Instruction Fuzzy Hash: 73615974A00606CFDB18CF99C194B6AB7F5FF49314F15465DE81A9B751CB34E980CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E4ECA20 Relevance: 5.1, APIs: 4, Instructions: 148COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000003,00000000,6E4ED672,6E4ED674,?,6E4ED674,?,?,6E4ED672,?), ref: 6E4ECA6E
GetLastError.KERNEL32(?,6E4ED672,?,?,?,?,?,?,?,?,?,?,6E53D907,000000FF), ref: 6E4ECA7F
MultiByteToWideChar.KERNEL32(00000003,00000000,6E4ED672,?,00000000,00000000,?,6E4ED672,?), ref: 6E4ECA97
MultiByteToWideChar.KERNEL32(00000003,00000000,6E4ED672,?,?,00000000,?,?,?,?,?,?,6E4ED672,?), ref: 6E4ECABD

Memory Dump Source

Source File: 0000000E.00000002.2371585883.000000006E4E1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6E4E0000, based on PE: true

Associated: 0000000E.00000002.2371507694.000000006E4E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373281942.000000006E544000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2373891215.000000006E565000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.2374074776.000000006E56A000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6e4e0000_MiniNews.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 673d5a306bcb480c3f1a58e952364a1b79bc6751e6d301f15886fb392d280d3f
Instruction ID: 52bdc34a07b451b61a137ecd7601fbd9d3060ab2a68724ba5aefc1c7d94f0c72
Opcode Fuzzy Hash: 673d5a306bcb480c3f1a58e952364a1b79bc6751e6d301f15886fb392d280d3f
Instruction Fuzzy Hash: E9412776600206BFD7108FA8CC81FAABBACEF45755F10462AF9119BA80EB715D0087E0

Uniqueness

Uniqueness Score: -1.00%

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use bootkits to persist on systems. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
Tactics:	Defense Evasion, Persistence
Data Sources:	API monitoring, MBR, VBR
Platforms:	Linux, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Temp\{F3FCDC60-415D-413c-8D13-838A625F6F57}.tmp

C:\Users\user\AppData\Roaming\lds\lds.set

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\awake_title.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\awake_title_wide.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_add.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_bkg.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_icon.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_menu_bar.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_nopop_bkg.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_report_bkg.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_shortcut_bkg.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_shortcut_later.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_shortcut_now.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_tab.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_tab2.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\news_tab_icon.png

C:\Users\user\AppData\Roaming\xundu\Mininews\newsui\MininewsRes\360Desktop\product.ico

Windows Analysis Report
http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre